Entire Section | CBUAE Rulebook

Other Regulated Entities

Exchange Houses

Regulations Re Licensing and Monitoring of Exchange Business
N 1/2014 Effective from 3/1/2014

_{This Regulation has been amended by the central Bank Board of Directors Resolution No 61/6/2016, and Circular No 19/2021 respectively. Please find the PDF of previous version on the table below..}.
Version 2 (consolidated as of 05/12/2021)
Version 1 (effective from 03/01/2014)

Introduction
Having perused the provisions of Union Law No. (10) of 1980 concerning the Central Bank, the Monetary System and Organization of Banking;
Board of Directors' following Resolutions:
1- Resolution No. 31/2/1986 issued on 16/7/1986, regarding organization of the foreign exchange profession in the UAE.

2- Resolution No. 123/7/92 issued on 29/11/1992, regarding regulating of money changing business in the UAE

3- Resolution No. 204/7/98 issued on 03/11/1998.

4- Resolution No. 15/2/2013 issued on 12/03/2013, regarding new requirements for licensing of money changing business.
Circular No. 24/2000 - Regulation concerning Procedures for Anti-Money Laundering.
The Central Bank's Board of Directors has decided to issue these Regulations.

Objective
The objective of these Regulations is to regulate and enhance exchange business profession, support its geographical spread and facilitate the provision of exchange services throughout the UAE based on solid foundations.

Article (1): Definitions
1.1 For the purposes of these Regulations:
1. "Licensed person"; means any natural or juridical person authorised to conduct exchange business under these Regulations.
2. "Licence"; means licence issued by the Central Bank for the carrying out of exchange business.
3. “Exchange Business”; shall mean:
  1. Dealing in sale and purchase of foreign currencies and travelers cheques.
  2. Executing remittance operations in local and foreign currencies.
  3. Payment of wages through establishing a link to the operating system of "wages protection" (WPS).
  4. Other businesses licensed by the Central Bank.
4. "Exempted person"; means any entity which is defined as a "commercial bank" in accordance with Union Law No. (10) of 1980.
5. "Juridical person"; means an established entity in accordance with and recognised by the Federal Laws of the United Arab Emirates and the laws of the Emirate in which it is so incorporated or an entity established in and recognised under the laws of other UAE authorities.
6. “Paid Up Capital”; shall mean cash paid by the owner (or partners) into the account of the entity, as per requirements of these Regulations.
7. “Remittances Intermediate Account” shall mean an account where remittance funds are deposited temporarily, prior to execution of remittance.
8. “Agent”; shall mean a natural or juridical person appointed by the owner (or the partners) of the entity to manage the entity or to perform a specific task for its benefit.
1.2 The terms defined in Federal Law No. (10) of 1980 shall, unless otherwise defined herein, bear the same meanings when used herein.

Article (2): Licensing is Compulsory
No person, whether natural or juridical, shall carry on exchange business in the United Arab Emirates unless he is licensed in writing by the Governor of the Central Bank or a person authorized by the Governor to do so in accordance with these Regulations or unless he is exempted from the provisions thereof.

Article (3): Application for Licence
Any natural or juridical person may submit an application for a licence to the Central Bank to carry out exchange business. Such application shall be made on the form prescribed from time to time by the Central Bank and attached to it the following documents:
1. A statement setting out the nature and scale of the exchange business which the applicant intends to carry on, plans of the applicant for the future development of that business and the particulars of the applicant's arrangements for the management of that business.
2. Name of applicant and his address, a brief statement about his qualifications and experience, copies of UAE ID of the partners, or copies of passports of foreign partners, and a copy of the UAE family book, with the originals of such documents for inspection.
3. 1. An undertaking to provide, in case the application is approved, and prior to issuing a license, an unconditional and irrevocable bank guarantee drawn in favour of the Central Bank, issued by a Bank licensed by the Central Bank or an unconditional and irrevocable deposit of unencumbered cash funds held in an account at the Central Bank in lieu thereof. The value at any point of time of either of the above, shall not be less than the higher of either:
  a) one hundred (100) percent of the minimum Paid Up Capital required as specified in Article (4.2)(a) of these Regulations; or
  b) five (5) percent of the full amount equal to the average monthly remittance value of the previous financial year.
  2. In the case of carrying on payment of wages activity, the value of payments using WPS shall be restricted to the bank guarantee drawn in favour of the Central Bank according to the Standards for the Regulations Regarding Licensing and Monitoring of Exchange Business.
4. An undertaking to comply with:
  1. The provisions of Union Law No.10 of 1980, Regulation No. 24/2000 regarding Procedures for Anti-Money Laundering Combating of Terrorist Financing and any other resolutions or instructions issued by the Central Bank.
  2. To render his documents and records accessible to the Central Bank’s supervisors and examiners.
5. Any other information or documents required by the Central Bank for the purpose of processing the licence application.
_{This article has been amended by the central Bank Board of Directors Resolution No 61/6/2016, and Circular No 19/2021 respectively. You are viewing the latest version. To view previous versions, click the version boxes below}.
Version 2 _{(effective from 25/08/2016 to 05/12/2021)}
Any natural or juridical person may submit an application for a licence to the Central Bank to carry out exchange business. Such application shall be made on the form prescribed from time to time by the Central Bank and attached to it the following documents:
1. A statement setting out the nature and scale of the exchange business which the applicant intends to carry on, plans of the applicant for the future development of that business and the particulars of the applicant's arrangements for the management of that business.
2. Name of applicant and his address, a brief statement about his qualifications and experience, copies of UAE ID of the partners, or copies of passports of foreign partners, and a copy of the UAE family book, with the originals of such documents for inspection.
3. 1. An undertaking to provide, in case the application is approved, a bank guarantee drawn in favor of the Central Bank issued by a bank licensed in the UAE, provided that the guarantee value at any point of time shall not be less than the higher of the following:
  100% of the minimum paid-up capital required as specified in Paragraph (a) of Article (4.2) of these Regulations, or
  
  5% of the monthly remittance average value of the previous financial year, with a maximum of AED 75,000,000 (Seventy Five Million).
  2. In the case of carrying on payment of wages activity, the value of payments using WPS shall be restricted to the bank guarantee drawn in favor of the Central Bank according to the Standards issued as indicated in Article (11) bis of these Regulations.
4. An undertaking to comply with:
  The provisions of Union Law No.10 of 1980, Regulation No. 24/2000 regarding Procedures for Anti-Money Laundering Combating of Terrorist Financing and any other resolutions or instructions issued by the Central Bank.
  
  To render his documents and records accessible to the Central Bank’s supervisors and examiners.
5. Any other information or documents required by the Central Bank for the purpose of processing the licence application.
Version 1 _{(effective from 03/01/2014 to 25/08/2016)}
Any natural or juridical person may submit an application for a licence to the Central Bank to carry out exchange business. Such application shall be made on the form prescribed from time to time by the Central Bank and attached to it the following documents:
1. A statement setting out the nature and scale of the exchange business which the applicant intends to carry on, plans of the applicant for the future development of that business and the particulars of the applicant's arrangements for the management of that business.
2. Name of applicant and his address, a brief statement about his qualifications and experience, copies of UAE ID of the partners, or copies of passports of foreign partners, and a copy of the UAE family book, with the originals of such documents for inspection.
3. An undertaking to provide, in case the application is approved, a bank guarantee drawn in favour of the Central Bank issued by a bank licensed in the UAE of value equal to 100% of the paid up capital.
4. An undertaking to comply with:
  The provisions of Union Law No.10 of 1980, Regulation No. 24/2000 regarding Procedures for Anti-Money Laundering Combating of Terrorist Financing and any other resolutions or instructions issued by the Central Bank.
  
  To render his documents and records accessible to the Central Bank’s supervisors and examiners.
5. Any other information or documents required by the Central Bank for the purpose of processing the licence application.

Article (4): Conditions for Granting of Licence
1. 4.1 The Central Bank may, after studying a licence application duly made in accordance with these Regulations and after being provided with all such information, documents and reports as may be required, grant or refuse to grant the licence.
2. 4.2 A licence shall not be granted unless the following criteria are fulfilled with respect to the applicant:
  1. Paid-up capital of the Licensed Person is not less than AED 2,000,000 (Dirhams two million) for carrying on purchase, sale and exchange of foreign currencies in the form of bank notes, coins and travelers cheques, and not less than AED 5,000,000 (Dirhams Five Million) for carrying on remittance business within and outside the UAE in addition to sale and purchase of foreign currencies and travelers cheques, and not less than AED 10,000,000 (Dirhams Ten Million) for carrying on payment of wages through connecting to the Central Bank's system in addition to remittance business and sale/purchase of foreign currencies and travelers cheques, and not less than AED 50,000,000 (Dirhams fifty million) if the legal status of the Licensed Person is a Limited Liability Company (L.L.C), regardless of the activity.
  2. The applicant must be a UAE national of not less than 21 years of age with full mental capacity and in case of applications made by companies the share of UAE nationals in the capital of the company shall not be less than 60% of the total paid up capital.
  3. A licensed person may not transfer ownership of the licence, for remuneration or otherwise, to any other party.
3. 4.3 A licensed person who is a natural person shall exercise direct oversight of the businesses of the establishment, and if he holds the position of Chief Executive Officer, he shall not be entitled to hold a similar position at another establishment.
4. 4.4 No licence shall be granted unless the applicant disposes of the necessary personal reliability and professional qualifications as determined by the Central Bank as follows:
  1. Personal Reliability:
    The applicant, or any of the founding members, shall be of good conduct and behaviour and shall not have been convicted for any offence involving dishonour or dishonesty or violence, and shall not have failed to honour his liabilities towards banks or other creditors and shall not have been declared bankrupt or reached a settlement with his creditors nor has been subjected to attachment of his assets or put under judicial receivership.
  2. Professional Qualifications:
    The applicant or the person who is or shall be manager or controller of the exchange business shall have the appropriate theoretical knowledge of exchange business and the necessary management experience. The Central Bank must be provided with the CVs of the manager in charge and heads of major sections for review and the documents relating thereto. Nominees for key positions shall be interviewed by a special committee at the Central Bank to assess their competence and their technical/managerial capabilities, and test them, or some of them, if necessary. A special committee at the Central Bank shall also interview the owner/partners to ensure they have the required knowledge and business plan.
5. 4.5 On reviewing an application for a licence made by any company consideration shall be given to any matters relating to another company within the same group or regarding any manager or controller thereof as concerns personal reliability or professional qualifications.
_{paragraph (a) of item (2) of Article (4) has been amended by the central Bank Board of Directors Resolution No 61/6/2016. You are viewing the latest version. To view previous version, click the version boxes below}.
Version 1 _{(effective from 03/01/2014 to 25/08/2016)}
- 4.2 A licence shall not be granted unless the following criteria are fulfilled with respect to the applicant:
  
  Paid-up capital of the licence applicant is not less than AED 2,000,000 (Dirhams two million) for carrying on purchase, sale and exchange of foreign currencies in the form of bank notes, coins and travelers cheques, and not less than AED 5,000,000 (Dirhams Five Million) for carrying on remittance business within and outside the UAE in addition to sale and purchase of foreign currencies and travelers cheques, and not less than AED 10,000,000 (Dirhams Ten Million) for carrying on payment of wages through connecting to the Central Bank's system in addition to remittance business and sale/purchase of foreign currencies and travelers cheques, and not less than AED 50,000,000 (Dirhams fifty million) if the applicant is a Limited Liability Company (L.L.C), regardless of the activity. The paid-up capital shall be increased by 10% for opening each additional branch.
  
  The applicant must be a UAE national of not less than 21 years of age with full mental capacity and in case of applications made by companies the share of UAE nationals in the capital of the company shall not be less than 60% of the total paid up capital.
  
  A licensed person may not transfer ownership of the licence, for remuneration or otherwise, to any other party.

Article (5): Notice of Granting or Refusing an Application
Where the Central Bank grants an application for a licence or rejects it, it shall give a written notice to the applicant accompanied by reasons in case of rejection.

Article (6): Scope of Licence
In the licence issued by the Central Bank the following shall be observed:
a- It shall be granted for a period of one year, renewable thereafter; and
b- It should contain such conditions as the Central Bank may deem appropriate.

Article (7): Revocation, Restriction and Variation of Licence
7.1 The Central Bank by a resolution of its Board shall have the right at any time to revoke, vary, restrict or withdraw any condition imposed on any licence after obtaining the comments of the licensed person on the reasons calling for such revocation, variation, restriction or withdrawal.
7.2 The Central Bank by a resolution of its Board shall have the right to revoke the licence if:
1. It appears to the Central Bank that there has been a breach of any of the continuing obligations referred to in Article 8 herein below, or if any condition of the licence is not complied with; or
2. The licensed person is in breach of these Regulations or Federal Law No.(10) of 1980 or any instructions or circulars issued by the Central Bank or if any of the conditions of the licence is not fulfilled or is incapable of fulfillment; or
3. The Central Bank has been provided with false, misleading or inaccurate information by or on behalf of the licensed person or any director, controller or manager of it; or
4. The interests of customers or potential customers of the licensed person are in any way threatened, whether by the manner in which the licensed person is conducting or intends to conduct its business or for any other reason; or
5. An order for the liquidation of the business of the licensed person or any of its major shareholders has been made by a competent judicial authority; or
6. A judicial receiver or manager or any similar officer of the licensed person's undertaking has been appointed; or
7. A bankruptcy order or judgement has been made in respect of the licensed person; or
8. The licensed person did not commence its exchange business within six months from the date of licence; or
9. The licensed person suspends its activities for a period of three consecutive months; or
10. The licensed person, in the opinion of the Central Bank, is unable to pay its debts as they fall due or the value of its assets is, in the opinion of the Central Bank, less than the amount of its liabilities, taking into account its contingent and prospective liabilities; or
11. Execution or other process is issued on a judgment decree or order to sell his assets or part thereof by any court and is returned unsatisfied in whole or in part; or
12. The relevant local authorities withdrew any licence issued in favour of the licensed person.

Article (8): Appointment of an Audit Firm and Publication of the Entity's Audited Accounts
1. 8.1 The licensed person must appoint an audit firm as is acceptable to the Central Bank and maintain proper accounting records and submit these to the Central Bank in such form as required.
2. 8.2 The licensed person shall submit to the Central Bank, within a period not exceeding three months from the date of closing of its financial year, a signed copy of its year end audited accounts, including the auditors report thereon for approval by the Central Bank for publication. The financial year of a licensed person must begin on 1st January and end on 31^st December.

Article (9): Continuing Obligations
1. 9.1 The licenced person shall fully abide by the following obligations:
  1. That the total of his assets shall not, at any time, exceed ten times the paid up capital, and the capital shall not, at any time, be less than the limits approved in accordance with Article (4) (2) (a) of these Regulations.
  2. That the management of the licensed person be conducted by such persons as have been previously approved by the Central Bank as per process. Any violation on the part of the person in charge of management who is an authorized signatory shall be considered a criminal offence if what he signed proved untrue or misleading, and his employment contract should contain an article to such effect.
  3. That the licensed person's legal status, its ownership and capital or its premises shall not be altered without the prior written approval of the Central Bank.
  4. That the licensed person shall not merge or amalgamate or enter into a joint venture with any person or entity, without the prior written approval of the Central Bank.
  5. That exchange business shall only be conducted from premises approved by the Central Bank, and no other non-exchange activity of whatsoever nature is undertaken in the same premises.
  6. That the trade name, for the licensed person, shall not include the word "Bank" "Financial Institution", "Investment / Commercial / Real Estate Company" or any other description that indicates activities other than exchange business.
  7. That branches of the licensed person shall not be established without the prior written consent of the Central Bank and no permission for a new branch shall be granted unless the financial conditions of the licensed person are sound and the licensed person has not committed any violations.
  8. That dealings between the licensed person and his customers shall be supported by official receipts for all exchange transactions and that notice should be posted in a prominent spot, advising customers of the necessity of obtaining receipts regarding all sales or purchases of foreign currencies or travellers cheques or remittances conducted through the licensed person, and that another notice posting rates applicable to foreign currency should be posted prominently.
  9. That issuance of remittances should be in its name and signed by persons duly authorized by it.
  10. That the entity should have in place electronic systems to support (SMS) service for all remittance transactions, whereby remitters and beneficiaries are notified.
  11. That the licensed person shall not encumber any of its assets without the prior written approval of the Central Bank.
  12. That any partner of the licensed person shall not withdraw any amount from the business in excess of his share of the net annual profit.
  13. That shareholders, partners, directors, managers, or controllers of the licensed person may not borrow from or lend to the licensed person and they may not have current accounts or any other accounts with the licensed person.
  14. That each licensed person must establish a Remittances Intermediate Account. Funds available in the Remittances Intermediate Account must only be used for settlement of remittances and not for any other purposes.
  15. That the Remittances Intermediate Account, and any other accounts designated by the Central Bank, should be audited by the external auditor on monthly basis and results of the audit should be kept in a separate record.
  16. That the licensed person shall provide, upon the Central Bank's request, all data, information or statistics, at any time and for any specified period and such information shall be identical to the records of the licensed person and it shall be regarded and treated as confidential information.
  17. That the licensed person shall obtain the necessary local licences and commence its activities within six months of the date of issuance of the licence by the Central Bank under these Regulations and the Central Bank shall be provided with a copy of the licence issued by the local authorities as soon as it is obtained.
  18. That an application for renewal of licence shall be made within a period of not less than two months before the expiry of the original licence or any renewal thereof.
  19. That the licensed person shall at all times comply with all the laws in force in the U.A.E. including the Civil Law, Companies Law and Criminal Law, and in particular the provisions relating to counterfeit coins and bank notes for which any violation shall be duly reported to the authorities concerned.

Article (10): Supervision and Examination
The Central Bank reserves the right to examine the activities of the licensed person at any time it finds it appropriate to ensure adherence to the provisions of these Regulations.

Article (11): Amendments
The Central Bank may make the amendments it deems necessary to these Regulations from time to time.
Article (11) bis:
The Central Bank shall issue the following Standards:
1. Licensing and Continued Obligations Standards
2. Management of the Business and Governance Standards
3. Risk Management and Security Standards
4. Anti-Money Laundering Compliance Standards
5. Customer Protection Standards
6. Appendices
Appendix 1: Definitions
Appendix 2: Applicable Laws, Regulations and Notices
Appendix 3: List of Compulsory Reports and Forms
Appendix 4: Non-Compliance Charges
The Standards are an integral part of the Regulations Regarding Licensing and Monitoring of Exchange Business, and all Licensed Persons shall adhere to the provisions of the Standards once circulated and come into effect

_{Article (11) bis has been added by the central Bank Board of Directors Resolution No 61/6/2016}

Article (12): Application of Regulations
1. 12.1 These Regulations shall apply to all entities carrying on exchange business in the UAE and licensed in accordance with these Regulations. Exchange establishments/companies licensed in accordance with Central Bank’s Board of Directors Resolution No. 123/7/92 issued on 29/11/1992 shall be required to reconcile their positions with the requirements of these Regulations, within a period of two years from its date of issuance.
2. 12.2 The Governor may decide on initiatives which support financial inclusion in the UAE, by lowering the capital requirements stated under Article (4-2-a) of these Regulations, provided the Board of Directors is notified of decisions made in this respect, in due course.
3. 12.3 The Central Bank’s Board of Directors Resolution No. 123/7/92 issued on 29/11/1992 and amendments thereto shall be cancelled and replaced with these Regulations.

Article (13): Interpretation of Regulations
Any clarification or interpretation of the provisions of these Regulations may be sought from the Legal Division at the Central Bank whose interpretation shall be final.

Article (14): Publication and Effective Date
These Regulations shall be published in the official gazette in both Arabic and English Languages and become effective from date of publication, and shall be communicated to whomsoever is concerned for implementation.

Additional Provisions
Additional provisions as per circular 19/2021 amending the regulations regarding Licensing and Monitoring of Exchange Business
Article (3) of C 19/2021: Obligation to notify the Central Bank of breach of regulatory obligations
3.1 Any Licensed Person, which breaches or is likely to breach any regulatory obligation in this Regulation must immediately notify the Central Bank in writing.
Article (4) of C 19/2021: Enforcement & Sanctions
4.1 Violation of any provision of this Regulation and any accompanying Standards may be subject to supervisory action and sanctions as deemed appropriate by the Central Bank.
4.2 Any Licensed Person not meeting the requirements of this Regulation upon its coming into force, may be subject to business restrictions until fully compliant with the requirements of Article 3(c) and must obtain written approval from the Central Bank on an agreed plan setting out clear time frames and deliverables in order to reach full compliance.

The Standards for the Regulations Regarding Licensing and Monitoring of Exchange Business
N 35/2018 STA

Preface
Pursuant to Article 11 of the amendments to notice number 01/2014, the Central Bank of the UAE is issuing “The Standards for the Regulations Regarding Licensing and Monitoring of Exchange Business (the Standards)”. The Standards set the baseline requirements for Exchange Houses currently operating in the UAE, including new entrants, which must be maintained to continue their business in a fully compliant manner.
The Standards include the following sections:
1. A.Licensing and Continuing Obligations;
2. B.Management and Governance;
3. C.Risk Management and Security;
4. D.Anti-Money Laundering Compliance;
5. E.Customer Protection;
6. F.Appendices; and
7. G.Version Control Table.
Exchange Houses, operating in the UAE, are required to comply with all requirements of the Standards at all times. Non-compliance charges will be levied on Exchange Houses for violations in accordance with Appendix 4 of the Standards.
Board of Directors (or the Owner/Partners where there is no Board of Directors) of Exchange Houses is in ultimate control of their business and accordingly, is responsible to ensure the availability of adequate Policies, Procedures, Processes, Systems, Controls and Human Resources to run their business in compliance with all applicable Laws, Rules, Regulations, Notices and the Standards.
Any clarification or interpretation of the Standards may be sought from the Central Bank whose interpretation shall be final and binding on all Exchange Houses.
Exchange Houses may email all their queries regarding the Standards to: info.ehs@cbuae.gov.ae.
Complaints/grievances against employees/Examiners of the Central Bank of the UAE may be written to the Head of Examinations, Banking Supervision Department. Any information provided by the Licensed Person in this manner will be held confidential. The Central Bank may contact the Licensed Person if it is deemed necessary to collect further information as part of such investigations.

A. Licensing and Continuing Obligations Standards

Chapter 1: Scope of the License and Exchange Business

Introduction
The scope of Exchange Business is defined in the “Regulations regarding Licensing and Monitoring of Exchange Business issued in January 2014” (the Regulations) and all Licensed Persons are expected to operate within the scope of their license. Exceeding the scope of their license, by carrying out any activity other than those permitted by the Regulations, will be taken seriously by the Central Bank of the UAE (“the Central Bank”). This chapter provides the details of requirements related to the scope of Exchange Business and permitted activities that every Licensed Person must comply with at all times.

1.1 License to carry out Exchange Business
1. 1.1.1Exchange Business can be carried out by a person, whether natural or juridical, only if such person is licensed in writing by the Governor of the Central Bank or by a person authorized by the Governor to do so in accordance with the Regulations and its subsequent amendments;
2. 1.1.2The Licensed Person must carry out its activities in an utmost professional manner and in full compliance with all applicable Laws, Rules, Regulations, Notices and the Standards; and
3. 1.1.3The Central Bank shall treat instances of non-compliance seriously and reserves the right to impose appropriate non-compliance charges in accordance with Appendix 4 of the Standards.

1.2 Scope of Exchange Business (Permitted Activities of Exchange Business)
The scope of Exchange Business is defined under Article 1.1(c) of the Regulations, which is explained in Paragraphs 1.2.1 to 1.2.4 of this Chapter.
1.2.1Foreign Currency Exchange (Article 1.1.(c).1 of the Regulations)
1. a)The Licensed Person is permitted to buy and sell foreign currencies and traveller’s cheques from/to customers, whether natural persons or juridical persons, who are physically present in the UAE;
2. b)The Licensed Person is not permitted to import or export foreign currencies from/to foreign entities without obtaining a Letter of No Objection from the Banking Supervision Department. Please refer to Paragraph 4.17 of Chapter 4 for further information; and
3. c)The Licensed Person may open Hedge accounts with a well regulated financial institution, whether inside or outside the UAE, for hedging its foreign exchange positions as part of mitigating the risk of exchange rate fluctuations subject to the following conditions:
  - •A Letter of No Objection from the Banking Supervision Department must be obtained prior to opening Hedge accounts;
  - •The Licensed Person must submit a duly completed “Foreign Account Application (FAA) Form” (Refer to Appendix 5 for FAA Form) along with the required supporting documents to the Banking Supervision Department in order to obtain a Letter of No Objection to open a Hedge account with a foreign financial institution. The Licensed Person must use the same FAA Form to apply for the Letter of No Objection to open a Hedge account with a financial institution located within the UAE;
  - •The Hedge account must be used strictly for mitigating the foreign exchange risk and not for any type of activities that may result in speculation; and
  - •The accounting for hedge transactions must be in accordance with the requirements of applicable International Financial Reporting Standards and must be fully automated.
1.2.2Remittance Operations (Article 1.1.(c).2 of the Regulations)
1. a)The Licensed Person is permitted to execute remittance transactions in local or foreign currencies on behalf of its customers, whether natural persons or juridical persons, who are physically present in the UAE provided that the Licensed Person is in possession of either a Category B or Category C license (Refer to Paragraph 2.2 of Chapter 2 for various license categories);
2. b)The Licensed Person may enter into necessary arrangements with banks, licensed/regulated financial institutions (local or foreign) or instant money transfer service providers to execute remittances subject to the conditions of Paragraphs 1.2.2 (c) to (f) below;
3. c)A Letter of No Objection from the Banking Supervision Department must be obtained to open accounts with foreign banks or foreign financial institutions (including establishing remittance relationships with exchange houses operating outside the UAE) for executing remittances. The Licensed Person must apply for the Letter of No Objection by submitting a duly completed FAA Form (Refer to Appendix 5 for this Form) along with the required supporting documents to the Banking Supervision Department;
4. d)A Letter of No Objection from the Banking Supervision Department must be obtained, by submitting a duly completed FAA Form (Refer to Appendix 5 for this Form), to open accounts with financial institutions operating in the Financial Free Zones of the UAE (e.g.: DIFC, ADGM);
5. e)A Letter of No Objection from the Banking Supervision Department must be obtained, by submitting a duly completed FAA Form (Refer to Appendix 5 for this Form), to enter into a remittance arrangement with any instant money transfer service provider;
6. f)The Licensed Person, who is a Master Agent (i.e. Main or Principle Agent) of an instant money transfer service provider, must obtain a Letter of No Objection from the Banking Supervision Department in order to appoint another Licensed Person to act as its Sub-Agent to offer the products or services of such instant money transfer service provider;
7. g)The remittance transactions executed by the Licensed Person on behalf of entities operating in the Financial Free Zones of the UAE must be in accordance with relevant laws related to such Free Zones;
8. h)A Licensed Person is not permitted to execute remittance instructions received from other Licensed Persons without obtaining a Letter of No Objection from the Banking Supervision Department when the remittance instructions are made on behalf of such other Licensed Persons’ customers; and
9. i)The Licensed Person is not permitted to act as a routing agent between its foreign correspondents without obtaining a Letter of No Objection from the Banking Supervision Department.
1.2.3Payment of Wages using WPS (Article 1.1.(c).3 of the Regulations)
1. a)The Licensed Person is permitted to execute wage payments through the Wages Protection System (i.e. WPS) on behalf of legal entities operating in the UAE provided that the Licensed Person is in possession of a Category C license. Please refer to Paragraph 2.2 of Chapter 2 for various license categories;
2. b)The monthly turnover of wages paid using WPS by the Licensed Person shall be restricted against the value of its bank guarantee favouring the Central Bank and its risk grading awarded by the Central Bank. Please refer to Paragraph 2.4.5 of Chapter 2 for further information;
3. c)The monthly turnover of wages, in the context of Paragraph 1.2.3 (b) of this Chapter, means the total value of the Salary Information File (SIF) uploaded to and accepted by the System of Wages Protection during a month;
4. d)The Licensed Person must provide WPS services only to clients who are located within the same Emirate where the Licensed Person has branches. In this context, a client with multiple branches spread across different Emirates of the UAE may also utilise the WPS service offered by a Licensed Person who has branches in the same Emirate where the Main Office or Head office of such client is located;
5. e)The Licensed Person must cease the disbursement of wages in cash through WPS on or before 30^th September 2018. The disbursement of wages, thereafter (i.e., with effect from 1^st October 2018), must be executed only via payroll cards or through a bank account of the individual receiving the wages or salaries;
6. f)The Licensed Person may enter into arrangements with banks or other appropriate service providers in order to distribute payroll cards after obtaining a Letter of No Objection from the Banking Supervision Department;
7. g)The Licensed Person must arrange to deliver Payroll cards directly to each employee of its clients and obtain acknowledgements thereof at all times;
8. h)Payroll cards must not be reloaded with any value or money other than the salary/wages of the employee as per the Salary Information File (SIF) uploaded to and accepted by the System of Wages Protection;
9. i)The Licensed Person must comply with the Central Bank Rules in relation to the WPS (i.e. Rules of the UAE Wage Protection System issued by the Central Bank) at all times; and
10. j)The Licensed Person must carry out Enhanced Due Diligence, in accordance with Paragraph 16.11.2 of Chapter 16, for each legal entity before entering into any WPS arrangement.
1.2.4Special Products or Services (Article 1.1.(c).4 of the Regulations)
1. a)The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department if it intends to sell/offer any product or service which does not fall under various activities mentioned under Paragraphs 1.2.1 to 1.2.3 of this Chapter;
2. b)The Banking Supervision Department shall periodically issue the list of such products or services (called “the Special Product Matrix”) to all Licensed Persons;
3. c)The Licensed Person may choose any product or service from the Special Product Matrix and then request for the Letter of No Objection from the Banking Supervision Department prior to selling/offering such product or service;
4. d)The Licensed Person must seek the Letter of No Objection from the Banking Supervision Department for all its existing special products or services provided that they appear in the Special Product Matrix. The Licensed Person is not required to seek Letters of No Objection for those products or services in the Special Product Matrix on a condition that such products or services were approved by the Central Bank previously;
5. e)The Licensed Person must request a Letter of No Objection from the Central Bank in order to offer any new product or service that is not listed in the Special Product Matrix. The Licensed Person must submit below information/documents to the Central Bank in such cases:
  - •A request for the Letter of No Objection; and
  - •Description of the product or service, profile of the partner, a confirmation that the Enhanced Due Diligence has been carried out on the partner, detailed process flow, settlement process, targeted customers and a risk assessment report.
6. f)The Banking Supervision Department shall issue the Letter of No Objection for a special product or service, based on the merit of each application, subject to the following conditions:
  - •The Licensed Person must be in possession of either a Category B or Category C license. Please refer to Paragraph 2.2 of Chapter 2 for various license categories;
  - •The Licensed Person must fulfil the paid-up capital and bank guarantee requirements in accordance with the conditions contained in the Special Product Matrix; and
  - •The risk grading of the Licensed Person must be acceptable to the Central Bank. Please refer to Paragraph 5.3.5 of Chapter 5 for further details on risk grading.
7. g)The Licensed Person must not solicit its customers or any other party for selling loan products of local or foreign banks; and
8. h)The Licensed Person must not be involved in or assist its customers or any other party for opening bank accounts with local or foreign banks.

Chapter 2: Legal Forms, Capital and Bank Guarantee Requirements

Introduction
The paid-capital of a Licensed Person and its bank guarantee favouring the Central Bank are calculated based on the category of its license, its legal form and the value of remittances. This chapter provides information about the minimum amount of paid-up capital to be maintained by a Licensed Person and the method of calculating its minimum bank guarantee to be provided in favour of the Central Bank.

2.1 Permitted Legal Forms
1. 2.1.1Applicant applying for a new license for Exchange Business must specifically mention the details of the legal form of the proposed entity in the application for new license. Please refer to Paragraphs 3.1.8 (b) and (c) of Chapter 3 for further information.

2.2 License Categories
1. 2.2.1There are three categories of license based on the scope of Exchange Business that the Licensed Person is permitted to carry out in accordance with Paragraph 1.2 of Chapter 1:
  1. a)Category A License:
    The Licensed Person, in possession of a ‘Category A’ license, is permitted to carry out only foreign currency exchange business in accordance with Paragraph 1.2.1 of Chapter 1;
  2. b)Category B License:
    The Licensed Person, in possession of a ‘Category B’ license, is permitted to carry out the following two activities only:
    - •Foreign currency exchange (Refer to Paragraph 1.2.1 of Chapter 1); and
    - •Remittance operations (Refer to Paragraph 1.2.2 of Chapter 1).
  3. c)Category C License:
    The Licensed Person, in possession of a ‘Category C’ License, is permitted to carry out the following three activities:
    - •Foreign currency exchange (Refer to Paragraph 1.2.1 of Chapter 1);
    - •Remittance operations (Refer to Paragraph 1.2.2 of Chapter 1); and
    - •Payment of Wages using WPS (Refer to Paragraph 1.2.3 of Chapter 1).
2. 2.2.2The Licensed Person, in possession of either a “Category B” or “Category C” license, may choose to sell/offer special products or services in accordance with Paragraph 1.2.4 of Chapter 1.

2.3 Minimum Paid-up Capital
1. 2.3.1Category A License
  The Licensed Person’s minimum paid-up capital must be AED 2 million. In case the legal form is a Limited Liability Company, the minimum paid-up capital must be AED 50 million.
2. 2.3.2Category B License
  The Licensed Person’s minimum paid-up capital must be AED 5 million. In case the legal form is a Limited Liability Company, the minimum paid-up capital must be AED 50 million.
3. 2.3.3Category C License
  The Licensed Person’s minimum paid-up capital must be AED 10 million. In case the legal form is a Limited Liability Company, the minimum paid-up capital must be AED 50 million.

2.4 Bank Guarantee

2.4.1The Licensed Person must provide a bank guarantee favouring the Central Bank from a bank licensed in the UAE, provided that the value of the bank guarantee at any point in time shall not be less than the higher of the following:
1. a)100% of the minimum paid-up capital for each category of license as detailed under Paragraph 2.3 of this Chapter; or
2. b)5% of the monthly remittance average value of the previous financial year, with a maximum of AED 75 million (Seventy Five Million UAE Dirhams).
2.4.2The Licensed Person must submit a Certificate of Remittance Value, issued by the External Auditor, to the Supervision & Examination Division of the Banking Supervision Department within two (2) months from the end of every financial year. This certificate must be submitted on the “Certificate of Remittance Value (CRV) Form” provided by the Central Bank (Refer to Appendix 5 for CRV Form);
2.4.3The Licensed Person must increase the value of bank guarantee favouring the Central Bank as required under Paragraph 2.4.1 (b) of this Chapter upon receiving a letter from the Central Bank demanding an additional bank guarantee. The additional bank guarantee must be submitted to the Central Bank prior to the deadline stipulated in the letter;
2.4.4The bank guarantee favouring the Central Bank must be in the prescribed format provided by the Licensing Division. All original bank guarantees must be delivered directly to ‘the Licensing Division, Banking Supervision Department, Central Bank of the UAE, Abu Dhabi’;

2.4.5The monthly turnover of wages to be paid using WPS is restricted, as below, based on the value of the bank guarantee and the risk grading of the Licensed Person awarded by the Central Bank (Please refer to Paragraph 1.2.3 (b) of Chapter 1 for further information):

a) Low risk	-	Thirty (30) times the value of the bank guarantee
b) Medium risk	-	Twenty (20) times the value of the bank guarantee
c) High risk	-	Ten (10) times the value of the bank guarantee
d) Very High Risk	-	Not permitted to carry out payment of wages using WPS
e) Unacceptable Risk	-	Not permitted to carry out payment of wages using WPS

2.4.6The Central Bank reserves the right to determine the risk grading of the Licensed Person based on predefined parameters and findings contained in the Transmittal Letter issued after every examination. The decision of the Central Bank in this regard shall be final; and
2.4.7The risk grading awarded to the Licensed Person and the details of predefined parameters, on which the risk grading is based, will be highlighted in the Transmittal Letter issued by the Central Bank after the examination (Refer to Paragraph 5.3 of Chapter 5).

2.5 Permitted Shareholding (i.e. Ownership) Structure
1. 2.5.1The ownership in a Licensed Person by the UAE National(s) who is a/are natural person(s), directly or indirectly via a company, must be not less than 60% at any point in time.

2.6 Status of Existing Licensed Persons
1. 2.6.1An existing Licensed Person, who currently does not comply with the minimum paid-up capital and bank guarantee requirements as per Paragraphs 2.3 and 2.4.1 of this Chapter, must:
  1. a)increase its paid-up capital and bank guarantee to comply with the requirements of Paragraphs 2.3 and 2.4.1 of this Chapter on or before 29^th September 2019 in three (3) equal annual instalments subject to the conditions under Paragraphs 2.6.1 (c) and 2.6.2 of this Chapter;
  2. b)provide its action plan along with a letter of undertaking to the Central Bank within fourteen (14) calendar days from the date of issuance of the Standards confirming their binding commitment to comply with the requirements of Paragraph 2.6.1 (a) of this Chapter; and
  3. c)comply with the following deadlines in phased manner for increasing the paid-up capital and bank guarantee as required under Paragraph 2.6.1 (a) of this Chapter:
    - •1^st instalment of the increase (i.e. 33.33% of the amount to be increased) must be made on or before 29^th September 2017;
    - •2^nd instalment of the increase (i.e. 33.33% of the amount to be increased) must be made on or before 29^th September 2018; and
    - •3^rd instalment of the increase (balance of the amount to be increased) to be in full compliance must be made on or before 29^th September 2019.
2. 2.6.2If 5% of the monthly remittance average value based on the actual values during the financial year 2016 exceeds the value of its existing bank guarantee favouring the Central Bank, the Licensed Person must immediately comply with Paragraph 2.4.1 (b) of this Chapter regardless of the grace period granted and timelines set under Paragraphs 2.6.1 (a) and (c) of this Chapter. The Central Bank will advise the Licensed Person about the additional bank guarantee in writing. The additional bank guarantee must be submitted to the Central Bank in accordance with Paragraph 2.4.4 of this Chapter prior to the deadline stipulated in the correspondence from the Central Bank;
3. 2.6.3If the Licensed Person fails to or is unable to provide the additional bank guarantee in accordance with Paragraph 2.6.2 of this Chapter, the Licensed Person must limit its monthly remittance average value to twenty (20) times the value of its existing bank guarantee favouring the Central Bank;
4. 2.6.4Existing Licensed Persons who are not willing to increase the minimum paid-up capital and bank guarantee to comply with the requirements of Paragraph 2.6.1 of this Chapter must contact the Licensing Division of the Banking Supervision Department to confirm their license status within thirty (30) calendar days from the date of issuance of the Standards. The Central Bank reserves the right to direct such Licensed Persons to:
  1. a)seek the Central Bank’s approval to downgrade its Exchange Business license to a category where the minimum paid-up capital and bank guarantee requirements are lower; and/or
  2. b)seek the Central Bank’s approval to change the legal form where the minimum paid-up capital and bank guarantee requirements are lower; or
  3. c)surrender its Exchange Business license to the Central Bank.
5. 2.6.5In case the current paid-up capital or/and the value of existing bank guarantee is/are higher than the value required under Paragraphs 2.3 and 2.4.1 of this Chapter, the Licensed Person must obtain a Letter of No Objection from the Central Bank in order to reduce the respective value to the required minimum level;
6. 2.6.6Regardless of the grace period granted and timelines set under Paragraphs 2.6.1 (a) and (c) of this Chapter, the Licensed Person must comply with Paragraphs 4.1, 4.18 and 4.19 of Chapter 4 at all times; and
7. 2.6.7The Central Bank reserves the right to revoke the license to conduct Exchange Business in case the Licensed Person fails and/or shows inability to comply with Paragraphs 2.6.1 to 2.6.4 of this Chapter.

2.7 Opening of Additional Branches
1. 2.7.1A Licensed Person, who is in compliance with the minimum paid-up capital and bank guarantee requirements as per Paragraphs 2.3 and 2.4.1 of this Chapter, is not required to further increase its paid-up capital or bank guarantee for obtaining the Central Bank approval to open additional branches;
2. 2.7.2The Central Bank reserves the right to instruct Licensed Persons, who do not comply with the minimum paid-up capital and bank guarantee requirements as per Paragraphs 2.3 and 2.4.1 of this Chapter, to increase their paid-up capital and bank guarantee prior to obtaining the Central Bank approval to open additional branches regardless of the deadlines set under Paragraph 2.6.1(c) of this Chapter;
3. 2.7.3In all cases, the Licensed Person must comply with Paragraphs 4.1, 4.18 and 4.19 of Chapter 4 at all times; and
4. 2.7.4The Central Bank approval to open additional branches shall be issued subject to its prevailing licensing policy and the risk grading awarded to the Licensed Person after the Central Bank Examination.

Chapter 3: Licensing

Introduction
Exchange Business can be carried out by a person, whether natural or juridical, only if such person is licensed by the Central Bank in accordance with the Regulations and its subsequent amendments. This chapter provides information related to the process for obtaining an Exchange Business license from the Central Bank.

3.1 Application Process and Documentary Requirements for a License
1. 3.1.1Any person, natural or juridical, may submit a new application to the Central Bank for any category of license mentioned under Paragraph 2.2 of Chapter 2 using “Licensed Person’s Application (LPA) Form” (Refer to Appendix 5 for LPA Form) and with necessary supporting documents;
2. 3.1.2All documents provided to the Central Bank as part of the application for a license must be in Arabic or English;
3. 3.1.3Documents in languages other than Arabic or English must be accompanied by Arabic or English legal translations;
4. 3.1.4All figures in the financial statements, business plans or other projected reports must be expressed either in AED or in US Dollars;
5. 3.1.5The applicant is permitted to appoint a duly authorised representative, such as a law firm or a professional consultancy firm, to prepare and submit the license application on behalf of the applicant. In such cases, the applicant continues to retain the full responsibility for the accuracy and completeness of information/documents provided and is required to certify the application form accordingly;
6. 3.1.6The Central Bank may liaise directly with the applicant or the applicant’s duly appointed representative when processing the application for seeking any clarification or information;
7. 3.1.7Applicants may contact the Licensing Division of the Banking Supervision Department for a pre-application meeting to discuss their business plans, application process and requirements;
8. 3.1.8The following forms and documents must be submitted to the Central Bank for obtaining a license:
  1. a)Formal application letter signed by the applicant(s) which must specifically state the category of the license for which they are applying (refer Paragraph 2.2 of Chapter 2 for various license categories);
  2. b)Duly completed LPA Form (Refer to Appendix 5 for this Form);
  3. c)Comprehensive business plan which must consist of the following information regarding the proposed entity:
    - •Name of the proposed entity;
    - •Legal form of the proposed entity;
    - •Initial amount of paid-up capital that will be injected into the business. Please refer to Paragraph 2.3 of Chapter 2 for the minimum requirements of paid-up capital;
    - •Name(s) of the Owner/Partners/Shareholders and the ownership structure;
    - •Justification and reasons for applying to obtain a license to conduct Exchange Business and the value it will add to the financial industry;
    - •Proposed number of branches and their locations that are planned to be opened during the first three (3) years;
    - •Projected financial statements (Balance Sheet, P&L and cash flow statements) for the first three (3) years with assumptions;
    - •Applicant's business strategy, business model, primary corridors if planning for remittance activity, description of proposed products/services and other marketing plans;
    - •An assessment report on the potential risks that may be faced by the proposed entity and suggested measures to mitigate such risks; and
    - •Emiratization plans in line with the Central Bank’s requirements.
  4. d)In case the proposed Shareholder(s) is/are a juridical person(s), a Board resolution from such juridical person(s), confirming the decision to become shareholder in the proposed entity;
  5. e)In case the proposed Shareholder is a juridical person, the certificate of incorporation issued by the competent authority in its country of incorporation, commercial license/registration or any other similar official document;
  6. f)In case the proposed shareholder(s) is/are part of a Group of Companies/Businesses, copies of the audited financial statements of that Group, for the immediately preceding three (3) years;
  7. g)A letter of undertaking from the Owner/ all Partners/ all Shareholders of the proposed entity to comply, in case the application is approved, with the paid-up capital and bank guarantee requirements stated under Paragraphs 2.3 and 2.4 of Chapter 2;
  8. h)Letter of undertaking as per Article 3 (d) of the Regulations;
  9. i)A Draft version of Memorandum and Articles of Association of the proposed entity;
  10. j)Duly completed “Authorised Person’s Appointment (APA) Form” (Refer to Appendix 5 for APA Form) for the Manager in Charge (detailed CV must be included with a brief description);
  11. k)List of proposed members of the Board (i.e. Directors on the Board) if it is applicable (detailed CV must be included with a brief description for each Board member);
  12. l)Paid-up capital certificate of deposit from a bank licensed in the UAE;
  13. m)Copy of the required initial approvals from the Department of Economic Development; and
  14. n)A copy of the tenancy agreement and the address of premises to carry out the business of the proposed entity.
9. 3.1.9The applicant must submit documents as per Paragraphs 3.1.8 (a) to (h) of this Chapter to initiate the application process;
10. 3.1.10The Central Bank, upon review of all documents as per Paragraphs 3.1.8 (a) to (h) of this Chapter, will notify the applicant if the initial approval has been granted or its application has been rejected by the Board of the Central Bank;
11. 3.1.11The applicant is required to submit documents under Paragraphs 3.1.8 (i) to (n) of this Chapter only after receiving the initial approval of the Central Bank;
12. 3.1.12The proposed Manager in Charge will be called in for an interview by a special committee of the Central Bank as part of a fit and proper test. The Central Bank reserves the right to issue or decline the approval for the appointment of the proposed Manager in Charge;
13. 3.1.13The Central Bank, upon review of all documents as per Paragraphs 3.1.8 (i) to (n) of this Chapter and the Bank Guarantee as per Paragraph 2.4 of Chapter 2, will notify the applicant in writing if the license to carry out the business has been granted or not;
14. 3.1.14After obtaining the license to carry out Exchange Business from the Central Bank, the Licensed Person must submit the following to the Banking Supervision Department before commencing the business:
  1. a)A copy of the notarized Memorandum and Articles of Association;
  2. b)Auditors certification that paid-up capital has been injected into the business;
  3. c)Undertaking letter from the Owner/Shareholders/Partners whereby the Licensed Person agrees to comply with paid-up capital ratio and liquidity requirements as per Paragraphs 4.1, 4.18 and 4.19 of Chapter 4;
  4. d)Duly completed APA Form (Refer to Appendix 5 for this Form) and an approval request for the appointment of the Compliance Officer and Alternate Compliance Officer. Please refer to Paragraphs 16.4.9 and 16.5.2 of Chapter 16 for further details;
  5. e)Contact details (such as mobile number, phone number, fax number and email) of the main/head office, Manager in Charge and Compliance Department or Officer;
  6. f)Application for a Letter of No Objection to appoint External Auditors as per Paragraph 7.3.2 (b) of Chapter 7;
  7. g)Business Continuity Plans;
  8. h)Copy of the insurance policy;
  9. i)Description of the IT systems, detailed back up and disaster recovery plans;
  10. j)Application for connectivity to the Central Bank reporting systems; and
  11. k)Any other information as may be specified by the Central Bank.
15. 3.1.15The Licensed Person must submit documents under Paragraphs 3.1.14 (a) to (b) of this Chapter to the Licensing Division and the remaining documents to the Supervision & Examination Division of the Banking Supervision Department; and
16. 3.1.16The Licensed Person must inform the Supervision & Examination Division and the FID (i.e. the Financial Intelligence Department which was formerly known as the AMLSCU) at least ten (10) days in advance about the date of commencement of its business.

3.2 Approval Process and Timelines
1. 3.2.1The Central Bank reserves the right, within sixty (60) days of receiving a license application, to:
  1. a)require the applicant to provide additional documents/information that the Central Bank deems necessary to evaluate the application; or
  2. b)reject incomplete applications.
2. 3.2.2The applicant may withdraw its application at any time during the process by notifying the Central Bank in writing;
3. 3.2.3After the review of a license application, the Central Bank may advise the applicant in writing whether:
  1. a)the license has been granted unconditionally; or
  2. b)the license has been granted subject to conditions; or
  3. c)the application has been rejected.
4. 3.2.4The Central Bank will notify the applicant of the outcome of the license application within a period not exceeding twenty (20) working days from date of issuing such decision by the Board of Directors of the Central Bank. Such notice shall include the following:
  1. a)content of the decision;
  2. b)reasons for the decision, if any; and
  3. c)requirement of additional documents or information, if any.
5. 3.2.5A license certificate is issued to the applicant once the Central Bank decides to grant the license stating the effective start date of the license. The name of the Licensed Person is then added into the “Central Bank Register of Exchange Houses”; and
6. 3.2.6The Licensed Person must obtain prior approval of the Central Bank if it intends to add any permitted activity or to discontinue the current permitted activities (Refer to Paragraph 1.2 of Chapter 1 for the list of permitted activities) by submitting an application at least sixty (60) days before the date of such change.

3.3 Rejecting an Application
1. 3.3.1The Board of Directors of the Central Bank reserves the right, at any point in time, to reject an application for new license or an application from an existing Licensed Person to change the category of license considering the interest of the public or if the applicant/Licensed Person fails/refuses to fulfill the licensing conditions and requirements as set out in Paragraph 3.1 of this chapter;
2. 3.3.2The Board of Directors of the Central Bank reserves the right, before issuing the rejection decision, to request the applicant to fulfill the licensing requirements and conditions within a specified period of time; and
3. 3.3.3The applicant shall be notified in writing of the Board’s decision on its application, whether approved or rejected, within a period not exceeding twenty (20) working days from date of issuance of the Board of Director’s decision. Such notice shall include the following:
  1. a)Content of the decision; and
  2. b)Reasons for rejection if any.

3.4 Validity of a License
1. 3.4.1The license shall be valid for a fixed period of time from its date of issue and renewed thereafter upon an application from the Licensed Person (Refer to Paragraph 4.14 of Chapter 4).

3.5 Maintain the License
1. 3.5.1The Licensed Person must maintain adequate levels of financial resources in accordance with Paragraphs 2.3 of Chapter 2 and 4.1, 4.18 and 4.19 of Chapter 4 at all times;
2. 3.5.2The Licensed Person must maintain resources, systems and controls that are, in the opinion of the Central Bank, adequate for the scale and complexity of its activities and mitigating risks of financial crime;
3. 3.5.3The Licensed Person must appoint External Auditors, subject to obtaining a Letter of No Objection from the Central Bank in accordance with Paragraph 7.3.2 of Chapter 7;
4. 3.5.4The Licensed Person’s books of accounts and other records must be available within the UAE at all times and for examination by the Central Bank or persons appointed by the Central Bank;
5. 3.5.5The Licensed Person must comply with the minimum record-keeping requirements covered under Paragraph 16.24 of Chapter 16;
6. 3.5.6The Licensed Person must act in an open and cooperative manner with the Central Bank at all times;
7. 3.5.7The Licensed Person must comply with the regulatory reporting requirements covered in Appendix 3 of the Standards;
8. 3.5.8The Licensed Person must comply with any other specific requirements or restrictions imposed by the Central Bank on the scope of its license; and
9. 3.5.9When granting a license, the Central Bank specifies the regulated services that the Licensed Person is permitted to offer. The Licensed Person must operate within the scope of its license at all times. The Central Bank reserves the right to vary existing requirements or impose additional restrictions or requirements, to address specific risks associated with the business of a Licensed Person.

3.6 Revocation or Suspension of License
1. 3.6.1The Board of Directors of the Central Bank reserves the right to suspend or revoke a license issued to a Licensed Person by issuing a written notice in the following cases:
  1. a)If the Licensed Person ceased to comply with or has breached one or more of the conditions or restrictions imposed on its license;
  2. b)If the Licensed Person has breached applicable Laws, Rules, Regulations, the Standards or any Notice issued by the Central Bank;
  3. c)If the Licensed Person has failed to take any measures or procedures determined or prescribed by the Central Bank;
  4. d)If the Licensed Person did not commence its Exchange Business within six (6) months from the issue date of license;
  5. e)If the business or operations were ceased for a consecutive period exceeding three (3) months;
  6. f)If the Central Bank considers, at its own discretion, that the full or partial withdrawal, revocation or suspension of the license, was necessary for achieving its objectives and in discharging its functions;
  7. g)If the Licensed Person has submitted an application for full or partial withdrawal, cancelation or suspension of the license;
  8. h)If the Licensed Person’s liquidity or solvency is at risk or the Licensed Person becomes bankrupt;
  9. i)If the paid-up capital of the Licensed Person falls below the minimum amount required in accordance with the Regulations/the Standards issued by the Central Bank;
  10. j)If the Licensed Person has merged with another Licensed Person or institution without obtaining a Letter of No Objection from the Central Bank; and
  11. k)If the Licensed Person’s officers, employees or representatives refused to cooperate with Central Bank officers, Representatives, Examiners or abstained from providing unhindered access to information, statements, documents or records.
2. 3.6.2The Central Bank shall notify the Licensed Person, with reasons in writing, about its decision to withdraw, cancel, suspend or revoke the license within a period of not exceeding twenty (20) working days from date of issuance of the Board of Director’s decision. The notice shall include the following at a minimum:
  1. a)Content of the decision;
  2. b)Reasons for the decision, if any; and
  3. c)Effective date of the decision.

3.7 Opening of New Branches
1. 3.7.1The Licensed Person is not permitted to open new branches without obtaining a license from the Central Bank;
2. 3.7.2The Licensed Person has to submit an application signed by its authorized signatory to the Licensing Division of the Banking Supervision Department in order to obtain licenses to open new branches; and
3. 3.7.3The Central Bank, at its sole discretion, shall issue licenses to open new branches based on the level of compliance of the Licensed Person with applicable Laws, Rules, Regulations, Notices and the Standards and based on the prevailing policy of the Central Bank in issuing such approvals.

3.8 Re-location of Licensed Premises
1. 3.8.1The Licensed Person is not permitted to relocate its licensed premises without obtaining the Letter of No Objection from the Central Bank;
2. 3.8.2The Central Bank shall issue a Letter of No Objection to relocate the licensed premises based on the level of compliance of the Licensed Person with applicable Laws, Rules, Regulations, Notices and the Standards, and based on the prevailing policy of the Central Bank;
3. 3.8.3The Licensed Person must display a notice outside the current location two (2) weeks prior to the relocation of the licensed premises for the information to customers mentioning therein the address of the new location, proposed date of opening and the new contact number; and
4. 3.8.4The Licensed Person must operate its business from the existing location, unless otherwise agreed by the Central Bank in writing, until it receives all necessary licenses (such as the license issued by the Central Bank, Department of Economic Development etc.) for such relocation.

3.9 Temporary Closure of Licensed Premises
1. 3.9.1The Licensed Person may close its licensed premises in case of any unforeseen incidents (example: a fire, system failure, etc.), due to natural disasters or for some specific purposes (examples: to carry out repairs or any maintenance) subject to the following conditions:
  1. a)The Licensed Person must notify the Central Bank of the closure immediately upon closing the licensed premises with reasons thereof;
  2. b)The licensed premises shall not be closed for a period of more than one (1) month; and
  3. c)A notice must be displayed outside the premises stating the reasons for the closure, expected re-opening date, mobile number of the contact person and contact details of the nearest branch of the Licensed Person, if any.
2. 3.9.2The Licensed Person must obtain a Letter of No Objection from the Central Bank to keep the licensed premises closed for a period exceeding one (1) month subject to the following conditions:
  1. a)The maximum period of closure shall not exceed three (3) months;
  2. b)Liabilities towards customers must be cleared prior to the closure;
  3. c)A notice must be displayed outside the premises with the reasons for the closure, expected re-opening date, mobile number of the contact person and contact details of the nearest branch of the Licensed Person, if any.
3. 3.9.3The Licensed Person must discuss with the Central Bank about the status of its licensed premises before the expiry of the previously approved period of temporary closure (i.e. three months); and
4. 3.9.4The Licensed Person must obtain the Letter of No Objection from the Central Bank in order to close a licensed premises permanently.

Chapter 4: Continuing Obligations

Introduction
The Licensed Person is expected to carry out its business in compliance with all applicable Laws, Rules, Regulations, Notices and the Standards. This chapter provides clarifications on some of the continuing obligations of a Licensed Person. The Licensed Person is advised to carefully review Article 9.1 of the Regulations and comply with all requirements at all times.

4.1 Total Assets to Paid-up Capital Ratio [Article 9.1 (a) of the Regulations]
1. 4.1.1The total assets of the Licensed Person must not exceed ten (10) times the amount of its paid-up capital. In other words, the total assets to the paid-up capital ratio must not exceed 10:1 at any point in time; and
2. 4.1.2The Licensed Person must comply with the following standards in relation to the calculation of this ratio:
  1. a)Gross value of assets must be taken for the calculation, i.e. no netting-off of assets and liabilities will be permitted unless it is in accordance with International Financial Reporting Standards;
  2. b)Total assets must not include any post-dated-cheques and/or amounts held as unclaimed funds with the Licensed Person as per Paragraph 18.2.1 (e) of Chapter 18;
  3. c)Statutory reserve may be added to the paid up capital provided that the Licensed Person has the obligation to maintain such a reserve as per the prevailing Commercial Companies Law of the UAE;
  4. d)Accumulated losses, including current year losses, must be deducted from the paid-up capital; and
  5. e)Where there are subsidiaries or other foreign offices, the Licensed Person must also comply with Paragraph 4.1.1 of this Chapter based on the consolidated financial statements.

4.2 Manager in Charge [Article 9.1 (b) of the Regulations]
1. 4.2.1Appointment of the Manager in Charge must be made only after obtaining a Letter of No Objection from the Banking Supervision Department. Refer to Paragraph 6.4 of Chapter 6 for additional standards in this regard;
2. 4.2.2The Licensed Person must implement an appropriate Succession Plan to manage its business during the temporary absence, such as leave or vacation, of the Manager in Charge. The Succession Plan must also fulfil the requirements of Paragraph 6.4.7 (b) of Chapter 6;
3. 4.2.3The Manager in Charge must be an authorised signatory granted with Power of Attorney from the Licensed Person or its Owner/Partners/Board of Directors to manage its day to day business; and
4. 4.2.4The employment contract of the Manager in Charge must contain a clause for treating any violation on the part of the Manager in Charge as a criminal offence if it is proven that the Manager in Charge has signed or made any incorrect or misleading statement to the Central Bank.

4.3 Alterations [Article 9.1 (c) of the Regulations]
1. 4.3.1The Licensed Person is not permitted to alter the following without obtaining a Letter of No Objection from the Banking Supervision Department with an exception provided under Paragraph 4.3.2 of this Chapter:
  1. a)Legal status of the business;
  2. b)Ownership or Ownership structure;
  3. c)Location of the licensed premises or offices;
  4. d)Paid-up capital; and
  5. e)Value of the bank guarantee favouring the Central Bank.
2. 4.3.2The Licensed Person may increase its paid-up capital and the value of bank guarantee favouring the Central Bank without obtaining the Letter of No Objection from the Banking Supervision Department in order to comply with the requirements of Paragraphs 2.6.1 (c) and 2.6.2 of Chapter 2. The Licensed Person must notify the Banking Supervision Department upon making such alterations.

4.4 Merger, Amalgamation and Joint Venture Arrangements [Article 9.1 (d) of the Regulations]
1. 4.4.1A Letter of No Objection from the Banking Supervision Department must be obtained in order for the Licensed Person to merge, amalgamate or enter into a joint venture with any other person, whether natural or juridical;
2. 4.4.2The Licensed Person is not permitted to enter into any agreement to manage or to be managed by any other person, whether natural or juridical, without obtaining the Letter of No Objection from the Banking Supervision Department. All such management agreements must be in line with the UAE Laws and all applicable Regulations; and
3. 4.4.3The Licensed Person is not permitted to transfer, rent/lease out the license for a remuneration or otherwise to any other party, whether it is a natural or juridical person.

4.5 Licensed Premises and Products [Article 9.1 (e) of the Regulations]
1. 4.5.1The Licensed Person is not permitted to carry out its activities including the KYC Process from any place outside the premises approved by the Central Bank apart from an exception under Paragraph 4.5.7 of this Chapter;
2. 4.5.2Paragraph 4.5.1 of this Chapter shall not deter the Licensed Person from conducting site visits as part of completing Enhanced Due Diligence in accordance with Paragraph 16.11.2 (d) of Chapter 16;
3. 4.5.3The Licensed Person is not permitted to carry out its activities from any temporary counters, extension counters or in a client’s office, client’s residence or from any place outside its approved premises;
4. 4.5.4The Licensed Person, who participates in WPS, may distribute salaries in cash outside its licensed premises (i.e. at client’s premises) until payroll cards are introduced in accordance with Paragraph 1.2.3 (e) of Chapter 1 provided that the Licensed Person:
  1. a)has obtained the necessary approvals from the police authorities in the respective Emirates; and
  2. b)complies with all applicable Laws, Rules, Regulations and Notices in relation to security and safety.
5. 4.5.5The Licensed Person is not permitted to engage in any business activities other than those in accordance with Paragraph 1.2 of Chapter 1;
6. 4.5.6The Licensed Person must not lease out or rent out its licensed premises to any other party; and
7. 4.5.7The Licensed Person may carry out the KYC Process for its customers, who are natural persons, outside the premises approved by the Central Bank subject to the following conditions:
  1. a)The KYC Process must be carried out directly by the employees of the Licensed Person;
  2. b)The Licensed Person must accept only Emirates ID of the customer as the identification document;
  3. c)Information of the Emirates ID must be extracted using a card reader obtained from the Emirates ID Authority; and
  4. d)A copy of the Emirates ID certified as “Original Sighted and Verified” under the signature of the employee who carries out the KYC Process must be retained. Alternatively, a print out of the extract of information obtained using the Emirates ID card and reader containing customer information must be retained. This print out must be certified as “Original Sighted and Verified” under the signature of an employee of the Licensed Person.

4.6 Trade Name [Article 9.1 (f) of the Regulations]
1. 4.6.1The Licensed Person’s legal/trade name/trade mark must always contain the word “Exchange”;
2. 4.6.2The legal/trade name must be approved by the Central Bank;
3. 4.6.3The Licensed Person must not alter its legal/trade name without obtaining a Letter of No Objection from the Central Bank;
4. 4.6.4The legal/trade name must not contain any undesirable word that will mislead the customers about the nature of business activities of the Licensed Person;
5. 4.6.5Some examples of undesirable words are listed below (the list is not exhaustive):
  - •Bank, Financial Institution, Finance, Financing;
  - •Real Estate, Insurance, Investment;
  - •Gold, Silver, Precious Stone, Commodity, Stock, Shares, etc.
6. 4.6.6The legal/trade name must not infringe the copyrights or intellectual property rights of any other natural or juridical person;
7. 4.6.7Full legal/trade name of the Licensed Person must be clearly and prominently displayed on the main signage of the licensed premises, letter heads, business cards, transaction receipts and all other marketing/branding materials; and
8. 4.6.8The name of business partners, such as correspondent banks, remittance partners or the management company must not appear on the main signage of the licensed premises.

4.7 Official Receipts [Article 9.1 (h) of the Regulations]
1. 4.7.1The official receipts must be given to customers for all types of transactions;
2. 4.7.2The legal name of the Licensed Person, contact details (address, phone, email ID) of the branch that carries out the transaction, phone number for lodging customer complaints, website address (if any), etc. must be printed on all receipts;
3. 4.7.3The below information must be printed on all transaction receipts at a minimum:
  1. a)The date and time (UAE local time) of the transaction;
  2. b)Product name (e.g.: Foreign currency buy or sell, outward remittance, inward remittance, WPS or the name of the special product or service, etc.);
  3. c)Relevant customer information as per Paragraphs 16.8.5, 16.9.10, 16.10.3 or 16.11.5 of Chapter 16, whichever is applicable;
  4. d)Foreign currency conversion rates against the local currency, if applicable;
  5. e)Transaction fees or charges, if applicable;
  6. f)The total value of the transaction in AED;
  7. g)Where it is a remittance transaction, the beneficiary details such as name of the beneficiary, beneficiary bank account details (account number and branch name) where applicable, destination country; and
  8. h)Where it is a remittance transaction, the name of the correspondent bank/correspondent financial institution/exchange house or the name of the instant money transfer service provider through which the remittance is routed.
4. 4.7.4The terms and conditions related to the following must be printed on all receipts at a minimum:
  1. a)Cancellation and refund of the transaction including related charges and conversion rates applicable for the same;
  2. b)Charges and conversion rates that will be applied for amendments or re-issuance of money transfers;
  3. c)Back-end charges or any other bank charges at foreign correspondent banks for money transfers must be disclosed if it is deducted from the amount payable to the beneficiary; and
  4. d)Maximum period available for a customer to lodge a complaint from the date of transaction.

4.8 Display of Rates [Article 9.1 (h) of the Regulations]
1. 4.8.1Rates must be displayed during working hours in a prominent place of the licensed premises and clearly visible to customers. The following rates must be displayed at a minimum:
  1. a)Buy and sell rate against the local currency (i.e. AED) for US Dollars, Euro, Pound Sterling, Japanese Yen and other major foreign currencies that the Licensed Person deals in; and
  2. b)Rates for major foreign currencies that the Licensed Person deals in against the local currency for remittances.

4.9 SMS Notification [Article 9.1 (j) of the Regulations]
1. 4.9.1The SMS service must be integrated in the systems of the Licensed Person to notify parties involved in the money transfer transactions about the status of transactions as follows:
  1. a)SMS notifications must be sent to remitters of all outward remittances at the time of processing the payment instructions for transmitting to correspondents (such as foreign banks, exchange houses, etc.);
  2. b)SMS notification must be sent to remitters of all outward remittances in the case of outward instant money transfers;
  3. c)Two SMS notifications must be sent to beneficiaries of the agent specific inward remittance transactions. The first SMS at the time of receiving the payment instruction from the correspondent and the second SMS at the time of actual payment to the beneficiary;
  4. d)One SMS notification is sufficient, i.e. at the time of payment, in the case of inward instant money transfers which are not agent specific; and
  5. e)The Licensed Person must maintain a log in the system that shows the status of SMS notifications for each transaction.

4.10 Encumbered Assets [Article 9.1 (k) of the Regulations]
1. 4.10.1The Licensed Person is not permitted to encumber any of its assets without obtaining a Letter of No Objection from the Banking Supervision Department;
2. 4.10.2The Licensed Person must obtain the Letter of No Objection from the Banking Supervision Department before providing deposits to be held under a lien or encumbrance or as collateral deposits to banks/financial institutions in order to:
  1. a)obtain bank guarantees favouring the Central Bank for licensing purposes;
  2. b)obtain remittance arrangements with local or foreign institutions (via cash deposits or guarantees); and
  3. c)obtain any other type of facilities from financial institutions or banks.
3. 4.10.3Deposits for labour guarantee or utility services do not require the Licensed Person to obtain the Letter of No Objection from the Banking Supervision Department;
4. 4.10.4Deposits of excess cash with a bank or financial institution for a fixed term/period by the Licensed Person must be available for liquidation immediately on demand; and
5. 4.10.5The Licensed Person must not act as a guarantor or a facilitator of any other person, natural or juridical, to avail any credit facility for such person.

4.11 Profit Distribution [Article 9.1 (l) of the Regulations]
1. 4.11.1Distribution of net annual profit for any financial year to the Owner/Partners/Shareholders must be made only after the audit of financial statements for that year, subject to the conditions under Paragraphs 4.11.2 to 4.11.5 of this Chapter;
2. 4.11.2The distribution of net annual profit among Partners/Shareholders must be in accordance with the agreed profit sharing ratio;
3. 4.11.3The annual audit of such financial statements must be carried out by an External Auditor appointed in accordance with the Paragraph 7.3.2 of Chapter 7;
4. 4.11.4The Licensed Person must ensure sufficient liquidity in the business at all times in accordance with Paragraph 4.18 of this Chapter; and
5. 4.11.5The share of profit must be paid off to the Owner/Partners/Shareholders within fifteen (15) calendar days from the date of decision to distribute such profit. If not, the Central Bank reserves the right to treat such amounts as the current account balance of the Owner/Partners/Shareholders (Refer to Paragraph 4.12 of this Chapter).

4.12 Borrowing, Lending or Maintaining Current Accounts [Article 9.1 (m) of the Regulations]
1. 4.12.1The Licensed Person is not permitted to borrow from or lend money to or maintain a current account in the name of its owners, shareholders, partners, directors, managers, controllers, group companies, subsidiaries or customers; and
2. 4.12.2Salary advance by a Licensed Person to its employees is permitted subject to the following conditions:
  1. a)The maximum advance must not exceed the total of immediately preceding six (6) months’ gross salary of the employee; and
  2. b)Such advance must be made only towards employee’s housing expenses, medical expenses, education/training fees, air tickets or on other humanitarian grounds such as death/illness of an immediate family member.

4.13 Remittances Intermediate Account [Articles 9.1 (n) and (o) of the Regulations]
1. 4.13.1“Designated Remittance Intermediate Account” with a Bank:
  1. a)A Licensed Person who is in possession of a Category B or C license must maintain an account with a Bank licensed by the Central Bank of the UAE to be used exclusively as a “Designated Remittance Intermediate Account”;
  2. b)The Licensed Person who conducts remittance business must deposit the funds received from its remittance customers directly into the “Designated Remittance Intermediate Account” before the end of banking hours on the next business day (i.e. the next business day following the day on which the funds were received); and
  3. c)The Licensed Person must use the funds available in the “Designated Remittance Intermediate Account” solely for the purpose of settling the customers’ remittances with the foreign correspondents (i.e. correspondent banks, exchange houses, financial institutions or instant money transfer service providers).
2. 4.13.2Accounting Treatment:
  1. a)All outward remittance transactions must be initially recorded in a separate ledger account (in the General Ledger) titled as “Remittance Intermediate Account”;
  2. b)The Remittance Intermediate Account must be a separate control account in the General Ledger. The Licensed Person may maintain multiple sub accounts (either currency wise, country wise or correspondent wise at the discretion of the Licensed Person) under the above stated control account;
  3. c)Outward remittance transactions must be transferred to the respective ledger accounts of foreign correspondents (in the General Ledger) as and when the remittance instructions are issued (i.e. upon payment order transmission) to foreign correspondents;
  4. d)The remittance instructions must be issued to foreign correspondents only after prefunding the account, if the settlement is on a prefund basis; and
  5. e)An amount equal to the liabilities towards the remittance customers (i.e. the balance in the Remittance Intermediate Account in relation to unprocessed transactions) must be available at all times in the form of local currency, balances in the Designated Remittance Intermediate Account and foreign banks to cover the liabilities towards the remittance customers.
3. 4.13.3Agreed-Upon Procedures (AUP) on the Remittance Intermediate Account:
  1. a)External Auditors must perform Agreed-Upon Procedures (AUP) on the Remittance Intermediate Account and report their findings on a monthly basis to the Board of Directors (or to the Owner/Partners where there is no Board of Directors). Please refer to Appendix 6 for the minimum required Agreed-Upon Procedures to be performed by the External Auditor in this regard.
4. 4.13.4Exception:
  1. a)Standards related to the Remittance Intermediate Account are not applicable to remittance arrangements through instant money transfer service providers who do not require any prefunding by the Licensed Person to pay beneficiaries at the destination.

4.14 Renewal of License [Article 9.1 (r) of the Regulations]
1. 4.14.1Application for the renewal of a license must be submitted to the Licensing Division of the Banking Supervision Department at least two (2) months prior to the date of expiry of the license; and
2. 4.14.2In case, the Licensed Person exhibits major non-compliance with applicable Laws, Rules, Regulations, Notices and the Standards, then the Central Bank reserves the right to refuse the renewal of the license or to renew it for a period shorter than one (1) year.

4.15 Display of Licenses and List of Permitted Activities
1. 4.15.1A copy of the license issued by the Central Bank must be displayed in all licensed premises at a prominent location in addition to the commercial or trading license issued by the competent authority of the respective Emirate; and
2. 4.15.2The Licensed Person must also visibly display a list of its permitted activities (i.e. whether the Licensed Person offers Foreign Currency Exchange, Remittance Operations or Payment of Wages using WPS) at a prominent location inside as well as outside (closer to the main door) of all licensed premises.

4.16 Display of Working Hours
1. 4.16.1The working hours of branches/Head Office or Management Office must be visibly displayed at a prominent location inside as well as outside (closer to the main door) of the respective licensed premises.

4.17 Banknotes Import and Export from/to Foreign Institutions
1. 4.17.1The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department for establishing relationship with any foreign institution for importing and/or exporting of banknotes;
2. 4.17.2The Banking Supervision Department shall issue the Letter of No Objection based on the merit of each application from the Licensed Person provided that the following requirements are satisfied:
  1. a)Minimum paid-up capital of the Licensed Person and the bank guarantee favouring the Central Bank is:
    - •AED 50 million in case of Limited Liability Companies; and
    - •AED 10 million in other cases.
  2. b)The risk grading awarded to the Licensed Person by the Central Bank must be either Low or Medium.
3. 4.17.3The Licensed Person must provide the following information/documents along with the application for the Letter of No Objection:
  - •The full legal name and address of the foreign institution;
  - •Draft copy of the bilateral agreement;
  - •Nature of the intended business, whether it is import or export of banknotes or both;
  - •Purpose of importing banknotes from the respective foreign institution;
  - •Source of banknotes exported to the respective foreign institution;
  - •Separate list of currencies to be imported and/or exported from/to the respective foreign institution and the projected annual value for each currency for next three (3) years;
  - •Expected number of shipments (separately for import and export) per year and projected value of each shipment in local currency for next three (3) years;
  - •Confirmation that the Enhanced Due Diligence has been carried out on the respective foreign institution; and
  - •List of similar existing arrangements and the current yearly volume and value of business in each currency for each entity.
4. 4.17.4Import or export of banknotes must be made only from/to an institution which is a licensed financial institution from a well regulated jurisdiction;
5. 4.17.5The Licensed Person must carry out the Enhanced Due Diligence, in accordance with Paragraph 16.11.2 of Chapter 16, on such foreign institutions before requesting for the Letter of No objection from the Banking Supervision Department;
6. 4.17.6The Licensed Person must have appropriate agreements with such foreign institutions containing suitable clauses to cover all risks associated with importing and exporting of banknotes;
7. 4.17.7The Licensed Person must complete the settlement for each shipment, whether import or export, within a period of seven (7) business days from the date of receiving/dispatching the shipment;
8. 4.17.8The validity of the Letter of No Objection issued by the Banking Supervision Department is for a maximum period of three (3) years. The Central Bank reserves the right to restrict the validity of such Letter of No Objection for a period less than three (3) years depending on the risk grading of the Licensed Person; and
9. 4.17.9The Central Bank reserves the right, if it deems appropriate, to restrict the use of imported banknotes to be sold via own branches of the Licensed Person to its retail customers and not for supplying to other Licensed Persons or Financial Institutions that are operating inside or outside the UAE.

4.18 Liquidity of the Business
1. 4.18.1Current assets of a Licensed Person must be at least 1.2 times of the current liabilities at all times;
2. 4.18.2Current assets in this context consists of the following items from the Balance Sheet:
  1. a)Cash in hand (i.e. local and foreign currency stocks);
  2. b)Balances with banks (i.e. local and foreign bank balances);
  3. c)Receivables from the other financial institutions (local and foreign);
  4. d)Cheques which are within the validity period of six (6) months from the date of issue (i.e. valid cheques) received from the customers; and
  5. e)Unencumbered fixed deposits with banks or financial institutions with a remaining maturity period of less than three (3) months.
3. 4.18.3Item (c) of Paragraph 4.18.2 of this Chapter must be recoverable and are not dormant or inactive during the past thirty (30) calendar days;
4. 4.18.4For the computation of the current assets, the following items must not be considered:
  1. a)Post-dated cheques;
  2. b)Pre-payments;
  3. c)Mandatory deposits such as deposits for utility services, labor guarantee, etc.;
  4. d)Deposits under lien of any kind;
  5. e)Deposits which cannot be liquidated upon demand; and
  6. f)Debit balances in the current account of the owners, directors, controllers, managers, employees, customers, etc., if any (Refer to Paragraph 4.12 of this Chapter).
5. 4.18.5Current liabilities in this context consists of the following items from the Balance Sheet:
  1. a)Liabilities towards customers for any outward remittances (local and foreign including the amount of unclaimed funds);
  2. b)Sundry Creditors;
  3. c)Accruals;
  4. d)Liabilities towards the beneficiaries of the inward remittances if the funds are received by the Licensed Person;
  5. e)Liabilities related to WPS;
  6. f)Amounts payable to banks and other financial institutions upon demand or payable within three (3) months - local and foreign;
  7. g)Any valid cheques issued by the Licensed Person which is not netted off against the bank balance; and
  8. h)Credit balances in the current account of the owners, directors, controllers, managers, employees, customers, etc., if any (Refer to Paragraph 4.12 of this Chapter).
6. 4.18.6For the computation of current liabilities, the following items must not be considered:
  1. a)Post-dated cheques;
  2. b)Any kind of provisions including the provision for gratuity, leave salary, air tickets for the employees, annual maintenance contracts, etc.; and
  3. c)Amounts payable after three (3) months to banks and other financial institutions - local and foreign.

4.19 Equity and Minimum Paid-up Capital Requirements
1. 4.19.1Total Equity of the Licensed Person must not fall below the minimum required paid-up capital as stipulated in Paragraph 2.3 of Chapter 2;
2. 4.19.2Total Equity includes:
  1. a)Paid-up Capital;
  2. b)Statutory/Legal Reserves;
  3. c)General Reserves or any other Reserves of similar nature;
  4. d)Current year profits or losses (i.e. profits to be added and losses to be deducted); and
  5. e)Retained earnings/accumulated profits or losses (i.e. retained earnings/profits to be added and losses to be deducted).
3. 4.19.3Debit balance in the current account of the owner/partners/shareholders, if any, must be deducted from the Total Equity;
4. 4.19.4Where the Total Equity falls below the minimum required paid-up capital, the Licensed Person must inject additional paid-up capital to balance the equity position after obtaining a Letter of No Objection from the Banking Supervision Department. Such injection of additional paid-up capital must be made within six (6) months from the date when the equity falls below the minimum required paid-up capital; and
5. 4.19.5In the case of a newly established business, the Licensed Person is entitled for a grace period of one (1) year from the date of commencement of the business before being required to inject additional paid-up capital to comply with the requirements of Paragraph 4.19.4 of this Chapter, unless specifically instructed by the Central Bank to do so.

4.20 Authorized Signatories
1. 4.20.1The authorized signatory who signs correspondence (i.e. letters, requests for various purpose etc.) with the Central Bank must possess a Power of Attorney (PoA) from the Licensed Person or its Owner/Partners/Shareholders with exemptions under Paragraphs 4.20.3 and 4.20.4 of this Chapter, unless such person is the sole owner of the Licensed Person;
2. 4.20.2The Central Bank will not act on or respond to any correspondence signed by parties other than authorized signatories having Power of Attorney in accordance with Paragraph 4.20.1 of this Chapter;
3. 4.20.3The Compliance Officer of the Licensed Person may sign responses to ‘Search’ or ‘Search and Freeze’ notices from the Central Bank. The Suspicious Transaction Reports (STR) must be signed by the Compliance Officer at all times;
4. 4.20.4The Licensed Person or its authorized signatory may delegate the authority to other employees of the Licensed Person to sign the periodical returns/reports (such as monthly, quarterly, bi-annual or annual returns) to be submitted to the Central Bank. The Licensed Person and its authorized signatory shall retain the responsibility for the accuracy of all such returns even after the delegation;
5. 4.20.5The Licensed Person or its Board of Directors (or the Owner/Partner where there is no Board of Directors) must not grant a Power of Attorney of any kind to any party other than a full time employee, Director of the Board, Partner or a Shareholder of the Licensed Person; and
6. 4.20.6The Licensed Person or its Board of Directors (or the Owner/Partner where there is no Board of Directors) must not authorize any party other than a full time employee, Director of the Board, Partner or a Shareholder of the Licensed Person to act as an authorized signatory of its local or foreign bank account.

4.21 Reporting to the Central Bank
1. 4.21.1The Licensed Person may refer to Appendix 3 of the Standards for the list of returns/reports to be submitted to the Central Bank;
2. 4.21.2The Licensed Person must submit all returns/reports to the Central Bank on or before the reporting deadlines; and
3. 4.21.3The Licensed Person must obtain access to the Central Bank reporting portals, such as Daily Remittances Reporting System, IRR System (Integrated Regulatory Reporting System), Suspicious Transaction Reporting System, etc. for the submission of periodical online reports.

4.22 Business Plans and Budgets
1. 4.22.1A short term business plan, called the “Budget”, must be agreed and approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors) at the beginning of each financial year;
2. 4.22.2A comparison of actual performance against budgets must be performed at the end of every financial year, at a minimum, and variances must be analysed to identify the events that led to the actual performance deviating from the budget; and
3. 4.22.3The Licensed Person must also have a long term business plan, preferably for a period of three to five (3 to 5) years, approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors).

4.23 UAE National Employment Programs or Emiratisation
1. 4.23.1The Licensed Person must ensure that the number of their UAE National employees is not less than 10% of the total number of employees or one UAE national employee in each office/branch, whichever is higher;
2. 4.23.2All UAE National employees must be registered with Ministry of Labor and General Pension and Social Security Authority;
3. 4.23.3The Licensed Person may deduct the number of ancillary staff (such as drivers, office boys, cleaning staff, security staff, etc.) from the total number of employees for the computation of 10% of the total number of employees; and
4. 4.23.4The Central Bank reserves the right to issue Regulations regarding Emiratisation in the Financial Industry from time to time. The Licensed Persons must comply with such future Regulations as and when the same are issued.

4.24 Opening of Subsidiaries and Offices
1. 4.24.1The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department to invest in or to open subsidiaries or offices of any kind, whether outside or inside the UAE; and
2. 4.24.2The paid-up capital of the Licensed Person after netting off investments in such subsidiaries or offices must not fall below the minimum required paid-up capital as stipulated in Paragraph 2.3 of Chapter 2.

4.25 Investigations and Litigation
1. 4.25.1The Licensed Person must immediately inform the Banking Supervision Department if it becomes aware that the Licensed Person or its Owner/Partners/Shareholders, Director of the Board, employees or subsidiaries is/are the subject of an investigation of criminal nature by a local or foreign investigating agency;
2. 4.25.2The Licensed Person must immediately inform the Banking Supervision Department if it becomes aware that it is a party to any litigation whether civil or criminal in nature; and
3. 4.25.3The Licensed Person must maintain appropriate registers and records related to such investigations and litigations.

4.26 Compliance with Laws and Regulations
The Standards for the Regulations Regarding Licensing and Monitoring of Exchange Business
1. 4.26.1The Licensed Person must comply with all applicable Laws (examples: Labor Law, Commercial Companies Law, etc.), Rules and Regulations of the UAE in addition to the Standards and Notices issued by the Central Bank at all times.

4.27 Responses to the ‘Search’ or ‘Search and Freeze’ Notices
1. 4.27.1The Licensed Person must respond to the ‘Search’ or ‘Search and Freeze’ notices from the Central Bank and other Enforcement Authorities within the time frame provided in such notices; and
2. 4.27.2Appropriate evidence must be held in a separate file in order for the Central Bank Examiners to confirm the status of compliance with this requirement.

4.28 AED Settlement via UAEFTS
1. 4.28.1The Licensed Person must settle all transactions within the UAE in AED only via UAEFTS;
2. 4.28.2The Licensed Person may request the Banking Supervision Department for access to UAEFTS; and
3. 4.28.3The Central Bank will provide access to UAEFTS only if the systems of the Licensed Person meets the UAEFTS requirements.

4.29 Gifts and Entertainments
1. 4.29.1The Licensed Person, its Owner/Partners/Shareholders, Directors on the Board, management or employees must not offer gifts (whether in cash or in kind) and entertainments to or attempt to influence employees of the Central Bank in any manner.

4.30 Pricing Changes
1. 4.30.1The Licensed Person must seek a Letter of No Objection from the Central Bank and provide a solid business case to support the pricing initiative prior to introducing new pricing or increasing pricing for products related to their licensed activities.

Chapter 5: Central Bank Examinations

Introduction
The Central Bank reserves the right to undertake an examination at a Licensed Person at any time when it deems it appropriate. This chapter provides information on the Central Bank examinations and responsibilities of the Licensed Person in relation to such examinations.

5.1 Types and Scope of Examinations
1. 5.1.1The type and scope of an examination will be determined by the Central Bank on a case by case basis. There are three types of examinations and they are discussed under Paragraphs 5.1.2 to 5.1.4 of this Chapter:
2. 5.1.2Full Scope Examination
  1. a)A full scope examination is primarily meant to cover all aspects of the business of a Licensed Person such as financial and non-financial in addition to the compliance with all applicable Laws, Rules, Regulations, Notices and the Standards;
  2. b)The time frame to complete a full scope examination is usually between seven to fourteen (7 to 14) business days depending on the nature, size and complexity of the business of the Licensed Person; and
  3. c)Findings of a full scope examination will be communicated to the Licensed Person through an appropriate Transmittal Letter.
3. 5.1.3Fast Track Examination
  1. a)A fast track examination is a quick examination which will be completed within a short period of two to three (2 to 3) business days depending on the nature, size and complexity of the business of the Licensed Person;
  2. b)A fast track examination is meant to assess the level of compliance of a Licensed Person with high level requirements of all applicable Laws, Rules, Regulations, Notices and the Standards; and
  3. c)Findings of a fast track examination will be communicated to the Licensed Person through an appropriate Transmittal Letter.
4. 5.1.4Special Examination
  1. a)The Central Bank reserves the right to undertake special examinations or surprise examinations at any time, if it deems necessary;
  2. b)The scope and the timeframe of special examinations will be decided by the Central Bank on a case by case basis; and
  3. c)The Central Bank reserves the right to decide whether findings of such examinations need to be communicated to the Licensed Person or not.

5.2 Preparation for the Examination
1. 5.2.1The ultimate responsibility to prepare for the Central Bank examination lies with the Manager in Charge of the Licensed Person;
2. 5.2.2The Licensed Person must give special attention to Paragraphs 5.2.2 (a) to (d) of this Chapter in relation to the preparation for an examination:
  1. a)The Licensed Person must prepare and keep all information or documents ready within the timeline provided by the Central Bank;
  2. b)The Licensed Person must provide appropriate work space within its premises and full assistance to the Central Bank Examiners in order to carry out the examination;
  3. c)The Manager in Charge or any other authorized person of the Licensed Person must be available at all times to answer the queries of the Central Bank Examiners; and
  4. d)The Compliance Officer and the Accountant must be present at the time when the Central Bank Examiners review their respective functions.

5.3 Transmittal Letter
1. 5.3.1The Transmittal Letter is the official communication from the Central Bank to the Licensed Person which contains all findings of an examination;
2. 5.3.2The objective of issuing a Transmittal Letter is to inform the Licensed Person about the areas of non-compliance noted by the Central Bank Examiners during an examination;
3. 5.3.3Transmittal Letters are issued after full scope or fast track examinations provided that there are observations related to non-compliance with applicable Laws, Rules, Regulations Notices and the Standards;
4. 5.3.4The Transmittal Letter is normally divided into several sections, such as, (a) Major Issues (b) Violations under the Regulations and the Standards (c) Violations under AML/CFT Regulations (d) Reporting Issues (e) Operational and Control Issues and (f) Other Issues; and
5. 5.3.5The risk grading awarded to the Licensed Person, whether it is low, medium, high, very high or unacceptable, and details of predefined parameters based on which the overall risk grading is calculated will be indicated in the Transmittal Letter.

5.4 Response to the Transmittal Letter
1. 5.4.1The Licensed Person must provide its response in writing for each finding in the Transmittal Letter within the time frame provided by the Central Bank;
2. 5.4.2The response from a Licensed Person must include the detailed plan of action on how and when the findings of a Transmittal Letter will be resolved;
3. 5.4.3If no specific time frame is provided by the Central Bank, then the Licensed Person must submit its response within thirty (30) calendar days from date of issue of the Transmittal Letter; and
4. 5.4.4The response to the Transmittal Letter must be submitted in original hard copy under the signature of the authorized signatory of the Licensed Person to the Supervision & Examination Division of the Banking Supervision Department.

5.5 Action Plans and Follow-up Examinations
1. 5.5.1The Central Bank shall review responses and action plans received from the Licensed Person; and
2. 5.5.2The Central Bank reserves the right to conduct follow up examinations in order to assess the progress of the Licensed Person in resolving the examination findings.

5.6 Meetings
1. 5.6.1The Central Bank reserves the right to call the Manager in Charge, Compliance Officer, Functional Heads, Directors of the Board or Shareholders/the Owner/Partners of the Licensed Person for a meeting to discuss the examination findings;
2. 5.6.2Such meetings may be held either before the issue of Transmittal Letters (known as Exit Meetings) or after the issue of Transmittal Letters (known as Follow-up Meetings); and
3. 5.6.3The Licensed Person must attend such meetings without fail.

B. Management and Governance Standards

Chapter 6: Management and Corporate Governance

Introduction
Corporate governance broadly refers to mechanisms and processes by which the Licensed Person is managed, controlled and directed. Governance structures and principles identify the distribution of powers and responsibilities within the management structure of a Licensed Person. This chapter provides standards on how to organize the Management and Governance framework of a Licensed Person.

6.1 Head Office
1. 6.1.1The Licensed Person must have a Head Office within the UAE where the Manager in Charge and other functional heads must be based to carry out their responsibilities;
2. 6.1.2All files and physical records of the Licensed Person, whether they are related to the incorporation, governance, customers, transactions, accounting, employees, etc., must be available in the Head Office or otherwise accessible during the Central Bank examination;
3. 6.1.3The Central Bank expects the Licensed Person to maintain its Head Office at the same address as mentioned in the main license (or the first license) unless otherwise agreed by the Central Bank in writing;
4. 6.1.4The Head Office must not be located in a free zone or any other place (such as inside an Airport) where the free entry is restricted for the Central Bank Examiners to visit such office at any time to conduct an examination; and
5. 6.1.5The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department in order to re-locate the Head Office from its approved location to another location.

6.2 Management Office
1. 6.2.1The Licensed Person may open a separate Management Office, after obtaining a Letter of No Objection from the Banking Supervision Department, to be used for the same purposes as mentioned under Paragraphs 6.1.1 and 6.1.2 of this Chapter in case the Head Office does not have sufficient space;
2. 6.2.2The Licensed Person is not permitted to carry out Exchange Business from its Management Office unless otherwise approved by the Central Bank in writing; and
3. 6.2.3Conditions under Paragraphs 6.1.4 and 6.1.5 of this Chapter are also applicable to the Management Office of a Licensed Person.

6.3 Organisational Structure
1. 6.3.1The organizational structure of the Licensed Person must be approved by its Board of Directors (or by the Owner/Partners where there is no Board of Directors); and
2. 6.3.2The organizational structure must reflect reporting lines of the Manager in Charge, Compliance Officer and other functional heads and must be free from any conflict of interests to ensure functional independence.

6.4 Appointment of the Manager in Charge
1. 6.4.1The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department prior to the appointment of its Manager in Charge by submitting a duly completed APA Form (Refer to Appendix 5 for this Form) along with all required documents to the Banking Supervision Department;
2. 6.4.2The Central Bank shall conduct a fit and proper test on the proposed Manager in Charge before issuing the Letter of No Objection. The Central Bank reserves the right to:
  1. a)interview the proposed Manager in Charge as part of the fit and proper test; and
  2. b)issue or decline the approval for the proposed Manager in Charge.
3. 6.4.3In case the prior approval is rejected by the Central Bank, the Licensed Person must propose a new Manager in Charge within the timeline provided by the Central Bank in the Letter of Rejection. If a specific timeline is not provided in the Letter of Rejection, then the Licensed Person must propose a new Manager in Charge within a period of one hundred and eighty (180) calendar days from the date of Letter of Rejection.
4. 6.4.4Minimum Qualification and Experience of the Manager in Charge:
  1. a)If the Licensed Person is in possession of a Category A License:
    - •A minimum of five (5) years of experience within any financial institution(s), of which at least two (2) years in senior management position(s), such as head of a core function, Manager in Charge, General Manager/CEO or member of the Board of Directors; and
    - •Sound knowledge of all applicable Laws, Rules, Regulations, Notices and the Standards related to Exchange Business in the UAE.
  2. b)If the Licensed Person is in possession of either a Category B or Category C License:
    - •A minimum of eight (8) years of experience within any financial institution(s), of which at least four (4) years in a senior management position(s), such as head of a core function, Manager in Charge, General Manager/CEO or member of the Board of Directors;
    - •Sound knowledge of all applicable Laws, Rules, Regulations, Notices and the Standards related to Exchange Business in the UAE; and
    - •Preference may be given to those with a Bachelor degree or higher in any discipline.
5. 6.4.5Employment Type and Residential Status of the Manager in Charge:
  1. a)The Manager in Charge must be a full time employee of the Licensed Person;
  2. b)The Manager in Charge is not permitted to hold any position or responsibility or role in or on behalf of any other entity or business, whether inside or outside the UAE;
  3. c)The Manager in Charge must be a resident in the UAE; and
  4. d)Foreign national must be under the employment visa of the Licensed Person when employed as a Manager in Charge.
6. 6.4.6Responsibilities of the Manager in Charge:
  1. a)The Manager in Charge is responsible for the effective management of all aspects/activities of a Licensed Person.
7. 6.4.7Resignation of the Manager in Charge and notification to the Central Bank:
  1. a)The Licensed Person must notify the Banking Supervision Department, within five (5) working days, in case the Manager in Charge resigns or vacates the office in any other manner with reasons thereof via email to: info.ehs@cbuae.gov.ae;
  2. b)The Licensed Person must also provide, in the above notification email, the contact details of an alternate person (i.e. Interim Manager in Charge) who will be responsible for managing the business until the position of the Manager in Charge is permanently filled in; and
  3. c)A permanent replacement must be appointed after obtaining a Letter of No Objection from the Banking Supervision Department within a period of one hundred and eighty (180) calendar days from the date when the position of the Manager in Charge falls vacant (Refer to Paragraphs 6.4.1, 6.4.2 and 6.4.3 of this Chapter).
8. 6.4.8Removal of the Manager in Charge:
  1. a)The Central Bank reserves the right to remove the Manager in Charge of a Licensed Person at its sole discretion;
  2. b)The Licensed Person, in such cases, must comply with Paragraphs 6.4.7 (b) and 6.4.7 (c) of this Chapter; and
  3. c)The Central Bank reserves the right to communicate or not to communicate the reasons to the Licensed Person for its decision to remove the Manager in Charge.

6.5 Functional Heads
1. 6.5.1The Functional Heads must possess appropriate qualifications and experience required to carry out their responsibilities.

6.6 Appointment of a Compliance Officer and an Alternate Compliance Officer
1. 6.6.1The Licensed Person must appoint a Compliance Officer and an Alternate Compliance Officer who will be primarily responsible for its AML compliance function; and
2. 6.6.2The Licensed Person must refer to Paragraphs 16.4 and 16.5 of Chapter 16 for additional standards regarding the appointment of the Compliance Officer and the Alternate Compliance Officer.

6.7 Constitution of the Board of Directors and its Responsibilities
1. 6.7.1The Licensed Person must appoint a Board of Directors, if required by the prevailing Commercial Companies Law of the UAE;
2. 6.7.2Qualifications and Experience of Directors of the Board:
  1. a)A minimum of eight (8) years of experience within any financial institution(s), of which at least five (5) years in senior management position(s), such as head of a core function, Manager in Charge, General Manager/CEO or as member of the Board of Directors;
  2. b)Knowledge of all applicable Laws, Rules, Regulations, Notices and the Standards related to Exchange Business in the UAE;
  3. c)Preference may be given to those with a Bachelor degree or higher in any discipline; and
  4. d)The Licensed Person’s Shareholders, Partners and their immediate family members (i.e. father, mother, brother, sister, children or grandchildren, in laws, etc.) are eligible to become Directors on the Board regardless of their qualifications and experience (i.e. Paragraphs 6.7.2 (a) to (c) of this Chapter are not applicable in these cases).
3. 6.7.3Residential Status of Directors of the Board:
  1. a)The majority of Directors of the Board (i.e. more than 50% of Directors of the Board) must be resident in the UAE.
4. 6.7.4The Roles and Responsibilities of the Board of Directors:
  1. a)The Board of Directors is responsible for the oversight of all activities of the Licensed Person;
  2. b)The Board of Directors is also responsible to appoint and monitor the performance of the Manager in Charge in addition to the following:
    - •Maintain honesty, integrity and transparency throughout the business activities;
    - •Ensure that a robust and independent compliance function is established and maintained;
    - •Ensure that appropriate AML/CFT compliance and other related policies are implemented;
    - •Ensure that actions are taken by the relevant stakeholders to resolve internal/external audit findings and regulatory compliance issues including AML compliance in a timely manner;
    - •Ensure that sufficient time, freedom, resources, systems and tools are available for the Manager in Charge and Compliance Officer to fulfil their responsibilities effectively;
    - •Ensure that an internal audit function is established and maintained; and
    - •Review the effectiveness of the internal audit function at the end of every year.
5. 6.7.5The Resignation or Termination of Director of the Board:
  1. a)Upon the resignation or termination of a Director of the Board, a permanent replacement must be appointed within one hundred and twenty (120) calendar days from the date when the position of a Director of the Board falls vacant; and
6. 6.7.6In case a Licensed Person does not have any obligation to appoint a Board of Directors as per the prevailing Commercial Companies Law of the UAE, its Owner or Partners must be responsible for carrying out the responsibilities under Paragraph 6.7.4 of this Chapter.

6.8 Board Meetings, Shareholders Meeting and other Meetings:
1. 6.8.1Shareholders must meet at least once every year to approve the External Auditors’ report and financial statements for the previous financial year, annual budgets, appointment of External Auditors for the current financial year etc.;
2. 6.8.2The Board of Directors must meet at regular intervals, in accordance with the provisions of the prevailing Commercial Companies Law of the UAE, with a pre-agreed agenda to discuss all aspects of the business activities with the Manager in Charge, Compliance Officer and other functional heads;
3. 6.8.3Where the Licensed Person does not have a Board of Directors, the Owner/Partners, Manager in Charge, Compliance Officer and other functional heads must meet at least once in six (6) months to discuss all aspects of the business; and
4. 6.8.4The minutes of above meetings must be available for the verification of the Central Bank Examiners.

6.9 Committees
1. 6.9.1The Licensed Person, irrespective of its legal form or constitution, must constitute at least two committees as per Paragraphs 6.9.2 and 6.9.3 of this Chapter;
2. 6.9.2An Audit Committee must be constituted in order to:
  1. a)recommend the name(s) of appropriate External Auditors for the approval of the Board of Directors (or of the Owner/ Partners where there is no Board of Directors) to carry out the annual financial audit;
  2. b)review and ensure that the Internal Audit Charter and the Internal Audit Plan are appropriate to the nature, size and complexity of the business prior to obtaining approval from the Board of Directors (or from the Owner/Partners where there is no Board of Directors);
  3. c)review all internal/external audit reports, management letters, etc.;
  4. d)review action plans to address findings of the internal/external reports; and
  5. e)provide updates about various matters mentioned under Paragraphs 6.9.2 (a) to (d) of this Chapter to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).
3. 6.9.3A Compliance Committee must be constituted in order to:
  1. a)recommend the name(s) of appropriate External Auditors for the approval of the Board of Directors (or of the Owner/Partners where there is no Board of Directors) to perform an Agreed-Upon Procedures on the AML/CFT compliance function annually;
  2. b)review various ML/FT risks associated with the business and confirm that appropriate policies, procedures, controls, resources, etc. are in place to mitigate such risks;
  3. c)periodically review resources, systems and tools available to the Compliance Officer and ensure that they are appropriate to the nature, size and complexity of the business;
  4. d)review recommendations from the Annual Report of the Compliance officer;
  5. e)review findings of internal audit, independent review of the AML/CFT compliance function by External Auditors, the Central Bank examinations and all related action plans; and
  6. f)provide updates about various matters mentioned under Paragraphs 6.9.3 (a) to (e) of this Chapter to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).
4. 6.9.4Composition of Committees:
  1. a)The Audit Committee must include the following members at a minimum:
    - •at least one Director of the Board or the Owner or at least one Partner;
    - •Manager in Charge;
    - •Internal Auditor; and
    - •Any other functional heads, if the Licensed Person deems it necessary.
  2. b)The Compliance Committee must include the following members at a minimum:
    - •at least one Director of the Board or the Owner or at least one Partner;
    - •Manager in Charge;
    - •Compliance Officer;
    - •Alternate Compliance Officer; and
    - •Any other functional heads, if the Licensed Person deems it necessary.
5. 6.9.5Committees must meet at least once in every quarter and minutes of such meetings must be available for the verification of the Central Bank Examiners.

Chapter 7: Accounts and Audit

Introduction
The Standards for the Regulations Regarding Licensing and Monitoring of Exchange Business
The Licensed Person must maintain appropriate books of accounts that reflect the true and fair view of its financial position at any point in time. This chapter provides standards to be maintained on Accounting and Auditing functions of the Licensed Person.

7.1 Accountant
1. 7.1.1Appointment of an Accountant
  1. a)The Licensed Person must appoint an Accountant who is primarily responsible to maintain appropriate books of accounts and prepare periodical financial reports for submission to the Central Bank;
  2. b)The job title of the Accountant may vary at the discretion of the Licensed Person, for example Accounts Manager, Chief Accountant, etc.; and
  3. c)The Accountant must possess sufficient knowledge and appropriate experience to deal with all issues related to the bookkeeping, financial accounting, reporting to the Central Bank and to manage the annual audit of the books of accounts by External Auditors.
2. 7.1.2Accountant’s Responsibilities (the list is not exhaustive)
  1. a)Ensure accuracy and completeness in the bookkeeping and financial accounting;
  2. b)Arrange to submit accurate regulatory reports, such as monthly returns, quarterly returns, monthly remittance reports, audited financial statements, etc. within the submission deadlines to the Central Bank;
  3. c)Obtain statements related to remittances, foreign currency export/import, hedge accounts or special products/services from banks, remittance partners or other relevant institutions/partners to perform reconciliation of balances on a regular basis, preferably daily;
  4. d)Investigate differences identified during the reconciliation process and report all unreconciled items to the Manager in Charge immediately;
  5. e)Assess the amount of unclaimed funds as on the last day of every month; and
  6. f)Assess the liquidity position and capital adequacy on a regular basis to inform the Manager in Charge.
3. 7.1.3Books of Accounts
  1. a)The Licensed Person must maintain comprehensive and accurate books of accounts and supporting records that reflect its correct liquidity/financial positions at all times;
  2. b)The books of accounts and other records must be available within the UAE at all times and for the examination by the Central Bank;
  3. c)The Licensed Person must introduce automated books of accounts in order to generate periodical Central Bank returns with the aid of suitable accounting software; and
  4. d)The systems of the Licensed Person must be capable of generating appropriate reports related to the foreign currency exchange and remittance transactions at any point in time and for any period. Such reports must provide the below information at a minimum:
    - •Number, total value and average value of transactions for each product;
    - •Number, total value and average value of foreign currency exchange transactions for each currency;
    - •Number, total value and average value of outward/inward money transfers to/from each correspondent, country and for each currency; and
    - •Number, total value and average value of outward/inward money transfers via instant money transfer service providers to/from each service provider, country and for each currency.

7.2 Internal Audit
1. 7.2.1Appointment of Internal Auditor
  1. a)The Licensed Person must appoint an Internal Auditor who is responsible to carry out regular audits across all aspects of its business; and
  2. b)The Internal Auditor must possess sufficient knowledge and appropriate experience to deal with all issues related to internal audit.
2. 7.2.2Scope of the Internal Audit
  1. a)The Licensed Person must have an Internal Audit Charter, that clearly states the purpose, scope and reporting lines of the Internal Auditor;
  2. b)The Internal Audit Charter must be reviewed by the Audit Committee and then approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors);
  3. c)The Internal Auditor must adhere to relevant auditing standards and code of ethics that are applicable to the internal audit profession;
  4. d)All business activities of the Licensed Person, core functions, non-core functions, branches, Head Office, Management Office (if any), reconciliation process, unreconciled items, unclaimed funds, liquidity, capital adequacy, etc. must be covered under the scope of internal audit in addition to the AML and regulatory compliance;
  5. e)The Internal Auditor must be given access to employees, data and records which may reasonably be required to fulfil all responsibilities;
  6. f)The Internal Auditor must be informed, on a timely basis, of any changes in the applicable Regulations, the Standards and the Licensed Person’s policies or procedures;
  7. g)The Internal Auditor must prepare the Annual Internal Audit Plan after discussing with the Audit Committee and obtain the approval of the Board of Directors (or of the Owner/Partners where there is no Board of Directors) at the beginning of each financial year;
  8. h)The Annual Internal Audit Plan must contain timelines for each internal audit, internal audit reporting deadlines, allocation of resources, areas to be audited, follow up audit plans etc.;
  9. i)Internal audits must be performed in accordance with the Annual Internal Audit Plan and the Board of Directors (or the Owner/Partners where there is no Board of Directors) must ensure that internal audit findings are addressed in a timely manner; and
  10. j)The Internal Audit Charter and Plan must be reviewed by the Audit Committee at the end of each year to assess the effectiveness of the internal audit function and a summary of such reviews must be presented to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).
3. 7.2.3Internal Audit Reporting Lines
  1. a)The Internal Auditor must report directly to the Board of Directors (or to the Owner/Partners where there is no Board of Directors); and
  2. b)Copies of all internal audit reports and corrective actions taken by the Manager in Charge must be available for verification by the Central Bank Examiners.
4. 7.2.4Independence and Conflict of Interest
  1. a)The Internal Auditor’s role must be handled by a dedicated resource and must not be combined with any other function of the Licensed Person; and
  2. b)The Internal Auditor must bring any matter affecting their independence such as creating any conflict of interest or limiting the scope of internal audit, restricting access to any information, etc. to the attention of the Board of Directors (or of the Owner/Partners where there is no Board of Directors).

7.3 External Audit
1. 7.3.1Appointment of External Auditor
  1. a)The Licensed Person must appoint an External Auditor after obtaining a Letter of No Objection from the Banking Supervision Department for each financial year to audit its books of accounts and the financial statements;
  2. b)The Central Bank reserves the right to appoint an External Auditor at its sole discretion to audit the books of accounts of the Licensed Person for any financial year in the following cases:
    - •The Licensed Person had failed to obtain the Letter of No Objection from the Banking Supervision Department to appoint an External Auditor; and
    - •The Licensed Person had appointed an External Auditor contrary to instructions from the Banking Supervision Department.
  3. c)The Central Bank reserves the right to appoint additional External Auditors where it deems it appropriate, reasonable and necessary;
  4. d)In all cases of appointments as per Paragraphs 7.3.1 (a) to (c) of this Chapter, the audit fee payable to External Auditors must be paid by the Licensed Person; and
  5. e)The Central Bank reserves the right to instruct External Auditors to submit the audit report, financial statements and any other relevant information directly to the Central Bank if it deems it necessary.
2. 7.3.2Approval Process to Appoint the External Auditor
  1. a)The Licensed Person must submit the request for the Letter of No Objection to the Banking Supervision Department on or before 31^st May of each financial year; and
  2. b)The request letter must be signed by the authorised signatory of the Licensed Person and accompanied by the following documents:
    - •duly completed Form BSD IIIA & IIIB which must be signed by the proposed External Auditor; and
    - •a copy of the professional license of the proposed External Auditor.
3. 7.3.3Rotation of External Auditors
  1. a)The Licensed Person is permitted to appoint the same External Auditor to audit its books of accounts and financial statements for a maximum period of six (6) consecutive financial years provided that the following conditions are fulfilled:
    - •A Letter of No Objection from the Banking Supervision Department is obtained to appoint the same External Auditor for each financial year; and
    - •The audit partner is changed after a maximum period of three (3) consecutive financial years.
  2. b)After six (6) consecutive financial years, the Licensed Person must appoint a different External Auditor for a minimum period of one (1) financial year after obtaining a Letter of No Objection from the Banking Supervision Department in accordance with Paragraph 7.3.2 of this Chapter;
  3. c)In case the External Auditor is unable to change the audit partner after a period of three (3) consecutive financial years as required under Paragraph 7.3.3 (a) of this Chapter, the Licensed Person must appoint a different External Auditor for a minimum period of one (1) financial year after obtaining a Letter of No Objection from the Banking Supervision Department in accordance with Paragraph 7.3.2 of this Chapter;
  4. d)An External Auditor appointed for a period of less than one (1) year, usually for a start-up business, will be considered as one (1) full financial year for the purpose of calculating the limit of six (6) consecutive financial years under Paragraph 7.3.3 (a) of this Chapter; and
  5. e)The limit of six (6) consecutive financial years shall be applied retrospectively, starting from the financial year 2012.
4. 7.3.4Auditors’ Report and Financial Statements
  1. a)Audited Financial Statements and the Auditors’ Report for any financial year must be submitted to the Banking Supervision Department on or before 31^st March of the following year;
  2. b)External Auditors must expressly state their views on the following matters in the Auditors’ Report in addition to their audit opinion:
    - •Whether the Licensed Person has kept regular books of accounts and it was available in the UAE during the audit;
    - •Whether suitable accounting software has been implemented in accordance with Paragraphs 7.1.3 (c) and (d) of this Chapter; and
    - •Whether there is any major breach of the Regulations or the Standards applicable to Exchange Business.
  3. c)Where the Licensed Person has Subsidiaries, whether inside or outside the UAE, the Consolidated Financial Statements and Auditors’ Report must be submitted to the Central Bank within six (6) months from the end of each financial year;
  4. d)External Auditors must directly report to the Banking Supervision Department, if there are any serious violations or breaches of applicable Laws, Rules, Regulations, Notices and the Standards or deficiencies/manipulations in the books of accounts which comes to its attention during the course of audit engagement; and
  5. e)An External Auditor issuing a report under Paragraph 7.3.4 (d) of this Chapter to the Banking Supervision Department, in good faith, shall bear no liability to the Licensed Person or to its Owner, Partners, Shareholders or any other party for the breach or alleged breach of confidentiality.
5. 7.3.5The Management Letter
  1. a)The Licensed Person must request the External Auditor to issue a Management Letter highlighting all deficiencies in its internal controls along with recommendations for the mitigation of such deficiencies;
  2. b)The Licensed Person must provide its comments for each finding in the Management Letter;
  3. c)In case the Management Letter was not issued by an External Auditor, a letter stating the same and the reasons thereof must be issued by the External Auditor; and
  4. d)A copy of the Management Letter or the letter as per Paragraph 7.3.5 (c) of this Chapter must be submitted to the Banking Supervision Department along with the Auditors’ Report and financial statements for each financial year.

Chapter 8: Human Resources

Introduction
The Standards for the Regulations Regarding Licensing and Monitoring of Exchange Business
The Human Resources (HR) function plays a vital role in hiring and maintaining the appropriate employees for the Licensed Person. The Licensed Person may appoint a dedicated person to manage the HR function or combine the HR function with another suitable function subject to the conditions of Paragraphs 7.2.4 (a) of Chapter 7, 16.4.7 (a) and 16.5.1 (g) of Chapter 16. This chapter provides minimum standards to be maintained by the Licensed Person in relation to the HR function.

8.1 Human Resource Policy
1. 8.1.1The Licensed Person must implement a Human Resource Policy approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors);
2. 8.1.2The Human Resource Policy must cover the following at a minimum:
  1. a)Recruitment and Know Your Employee (KYE) Policy;
  2. b)Induction and trainings;
  3. c)Job descriptions and KPIs;
  4. d)Segregation of duties;
  5. e)Staff rotation;
  6. f)Working hours and overtime pay;
  7. g)Leave, holidays and vacation;
  8. h)Performance evaluation;
  9. i)Rights and responsibilities of employees; and
  10. j)The Disciplinary Process.
3. 8.1.3The Human Resource Policy must be in line with all applicable Laws and Rules of the UAE. The Human Resource Policy must be reviewed at regular intervals.

8.2 Recruitment and Know Your Employee (KYE) Process
1. 8.2.1The Licensed Person is responsible to establish and confirm the background of applicants prior to placing them in the employment; and
2. 8.2.2The KYE Procedure must include the following at a minimum:
  1. a)Initial screening of CVs;
  2. b)Verification of applicants’ academic qualifications;
  3. c)Testing and interview;
  4. d)Employment history verification by contacting previous employers to confirm the employee’s work experience and to gather information on previous role(s);
  5. e)Police Clearance Certification from the police authorities of each respective Emirate if the applicant is already in the UAE. In other cases, Police Clearance Certificates must be obtained from the home country of the candidate, if available; and
  6. f)Sanction checks must be applied on applicants before placing them in the employment.

8.3 Job Descriptions
1. 8.3.1Job descriptions must be precise and all employees must be provided with a copy of it in order for them to have clarity on their responsibilities; and
2. 8.3.2A copy of the job description signed by the employee and the Licensed Person must be held in the personal file of the employee.

8.4 Segregation of Duties
1. 8.4.1The Licensed Person must segregate duties to ensure that no single employee has unlimited access to data or is responsible to carry out major tasks, especially in areas such as payment authorization, information access, reconciliations, cash management, etc.

8.5 Staff Rotation
1. 8.5.1The Licensed Person must rotate its employees at regular intervals among its different branches, among different sections within the same branch or within different roles in the same Department. However, this requirement is not applicable to the head of any function.

8.6 Succession Plan
1. 8.6.1Succession Plan must be in place to ensure timely replacements of key personnel such as the Manager in Charge, Compliance Officer, Alternate Compliance Officer, Accountant, etc. immediately once such positions become vacant; and
2. 8.6.2The Succession Plan must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors).

8.7 Code of Conduct:
1. 8.7.1The Licensed Person must have a Code of Conduct for its employees which must include the following at a minimum:
  1. a)Guidelines for acceptable behaviour;
  2. b)Require employees to comply with policies & procedures of the Licensed Person and all applicable Laws, Rules, Regulations, Notices and the Standards;
  3. c)Confidentiality;
  4. d)Conflict of interest;
  5. e)Disciplinary procedures; and
  6. f)Right to appeal.

Chapter 9: Outsourcing of Functions

Introduction
Outsourcing is an arrangement whereby a third party performs a function as a whole or a part thereof, on behalf of the Licensed Person. This chapter provides standards in relation to outsourcing of functions considering its inherent vulnerabilities in relation to confidentiality, accessibility of information, etc.

9.1 Outsourcing of Functions
1. 9.1.1The Licensed Person may outsource various functions, if necessary, with the exceptions under Paragraph 9.1.2 of this Chapter. The Licensed Person must fulfil the requirements of this Chapter at all times and also comply with any future Regulations in relation to outsourcing as and when issued by the Central Bank;
2. 9.1.2The Licensed Person is not permitted to outsource the following functions under any circumstances:
  1. a)AML compliance function with the exception of document retention to an external party. However, the Licensed Person is permitted to outsource specific AML compliance tasks (examples: Enhanced Due Diligence, AML/CFT Training, Framing AML/CFT Controls, System Support etc.) after obtaining the Letter of No Objection from the Banking Supervision Department; and
  2. b)Permitted Activities of the Licensed Person (examples: buying and selling of foreign currencies, acceptance/execution/disbursement of money transfers of customers, etc.).

9.2 Responsibilities of the Licensed Person
1. 9.2.1The ultimate responsibility/accountability of an outsourced function remains with the Licensed Person and the Board of Directors (or with the Owner/Partners where there is no Board of Directors);
2. 9.2.2The Licensed Person must:
  1. a)ensure that it continues to satisfy all regulatory obligations with respect to an outsourced function;
  2. b)ensure that a dedicated employee, who is a subject matter expert, is appointed to manage the relationship between the Licensed Person and the Outsourcing Service Provider (i.e. “the Service Provider”) in the case of functions which are outsourced as per the conditions of this Chapter. Such dedicated employee may be allowed to manage the relationships for multiple outsourced functions provided that such multiple roles handled by the dedicated employee remains free from any conflict of interest;
  3. c)ensure that adequate mechanisms are implemented for monitoring the performance of the Service Provider;
  4. d)immediately inform the Banking Supervision Department of any material problems encountered with an outsourced function or the Service Provider; and
  5. e)continue to monitor the associated risks of outsourced functions and pay due attention to the security and effectiveness of internal controls implemented by the Service Provider to mitigate such risks.

9.3 Outsourcing Policy
1. 9.3.1The Licensed Person must have an outsourcing policy approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors); and
2. 9.3.2The outsourcing policy must cover the following aspects, at a minimum:
  1. a)Enhanced Due Diligence (EDD) process to be applied on the Service Provider;
  2. b)Responsibilities of the Licensed Person and the Board of Directors (or with the Owner/Partners where there is no Board of Directors) in relation to all outsourced functions;
  3. c)Annual risk assessment of outsourced functions;
  4. d)Control mechanisms to mitigate various outsourcing risks; and
  5. e)Requirement of a Service Level Agreement between the Licensed Person and the Service Provider.

9.4 Data Confidentiality
1. 9.4.1The customer and transaction database must be held/stored within the UAE and held confidential at all times; and
2. 9.4.2The Licensed Person must have contractual rights to take legal action against the Service Provider in the event of breach of confidentiality.

9.5 Access to Information
1. 9.5.1The Licensed Person must ensure that the Central Bank and its Examiners have timely access to any information, that may be required to fulfil their responsibilities under the Regulations and the Standards, with respect to outsourced functions;
2. 9.5.2The Licensed Person must ensure that its Internal and External Auditors have timely access to any relevant information that they may be required to fulfil their responsibilities; and
3. 9.5.3Access must be given to the Central Bank and the Licensed Person’s Internal/External Auditors to conduct on-site reviews of outsourced functions at the Service Provider’s premises when it is necessary.

9.6 Business Continuity
1. 9.6.1The Licensed Person must ensure that the Service Provider maintains and tests a plan to ensure the continuity of outsourced functions with a minimum disruption to the business in the event of unforeseen incidents;
2. 9.6.2The Licensed Person must maintain and regularly review a contingency plan to enable it to set-up alternative arrangements, with minimum disruption to the business, should the outsourcing contract suddenly be terminated or the Service Provider fails;
3. 9.6.3Such contingency plans must include various options, such as:
  1. a)the identification of alternative Service Providers;
  2. b)plans to in-source the outsourced functions; and
  3. c)any other practical interim arrangements.

9.7 Outsourcing Agreement
1. 9.7.1The Licensed Person must have a Service Level Agreement with the Service Provider for each function to be outsourced;
2. 9.7.2This agreement must address the issues identified below, at a minimum:
  1. a)Details of functions and activities to be outsourced;
  2. b)Responsibilities, contractual liabilities and obligations of the Service Provider and the Licensed Person;
  3. c)Reporting of issues and escalation mechanism;
  4. d)Mechanisms for monitoring and assessing the performance of the Service Provider;
  5. e)Designated persons for maintaining the relationship between both parties;
  6. f)Confidentiality of customer data and related conditions;
  7. g)Disputes resolution arrangements;
  8. h)Access to information;
  9. i)Business continuity in case the Service Provider temporarily or permanently fails to provide service; and
  10. j)Termination clause.

9.8 Termination
1. 9.8.1Termination of the agreement by the Service Provider under any circumstances must be permitted only under a sufficient notice period within which the Licensed Person is able to identify another Service Provider or to in-source the function;
2. 9.8.2The Licensed Person must retain the right to terminate the Service Level Agreement without any notice period under the following conditions:
  1. a)The Service Provider fails to provide quality services as agreed;
  2. b)The Service Provider is in breach of any sanction laws or any other applicable laws;
  3. c)Ownership of the Service Provider changes that has an impact on the interest of the Licensed Person or has a conflict of interest with the Licensed Person; and
  4. d)The Service Provider becomes insolvent or bankrupt or is under liquidation.
3. 9.8.3The Service Level Agreement must provide for the return of all customer data to the Licensed Person in the event of the termination of such agreement without retaining any copies.

9.9 Letter of No Objection from the Central Bank
1. 9.9.1The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department in order to outsource specific tasks of the AML Compliance function as mentioned under Paragraph 9.1.2 (a) of this Chapter; and
2. 9.9.2The request for the Letter of No Objection must:
  1. a)be submitted to the Banking Supervision Department in writing and at least thirty (30) calendar days before the effective date of outsourcing the function; and
  2. b)be accompanied by the following documents:
    - •the profile of the Service Provider;
    - •a draft of the service level agreement between both parties;
    - •a confirmation letter signed by the Authorized Signatory of the Licensed Person stating that an Enhanced Due Diligence Process has been applied on the Service Provider; and
    - •a confirmation letter signed by the Owner/Partners/shareholders of the Licensed Person stating that ultimate responsibility/accountability of the outsourced function remains with the Licensed Person and the Board of Directors (or with the Owner/Partners where there is no Board of Directors).

C. Risk Management and Security Standards

Chapter 10: Risk Management

Introduction
Risk management refers to the practice of identifying potential risks in advance to measure, evaluate, record, mitigate and monitor risks in order to reduce the impact of such risks on the business of a Licensed Person. The Risk Management function must recognize the range of risks associated with the business and must mitigate them effectively. This chapter provides standards regarding an effective Risk Management Framework to be implemented by a Licensed Person.

10.1 Risk Management Function
1. 10.1.1The ultimate responsibility for the formulation and implementation of an effective risk management framework lies with the Board of Directors (or with the Owner/Partners where there is no Board of Directors);
2. 10.1.2The Licensed Person must maintain a Risk Management Policy approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors);
3. 10.1.3The Licensed Person must designate a Risk Officer who must be given the overall responsibility of the risk management function;
4. 10.1.4Depending on the nature, size and complexity of the business, the Licensed Person may appoint a dedicated Risk Officer or combine this role with another suitable function subject to the conditions under Paragraphs 7.2.4 (a) of Chapter 7, 16.4.7 (a) and 16.5.1 (g) of Chapter 16; and
5. 10.1.5The Risk Management Policy must be reviewed annually and updated if necessary.

10.2 Risk Register
1. 10.2.1The Risk Register is the record where the results of risk analysis, whether qualitative or quantitative, are logged including the mitigating measures and risk ownerships;
2. 10.2.2The Licensed Person must maintain a risk register in the appropriate format with the following information at a minimum:
  1. a)Risk Item;
  2. b)Description of Risk Item;
  3. c)Probability/ Likelihood;
  4. d)Impact/ Consequence;
  5. e)Risk Ranking;
  6. f)Mitigation Measures;
  7. g)Contingency Plan;
  8. h)Risk Ownership; and
  9. i)Deadlines for implementing mitigating measures.
3. 10.2.3The Risk Register must be reviewed at least quarterly to ensure that it is updated with upcoming, relevant risks and appropriate mitigating measures; and
4. 10.2.4Periodical reports on actions initiated to mitigate various risks must be submitted to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).

10.3 Types of Risks
The risk management function at the Licensed Person must identify, evaluate, mitigate and monitor the following risks at a minimum:
1. 10.3.1Operational Risk
  1. a)Operational risk is defined as the risk of loss, resulting from inadequate or failed processes, people and systems or from external events.
2. 10.3.2Market Risk (Currency Rate Risk)
  1. a)Market risk is the risk that the value of an asset may decrease due to movements of market factors;
  2. b)The most important type of market risk for a Licensed Person is the risk of fluctuation in the foreign currency rates; and
  3. c)The Licensed Person must ensure that all market forces are continuously evaluated for prudent management of market risk.
3. 10.3.3Counterparty Risk
  1. a)The risk that the other party to an agreement may default is the counterparty risk. The Licensed Person must identify, measure, monitor and control counterparty risk prior to establishing the business relationship; and
  2. b)Exposure limits assigned to counterparties must be continuously monitored.
4. 10.3.4Compliance Risk
  1. a)Compliance risk is the exposure to legal penalties, financial penalties and material losses that the Licensed Person faces when it fails to act in accordance with applicable Laws, Rules, Regulations, Notices and the Standards.
5. 10.3.5Reputational Risk
  1. a)Reputational risk is the risk of loss, resulting from damages to a Licensed Person’s reputation, such as loss of revenue or increased operating, capital or regulatory costs; and
  2. b)Reputational risk includes the risk to the country’s image resulting from unacceptable business practices of the Licensed Person.
6. 10.3.6Security Risk
  1. a)Information security risk is caused by unauthorized access to the information or systems which can result in unauthorized use of such information or systems; and
  2. b)A Licensed Person must refer to Chapter 13 on General Security and Chapter 14 on Information Security for illustrative mitigating measures.
7. 10.3.7Money Laundering/Terrorist Financing Risk
  1. a)Money laundering risk is the risk of the Licensed Person being involved in, whether deliberately or not, transforming the proceeds of a crime into apparently legitimate money or other assets. The risk on account of financing terrorism, directly or indirectly, is also included here; and
  2. b)Licensed Persons must refer to Chapter 16 on AML/CFT Compliance to understand the expectations of the Central Bank regarding measures to be implemented in order to prevent money laundering and to combat terrorist financing.

Chapter 11: Fraud Management

Introduction:
Fraud is a major challenge that the Licensed Person faces in its day to day operations. Fraud is an intentional deception for unfair or unlawful personal gain. Fraud is not always limited to obtaining cash and tangible benefits. This chapter outlines the minimum requirements of an Anti-Fraud Framework that every Licensed Person must introduce to prevent, detect, investigate and respond to fraud incidents.

11.1 Forms of Fraud
1. 11.1.1Frauds are broadly classified into Internal and External Frauds which are defined below:
  1. a)Fraud carried out by individual(s) employed by the Licensed Person is called Internal Fraud; and
  2. b)Fraud committed by an external party against the business of the Licensed Person is referred to as External Fraud.
2. 11.1.2Fraud normally includes the following acts, although the list is not exhaustive:
  1. a)Misappropriation;
  2. b)Misrepresentation:
    - •Misrepresentation of Financial Statements; and
    - •Misrepresentation of Non-Financial Statements.
  3. c)Corruption:
    - •Bribery; and
    - •Illegal gratuities.
  4. d)Misconduct:
    - •Breach of internal policies and procedures; and
    - •Breach of applicable Laws, Rules, Regulations, Notices and the Standards.
  5. e)Any other deliberate deception for unlawful personal gain.
3. 11.1.3Throughout this chapter, the terminology “Fraud” includes all types of frauds mentioned under Paragraphs 11.1.1 and 11.1.2 of this Chapter.

11.2 Anti-Fraud Framework

11.2.1The Licensed Person must implement an appropriate Anti-Fraud Framework in order to prevent, detect, investigate and respond to fraud incidents; and
11.2.2The following are the four basic elements that must be included in the Anti-Fraud Framework at a minimum, depending on the nature, size and complexity of the Licensed Person:

Elements of an Anti-Fraud Framework
a)Preventive measures for reducing the risk of Fraud from occurring: •Tone at the top by the Board of Directors (or by the Owner/Partners where there is no Board of Directors) on zero tolerance of fraud; •Introduce Policies and Procedures including a Code of Conduct and a Fraud Prevention Policy; •Conduct Fraud Risk Assessment; •Appropriate access controls in sensitive areas, both physical and in IT systems; •Segregation of duties (e.g. introducing maker/checker controls); •Background screening before hiring employees; •Annual declaration completed by all employees to: oDisclose conflict of interest, if any; and oConfirm their understanding of the Code of Conduct. •Provide training to assist employees to prevent fraud and to maintain public confidence.
b)Detection measures for discovering fraud when it occurs: •Accurate and timely account reconciliations; •Independent Audits/AUPs (e.g. by External Auditors); •Scrutinizing required documents prior to completing transactions; •System controls; •Systematic fraud detection tools (to be implemented only if the Licensed Person has more than 25 branches); and •Whistleblowing Policy (to be implemented only if the Licensed Person has more than 25 branches).
c)Investigation Process that includes the following: •Laid down Procedures for investigating fraud incidents through research, followup, interviews or a formal procedure of discovery.
d)Response •Immediate reporting of fraud incidents to the police authorities, FID and the Banking Supervision Department; •Recovery through legal action, insurance claim, criminal referrals, disciplinary action, etc.; and •Monitoring: oOngoing corrective actions to ensure that internal controls continue to operate effectively; and oOngoing updates to respective policies and procedures to reflect developments in the Licensed Person and its operational environment.

11.3 Roles and Responsibilities
1. 11.3.1The Manager in Charge and the Board of Directors (or the Owner/Partners where there is no Board of Directors) of the Licensed Person have the overall responsibility to create a culture of zero tolerance to fraud and to oversee the implementation of the Anti-Fraud Framework;
2. 11.3.2The Licensed Person must appoint or designate a Fraud Prevention Officer who must be responsible to design, implement and manage an appropriate Anti-Fraud Framework;
3. 11.3.3Depending on the nature, size and complexity of the business, the Licensed Person may appoint a dedicated Fraud Prevention Officer or combine this role with another suitable function subject to the conditions under Paragraphs 7.2.4 (a) of Chapter 7, 16.4.7 (a) and 16.5.1 (g) of Chapter 16;
4. 11.3.4The Licensed Person’s recruitment process must fulfil the requirements of Paragraph 8.2 of Chapter 8 at a minimum;
5. 11.3.5Fraud investigations must be undertaken by a team that includes the Fraud Prevention Officer, Internal Auditor and the concerned functional head at a minimum. The Licensed Person must ensure that a person, who is suspected in relation to a fraud incident, is not involved in the investigation. The investigation report must be submitted to the Board of Directors (or to the Owner/Partners where there is no Board of Directors);
6. 11.3.6The Licensed Person must consult the legal advisors (internal or external) before, during or after the investigation for guidance on civil and criminal proceedings and recovery of losses;
7. 11.3.7The Human Resources Department of the Licensed Person must take disciplinary action against employees who are involved in perpetrating internal fraud;
8. 11.3.8The Internal Auditor is responsible for:
  1. a)conducting Fraud Risk Assessments jointly with the Fraud Prevention Officer on an annual basis and submit the report to the Board of Directors (or to the Owner/Partners where there is no Board of Directors);
  2. b)reviewing the adequacy of related policies and procedures;
  3. c)confirming the availability of insurance cover to protect the interest of the Licensed Person;
  4. d)confirming the recruitment process is in line with Paragraph 8.2 of Chapter 8;
  5. e)confirming that appropriate anti-fraud trainings are given to employees; and
  6. f)confirming that fraud incidents are appropriately reported in accordance with Paragraph 11.4 of this Chapter.

11.4 Fraud Reporting
1. 11.4.1All fraud incidents must immediately be reported to:
  1. a)the police authorities for investigation;
  2. b)the FID via the STR system in the form of a fraud report; and
  3. c)the Banking Supervision Department by using the “Fraud Incident Reporting (FIR) Form” (Refer to Appendix 5 for FIR Form) if the amount of loss is equal to or above AED 100,000.
2. 11.4.2Fraud incidents must be reported to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) immediately when the amount of loss is equal to or above AED 50,000. A summary of other fraud incidents must be sent to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) on a monthly basis, at a minimum.

11.5 Anti-Fraud Training
1. 11.5.1The Licensed Person must ensure that:
  1. a)appropriate and documented anti-fraud training is provided to all employees;
  2. b)two such trainings are provided to employees during the first year of their employment and annual training is given thereafter;
  3. c)training is provided to prevent fraud incidents from taking place at the Licensed Person’s business;
  4. d)training covers fraud typologies, fraud detection, fraud prevention, the Licensed Person’s policies/procedures and reporting procedures at a minimum; and
  5. e)employees are assessed annually to test their understanding of fraud prevention measures.
2. 11.5.2Anti-fraud training may be in-house, external/outsourced, web based or a combination of all these.

11.6 Fraud Incidents Register
1. 11.6.1The Licensed Person must maintain appropriate register to record the following information about fraud incidents and this register must be available for the verification by the Central Bank Examiners during an examination:
  1. a)Date of fraud incident;
  2. b)Brief description of the fraud incident;
  3. c)Parties involved;
  4. d)Amount of loss;
  5. e)Was the loss covered by insurance or not?
  6. f)Date of reporting to the police, FID and the Banking Supervision Department;
  7. g)Other actions taken; and
  8. h)Disciplinary actions taken, if applicable.
2. 11.6.2A review of Fraud Incident Register must be carried out at the end of every financial year to identify the anti-fraud training needs of employees for the following year.

Chapter 12: Counterfeit Currency Reporting

Introduction
Counterfeit money is an imitation currency produced without any legal sanction of the Government. Producing, circulating or using counterfeit money is a form of fraud/forgery and is a criminal offence. This chapter provides the minimum standards that every Licensed Person must implement to detect counterfeit currencies and report such incidents to the competent authorities.

12.1 Procedures for Handling Counterfeit Currencies
1. 12.1.1The Licensed Person must introduce robust procedures to detect counterfeit currencies and report such incidents to the competent authorities. Such procedures must include the following at a minimum:
  1. a)Methods of undertaking checks to detect counterfeit currencies;
  2. b)Usage of devices for checking currencies;
  3. c)Internal reporting procedures for counterfeit incidents;
  4. d)External reporting procedures (for reporting counterfeit incidents to the competent authorities such as police and to the Central Bank);
  5. e)Maintain appropriate registers to record counterfeit incidents; and
  6. f)Provide counterfeit detection training to relevant employees.
2. 12.1.2The counterfeit currency procedures must be approved by the Manager in Charge; and
3. 12.1.3The effectiveness of the counterfeit procedures must be reviewed at the end of every financial year and then the procedures must be updated if necessary.

12.2 Counterfeit Currency Detection Machines
1. 12.2.1Each licensed premises must have counterfeit detection machines and ultraviolet lamps (i.e. UV lamps);
2. 12.2.2Counterfeit detection machines must be programed to check five (5) major currencies, at a minimum, including the local currency; and
3. 12.2.3The software programs of such machines must be regularly updated in order to ensure the effectiveness of the counterfeit detection process.

12.3 Counterfeit Identification Training
1. 12.3.1The Licensed Person must ensure that:
  1. a)properly documented periodical training is provided to all employees handling cash;
  2. b)training is provided to detect counterfeits, both in local as well as in foreign currencies;
  3. c)the training material covers complete counterfeit detection procedures, internal/external reporting procedures and identification features of relevant currencies that the Licensed Person may usually buy or sell across its branches;
  4. d)two such trainings are provided to employees during the first year of their employment and annual training is given thereafter; and
  5. e)identification features of newly introduced currencies, whether local or foreign, must be communicated immediately to all relevant employees.
2. 12.3.2Counterfeit identification training may be in-house, external/outsourced, web based or a combination of all these;

12.4 Counterfeit Currency Reporting
1. 12.4.1The Licensed Person must ensure that:
  1. a)all counterfeit incidents are reported to the police authorities of the respective Emirate where the incident has occurred;
  2. b)all counterfeit currency cases are reported to the FID as a fraud case via the STR reporting system;
  3. c)all local currency counterfeit incidents, irrespective of the value of counterfeits, must be immediately reported to the Banking Supervision Department using the “Counterfeit Incident Reporting (CIR) Form” (Refer to Appendix 5 for CIR Form); and
  4. d)foreign currency counterfeit incidents, where the total value of counterfeits in a single transaction or multiple transactions by the same person is equal to or above AED 36,000, must be reported immediately to the Banking Supervision Department using CIR Form (Refer to Appendix 5 for this Form).

12.5 Counterfeit Currency Register and Annual Review
1. 12.5.1The Licensed Person must ensure that:
  1. a)an appropriate register is maintained to log full details of every counterfeit currency incident; and
  2. b)a review of such Counterfeit Currency Register is carried out at the end of every financial year to identify the training needs of employees for the following year.

12.6 Internal Audit
1. 12.6.1The scope of internal audit must include the effectiveness of counterfeit detection, reporting and training procedures.

Chapter 13: General Security

Introduction
Security is an important aspect of Exchange Business and Licensed Persons must comply with below security standards at a minimum. Depending upon the nature, size and complexity of the business and the level of risk, the Licensed Person must introduce additional security measures wherever necessary. Further, the Licensed Person must ensure that it complies with all security requirements of the police or other competent authorities in the respective Emirate.

13.1 Entrance to the Licensed Premises
1. 13.1.1The main door of the licensed premises must be well protected by appropriate metal shutters during closing hours;
2. 13.1.2Where there are difficulties to use metal shutters as required under Paragraph 13.1.1 of this Chapter due to unavoidable leasing conditions (example: licensed premises inside an Airport or a Shopping Mall), the Licensed Person must introduce appropriate additional security measures to protect its assets; and
3. 13.1.3Other external doors of the licensed premises must be protected with metal shutters.

13.2 Panic Alarm Systems
1. 13.2.1Panic alarm systems and intrusion detection systems must be in place;
2. 13.2.2Both panic alarm and intrusion detection systems must comply with all requirements of the police or any other competent authorities of the respective Emirate, at a minimum;
3. 13.2.3Kick bars and/or hold up buttons for the panic alarm systems must be available throughout the cashier/teller areas, office room of the Manager in Charge and other back offices;
4. 13.2.4Panic alarm systems and intrusion detection systems must be tested at regular intervals, at least once in a year; and
5. 13.2.5The panic alarm systems and intrusion detection systems must be under an Annual Maintenance Contract from a recognised service provider in the respective Emirate.

13.3 Safe/Vault and Cash
1. 13.3.1Cash, other than the amount required by tellers during working hours, must be held in the Safe/Vault;
2. 13.3.2The Safe/Vault must be firmly secured on a solid floor;
3. 13.3.3The Safe/Vault must always be kept out of sight of customers or general public;
4. 13.3.4The Safe/Vault must be held/operated under joint custody of two people (i.e. under dual control) at all times, preferably, with one key and a code/biometric lock;
5. 13.3.5Cash movements outside the licensed premises must be carried out through an approved Cash In Transit (CIT) agent;
6. 13.3.6Customers, strangers or other outside parties must not be given access inside the teller areas, cash room where the banknotes are sorted/counted, Safe/Vault room and other back offices, etc. without having an appropriate justification; and
7. 13.3.7Appropriate registers must be maintained to log the details of visitors who access teller areas, the cash room, Safe/Vault room and back offices.

13.4 CCTV
1. 13.4.1Licensed premises must be under CCTV monitoring at all times. The CCTV system and cameras must meet requirements of the police or other competent authorities of the respective Emirate;
2. 13.4.2CCTV recordings of immediately preceding ninety (90) calendar days must be available in the system, at a minimum. If the police or other competent authorities of the respective Emirate require more than ninety (90) calendar days of CCTV recordings, then the Licensed Person must comply with such requirements;
3. 13.4.3CCTV cameras must cover, at a minimum:
  1. a)All entrances and exits;
  2. b)Customer service areas, such as reception, service counter, visitors’ sitting area, etc.;
  3. c)Cashier areas or cash room where the banknotes are sorted, counted and packed; and
  4. d)Safe/Vault area.
4. 13.4.4A notice that “Premises Under Continuous CCTV Monitoring” must be displayed outside the licensed premises (i.e. on or closer to the main entrance) in addition to the customer service area;
5. 13.4.5The CCTV system must be checked daily to confirm that it is properly recording before the opening as well as the closing of business hours and the results of such checks must be logged in a separate register; and
6. 13.4.6The CCTV system must be under an Annual Maintenance Contract from a recognised service provider of the respective Emirate.

13.5 Insurance Policy
1. 13.5.1The Licensed Person must at all times be fully covered by a valid insurance policy issued by an insurance company licensed within the UAE. The following insurance cover must be available, at a minimum:
  1. a)Various risks related to internal and external frauds (i.e. Bankers Blanket Bond Insurance/Crime Insurance). Employees infidelity/dishonesty, counterfeit incidents, theft and allied risks must be adequately covered including the cash in the Safe/Vault, cash with the teller and cash in transit;
  2. b)Electronic/Computer Crimes (ECC) and Cyber Crimes;
  3. c)Electronic Equipment;
  4. d)Fire, theft and other allied risks; and
  5. e)Third party liabilities.

13.6 Branch Limits for Instant Money Transfers
1. 13.6.1The Licensed Person must set branch wise daily limits for the total value of remittances that can be executed via an instant money transfer service provider;
2. 13.6.2Such daily limits must be set in each instant money transfer application/system based on the expected daily activity of each branch of the Licensed Person;
3. 13.6.3There must be a written procedure to increase such daily limits to meet the growing business requirements of each branch by introducing an escalation process seeking the approval of the Manager in Charge in such occasions;
4. 13.6.4The daily limits must be reviewed on a regular basis to ensure that such limits are not disproportionately higher than the expected daily activity of each branch; and
5. 13.6.5Internal Auditor must verify and confirm that the set daily limits are appropriate to the size of the business of each branch of the Licensed Person.

Chapter 14: Information Security

Introduction
Computer systems are used by Licensed Persons to process large numbers of transactions and provide quality service to its customers. While efficiency of processing transactions is the main objective of computerizing operations of a Licensed Person, the security of customer information and related transaction data is vital. Licensed Persons must not compromise in introducing information security measures appropriate to the complexity and size of their business. This Chapter contains a few illustrative (but not exhaustive) security measures which all Licensed Persons must implement at a minimum at all times. Additional measures must be introduced depending on the size and the complexity of the business and considering the results of penetration tests and IT audits by external experts.

14.1 Email Systems
1. 14.1.1Independent email exchange systems must be in use for all official communications by the Licensed Person and its employees. Public emails (example: Yahoo, Gmail, etc.) must not be used under any circumstances;
2. 14.1.2The Licensed Person must have a dedicated email ID styled cbuae@abcexchange.com or cbuae@abcexchange.ae for communicating with the Central Bank. The Central Bank will restrict sending or receiving communications only to/from such designated emails IDs;
3. 14.1.3The Licensed Person must inform their designated email ID to the Banking Supervision Department in writing under the signature of its authorized signatory; and
4. 14.1.4Employees must be prohibited from using office computer systems for accessing private emails, social networking sites or websites that are not related to the business, (example: Yahoo, Gmail, Hotmail, Facebook, etc.).

14.2 Information Security Policy
The Standards for the Regulations Regarding Licensing and Monitoring of Exchange Business
1. 14.2.1An Information security policy must be implemented prescribing controls on usage of emails, internet browsing, passwords, workstations, data communication, network security, etc.;
2. 14.2.2The Information security policy must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors) and must be communicated to all employees and obtain their acknowledgement; and
3. 14.2.3Information security policy must be reviewed annually at a minimum.

14.3 Users
1. 14.3.1All User IDs in the Point of Sale system, email and computer systems must be created only by the designated IT person;
2. 14.3.2A Separate user ID must be created for each employee and users shall not be allowed to share their User IDs in order to preserve the segregation of duties;
3. 14.3.3“Administrator rights” must be restricted only to authorized IT persons and must be restricted in number;
4. 14.3.4User names of employees who resign must be de-activated immediately upon them leaving the Licensed Person;
5. 14.3.5Emails of an employee, who has resigned, may be diverted to another employee, if necessary, with the special approval of the Manager in Charge and this must be covered in the IT policy; and
6. 14.3.6Privileges assigned to the users must be reviewed at regular intervals and ensure the timely removal of unnecessary privileges.

14.4 Passwords
1. 14.4.1Work stations and all applications must have appropriate and needs based access controls with user names and passwords;
2. 14.4.2The password must be of sufficient length, preferably eight digits or above, and must be alpha numeric with special characters;
3. 14.4.3Mandatory “Password Change” settings must be activated in all systems and applications. The password change for normal users must be at least once in ninety (90) calendar days and thirty (30) calendar days in the case of Administrators; and
4. 14.4.4“Auto Password Save” option must not be activated on any PC or in any work stations or for any applications.

14.5 Data Movement, Database and Back-up
1. 14.5.1Where the data is shared outside of own network or when the data is related to any card transactions, the Licensed Person must use stronger encryption techniques to suitably encrypt such data;
2. 14.5.2The customer and transaction database must be held/stored within the UAE;
3. 14.5.3Outside parties must not be given access to the customer/transaction database which must be held completely proprietary at all times. Restricted access may be given to the IT service provider, in case the IT function is outsourced, to carry out maintenance of computer hardware, network or applications;
4. 14.5.4Appropriate policies must be introduced for the back-up and off-site storage of back-up data of all enterprise servers, databases, network servers and system software;
5. 14.5.5The Licensed Person must have a procedure for the back-up of systems that may include details of back-up frequency, information to be backed-up, storage media, back-up retention period, recirculation of the media and periodical testing of the back-up copies for data availability; and
6. 14.5.6Disaster Recovery (DR) drills must be conducted at regular intervals to ensure that the DR set-up is functional.

14.6 Antivirus Solutions
1. 14.6.1All computer systems including servers, work stations, personal computers (PCs), laptops and other handheld devices must have appropriate anti-virus solutions to prevent information loss due to viruses, Trojans, worms and bots;
2. 14.6.2Anti-virus solutions on all computer systems must be updated automatically;
3. 14.6.3Daily automated antivirus scanning must be activated for every computer system and at the network level;
4. 14.6.4Anti-virus configuration settings must be comprehensive and robust to prevent vulnerabilities from all external interferences, malicious attacks and intrusions;
5. 14.6.5Antivirus scanning must be undertaken automatically at regular intervals;
6. 14.6.6All incoming and outgoing emails with files attached must be auto screened before the mail reaches the end user mail box. In case of doubt, the system must block such emails and automatically notify the IT team to carry out further investigation; and
7. 14.6.7Users must not be given privileges to alter the settings of the antivirus solutions.

14.7 IT Training
1. 14.7.1All employees must be given training related to Information Security and a copy of the Information Security Policy at the time of joining;
2. 14.7.2Refresher training must be given annually at a minimum;
3. 14.7.3Employees of the Information Security Department must be provided with specialized annual training to remain updated with recent trends, threats and required controls in information security; and
4. 14.7.4The training plan, training registers, training materials, etc. must be held in the records for verification by the Central Bank.

14.8 System Changes
1. 14.8.1All changes to the hardware, software, applications, databases, configuration, etc. must be subject to the formal change control procedures;
2. 14.8.2Changes to the application systems must be carried out only in accordance with approved change request process and subject to a formal risk assessment process; and
3. 14.8.3All changes must be tested under all possible scenarios before adding them into production.

14.9 Audit and Testing
1. 14.9.1The Licensed Person must conduct internal and external vulnerability scanning and penetration tests on the network and systems on an annual basis at a minimum and take appropriate mitigating actions in order to address the issues identified during such tests; and
2. 14.9.2The strength of the information security controls and IT Security controls must be audited by external experts at regular intervals, annually at a minimum, depending on the nature, size and complexity of the business.

14.10 General Requirements and Reporting Processes
1. 14.10.1The privilege to download software (licensed and not free or pirated software) must be given only to the designated IT person. Users of computers must not be allowed to download any software to computers;
2. 14.10.2The “Auto-logout” feature must be activated for all applications related to the business of the Licensed Person when they are not in use;
3. 14.10.3The “Auto-lock” feature must be available by using a screen saver password on all work stations or operating systems when they are not in use;
4. 14.10.4Appropriate Firewall systems and protection must be available for PCs, Servers, Operating Systems, Database and network equipment;
5. 14.10.5All the Operating systems, server machines, hardware equipment, system software, applications, utility programs, anti-virus programs must be licensed by the respective vendor at all times along with valid agreements;
6. 14.10.6The Licensed Person must review all warning notices issued by the Central Bank on cyber threats and take necessary actions immediately to ensure adequate protection to its computer systems against such threats; and
7. 14.10.7Cyber fraud/crime incidents must be immediately reported to the Banking Supervision Department and police authorities.

Chapter 15: Business Continuity Management

Introduction
Business Continuity Management is to ensure timely resumption of the Licensed Person’s business in the event of a disruption by minimising the consequential damages. The Licensed Person must implement appropriate Business Continuity Management and comply with the following standards at a minimum.

15.1 Business Continuity Management
1. 15.1.1The Licensed Person must identify, define and analyse all types of risk that may result in a business disruption and assess the impact thereof; and
2. 15.1.2The Licensed Person must implement an appropriate Business Continuity Plan to ensure the continuity of the business during a disruption.

15.2 Business Continuity Plan (BCP)
1. 15.2.1Business Continuity Plan must include:
  1. a)Identification and assessment of potential crises, disasters and risks including their impact on the business;
  2. b)Ways and means to deal with such crises, disasters and risks;
  3. c)Plans to provide protection to the Licensed Person and its employees in case of unforeseen disasters;
  4. d)Plans to avoid suspension of operations or plans to minimize the period of suspension of operations to minimise losses;
  5. e)Tools and processes for storing sensitive information and the recovery thereof to avoid loss of information during the occurrence of disasters; and
  6. f)Guidelines to contact relevant authorities and partners (i.e. the Central Bank, foreign correspondents, etc.) to inform them about the disaster and suspension of operations, if necessary.
2. 15.2.2The Licensed Person must follow the below standards while implementing the Business Continuity Plan:
  1. a)A sufficient number of experienced employees must be available for the purpose of recovery and resumption of the business;
  2. b)Roles, responsibilities and powers of employees in relation to the Business Continuity Plan must be clearly defined;
  3. c)Resumption priorities must be clearly agreed and documented; and
  4. d)Appropriate training must be provided to employees for the effective implementation of the Business Continuity Plan.

15.3 BCP Testing
1. 15.3.1Testing of the Business Continuity Plan must be undertaken at regular intervals in order to assess the capability of the Licensed Person to resume business after a disruption;
2. 15.3.2Accordingly, the Licensed Person must:
  1. a)Test the Business Continuity Plan at least annually;
  2. b)Testing must also be undertaken considering any key changes in the business model, products, systems and relevant infrastructure; and
  3. c)Testing details and results must be documented for verification by the Central Bank Examiners during an examination.
3. 15.3.3Testing results must be reviewed by the Manager in Charge and by the Board of Directors (or by the Owner/Partners where there is no Board of Directors); and
4. 15.3.4The Business Continuity Plan must be reviewed and updated based on the results of such testing.

D. Anti-Money Laundering Compliance Standards

Chapter 16: AML/CFT Compliance

Introduction
Global efforts to prevent the abuse of financial systems to launder money or finance terrorist activities is extremely important. This chapter provides standards that every Licensed Person must follow at all times in order to protect the Licensed Person from abuse by money launderers and/or terrorist financiers. The Licensed Person must ensure that its Anti-Money Laundering and Combating Financing of Terrorism (AML/CFT) Compliance is in line with applicable Laws and Regulations of the UAE regarding Criminalization of Money Laundering (“AML/CFT Laws and Regulations”).

16.1 Compliance Program
1. 16.1.1The Licensed Person must carefully design, document and effectively implement its compliance program based on standards under Paragraphs 16.2 to 16.30 of this Chapter at a minimum; and
2. 16.1.2The Licensed Person must implement additional AML/CFT procedures, systems, controls and measures as appropriate to the risk profile of its business.

16.2 ML/FT Risk Assessment
1. 16.2.1The Licensed Person must identify, assess and understand the money laundering and financing of terrorism (ML/FT) risks associated with its business on a regular basis;
2. 16.2.2The Licensed Person must implement a ML/FT risk assessment methodology as appropriate to the nature, size and complexity of its business;
3. 16.2.3Money laundering and terrorist financing risks associated with the following parameters of the Licensed Person must be assessed at a minimum:
  1. a)Customer Risk;
  2. b)Counterparty Risk (i.e. foreign correspondent banks, financial institutions, agents, etc.);
  3. c)Product Risk;
  4. d)Jurisdictional Risk or Country Risk; and
  5. e)Delivery Channel Risk or Interface Risk.
4. 16.2.4The Licensed Person must identify and assess ML/FT risks based on additional parameters that may be relevant to the nature, size and complexity of its business before entering into any business relationships;
5. 16.2.5In assessing ML/FT risks, the Licensed Person must have the following in place:
  1. a)Documented risk assessment methodology, process and findings;
  2. b)Determine the level of overall risk, acceptable level of risk and mitigating measures to be applied to minimise the impact of risks;
  3. c)Keep risk assessments up-to-date through periodic reviews; and
  4. d)Establish appropriate mechanisms to provide information on risk assessments to the Central Bank and to Examiners, whenever required.
6. 16.2.6The Licensed Person should also be guided by the results of the National Risk Assessment in conducting its own ML/FT risk assessments which will be issued by the competent authority in the UAE in future; and
7. 16.2.7The Licensed Person must identify and assess the ML/FT risks that may arise in relation to the development of new products and services including new delivery mechanisms and the use of new or developing technologies for both new and existing products, as follows:
  1. a)Undertake the risk assessment prior to the launch or use of such products, services and technologies;
  2. b)Take appropriate measures to manage and mitigate risks;
  3. c)Notify the Banking Supervision Department of the product and its risks, risk mitigation measures; and
  4. d)Obtain a Letter of No Objection from the Banking Supervision Department prior to launching the product.

16.3 AML/CFT Policies and Procedures
1. 16.3.1The Licensed Person must introduce a comprehensive and documented AML/CFT Policy, based on its ML/FT risk assessment in accordance with Paragraph 16.2 of this Chapter, which must be the foundation of its compliance function;
2. 16.3.2The AML/CFT Policy must clearly define the roles and responsibilities of the Manager in Charge, Compliance Officers, Compliance Committee and employees in relation to AML/CFT compliance. The AML/CFT Policy must also provide for regular and timely reporting to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) regarding ML/FT risks and the culture/values to be adopted within the business of the Licensed Person to prevent money laundering, terrorist financing and related crimes;
3. 16.3.3The AML/CFT Policy must affirm the roles and responsibilities of the Board of Directors (if any) and of the Owner/Partners/Shareholders in relation to implementing a robust compliance program across the business of the Licensed Person;
4. 16.3.4Effective AML/CFT Procedures must also be implemented for employees to follow while they carry out their day to day responsibilities in order to ensure that ML/FT risks are mitigated in the day to day operations of the Licensed Person;
5. 16.3.5The AML/CFT Policy and Procedures must be based on the UAE’s existing AML/CFT Laws, Regulations, Notices and the Standards as well as international best practices and guidance notes from the FATF, MENAFATF, EGMONT Group and other similar bodies;
6. 16.3.6The AML/CFT Policy and Procedures must be approved by the Manager in Charge, the Compliance Officer and by the Board of Directors (or by the Owner/Partners where there is no Board of Directors);
7. 16.3.7The AML/CFT Policy and Procedures must be reviewed and updated, annually at a minimum, to make it consistent with all applicable Laws, Regulations, Notices, the Standards and other international best practices and to make it effective in mitigating the existing as well as emerging ML/FT risks;
8. 16.3.8Copies of the AML/CFT Policy and Procedures must be held in all licensed premises and must be accessible to all employees at all times; and
9. 16.3.9The AML/CFT Policy and Procedures must be circulated among all employees upon the completion of periodical reviews.

16.4 Appointment of the Compliance Officer
1. 16.4.1The Licensed Person must appoint a Compliance Officer who must be given the specific responsibility of managing its AML/CFT compliance function;
2. 16.4.2The Compliance Officer of the Licensed Person must:
  1. a)be a member of Senior Management;
  2. b)report directly to the Board of Directors (or to the Owner/Partners where there is no Board of Directors);
  3. c)be provided with sufficient resources including time, systems, tools and support staff depending on the nature, size and complexity of its business; and
  4. d)be provided with unrestricted access to all information related to products or services, business partners, correspondent agents, remittance partners, customers and transactions.
3. 16.4.3The following are some of the major responsibilities of the Compliance Officer (the list is not exhaustive):
  1. a)Design an appropriate AML/CFT compliance program for the Licensed Person to remain compliant with applicable AML/CFT Laws, Regulations, Notices, the Standards and international best practice at all times;
  2. b)Establish and maintain appropriate AML/CFT policies, procedures, processes and controls;
  3. c)Ensure day-to-day compliance of the business against internal AML/CFT policies and procedures;
  4. d)Act as the key contact point regarding all AML/CFT related matters/ queries from the Central Bank and any other competent authorities;
  5. e)Receive suspicious transaction alerts from employees and analyze them to take appropriate decisions to report all suspicious cases to the FID;
  6. f)On-going monitoring of transactions to identify high-risk, unusual and suspicious customers/transactions;
  7. g)Submit Suspicious Transaction Reports to the FID in a timely manner;
  8. h)Cooperate with and provide the FID with all information it requires for fulfilling their obligations;
  9. i)Develop and execute AML/CFT training programs considering all relevant risks of ML/FT and financing illicit organizations including the ways/means for addressing them;
  10. j)Provide necessary reports to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) on all AML/CFT issues, on a quarterly basis at a minimum;
  11. k)Arrange to retain all necessary supporting documents for transactions, KYC, monitoring, suspicious transaction reporting and AML training for the minimum period for record retention as per Paragraph 16.24 of this Chapter;
  12. l)Conduct regular gap analysis between the Licensed Person’s existing AML/CFT Procedures and current Laws, Regulations, Notices and the Standards of the UAE in order to determine the extent of the Licensed Person’s level of compliance;
  13. m)Propose actions required to address gaps, if any; and
  14. n)Prepare Bi-Annual Compliance Reports in accordance with Paragraph 16.25 of this Chapter.
4. 16.4.4The Compliance Officer must have the following qualifications and experience at a minimum:
  1. a)If the Licensed Person is in possession of a Category A License:
    - •A minimum of three (3) years of experience in AML/CFT compliance, audit or risk management within any financial institution(s).
  2. b)If the Licensed Person is in possession of either a Category B or Category C License:
    - •A minimum of eight (8) years of experience in AML/CFT compliance, audit or risk management within any financial institution(s); or
    - •A minimum of five (5) years of experience in AML/CFT compliance, audit or risk management within any financial institution(s) and possess a specific certification related to AML/CFT compliance.
  3. c)Examples of specific certifications related to AML/CFT compliance includes ACFCS, CFE, ICA Diplomas, CAMS or any other certification associated with financial crime control or AML/CFT compliance which is acceptable to the Central Bank; and
  4. d)The Compliance Officer, in all above cases, must possess sound knowledge of all applicable AML/CFT Laws, Regulations, Notices, the Standards and other relevant international best practices.
5. 16.4.5Grace Period to comply with Paragraph 16.4.4 of this Chapter:
  1. a)A Licensed Person, who has obtained the license to carry out Exchange Business prior to the date of issuing the Standards, must comply with the requirements of Paragraph 16.4.4 of this Chapter on or before 31^st December 2018; and
  2. b)Regardless of the grace period under Paragraph 16.4.5 (a) of this Chapter, the Central Bank reserves the right to instruct any Licensed Person to comply with the requirements of Paragraph 16.4.4 of this Chapter at any time prior to 31^st December 2018, if it deems it necessary.
6. 16.4.6Employment Type and Residential Status of the Compliance Officer:
  1. a)The Compliance Officer must be a full time employee of the Licensed Person;
  2. b)The Compliance Officer must not engage in any part time employment or act as a consultant outside the business of the Licensed Person;
  3. c)The Compliance Officer must be a resident in the UAE; and
  4. d)A foreign national must be under the employment visa of the Licensed Person when employed as a Compliance Officer.
7. 16.4.7Conflict of Interest in Multiple Roles:
  1. a)The role of Compliance Officer must not be combined with any other functions of the Licensed Person.
8. 16.4.8Reporting Lines and Independence:
  1. a)The Compliance Officer must directly report to the Board of Directors (or to the Owner/Partners where there is no Board of Directors); and
  2. b)The Compliance Officer must have authority to act without any interference from the Manager in Charge or other employees of the Licensed Person.
9. 16.4.9Prior Approval for Appointment:
  1. a)A Letter of No Objection must be obtained for appointing a Compliance Officer by submitting the following documents to the Banking Supervision Department:
    - •Letter from the authorized signatory of the Licensed Person seeking the Letter of No Objection from the Central Bank;
    - •Duly completed APA Form (Refer to Appendix 5 for this Form) along with all required supporting documents; and
    - •Undertaking letter from an authorized signatory of the Licensed Person confirming the binding commitment of the Compliance Officer and the Licensed Person to comply with Paragraphs 16.4.6, 16.4.7 and 16.4.8 of this Chapter.
  2. b)The Central Bank shall conduct a fit and proper test on the proposed Compliance officer of the Licensed Person. The Central Bank reserves the right to:
    - •interview the proposed Compliance Officer as part of the fit and proper test, if it deems it necessary; and
    - •issue or decline the approval for the proposed Compliance Officer.
  3. c)In case the prior approval is rejected by the Central Bank, the Licensed Person must propose a new Compliance Officer within the timeline provided by the Central Bank in the Letter of Rejection. If a specific timeline is not provided in the Letter of Rejection, then the Licensed Person must propose a new Compliance Officer within a period of one hundred and eighty (180) calendar days from the date of Letter of Rejection; and
  4. d)Full details of the Compliance Officer must be provided to the FID via email to: cbuaeamlscu@cbuae.gov.ae (Refer to Notice Number 1401/2010 issued by the Central Bank on 16^th March 2010).
10. 16.4.10Resignation of the Compliance Officer and Notification to the Central Bank:
  1. a)The Licensed Person must notify the Banking Supervision Department, within five (5) working days, in case the Compliance Officer resigns or vacates the office in any other manner with reason thereof via email to: info.ehs@cbuae.gov.ae;
  2. b)The Licensed Person must appoint a permanent replacement, within a period of one hundred and eighty (180) calendar days from the date when the position of the Compliance Officer falls vacant, after obtaining a Letter of No Objection from the Banking Supervision Department (Refer to Paragraph 16.4.9 of this Chapter for more information); and
  3. c)The Alternate Compliance Officer must be available to ensure the continuity of the AML/CFT compliance function during the period when the Compliance Officer’s position is vacant.
11. 16.4.11Outsourcing of Compliance Function:
  1. a)The Licensed Person must not outsource the role of the Compliance Officer nor the entire compliance function under any circumstances. However, the Licensed Person is permitted, under certain circumstances, to outsource some specific AML compliance tasks after obtaining the Letter of No Objection from the Banking Supervision Department. Please refer to Paragraph 9.1.2 (a) of Chapter 9.
12. 16.4.12Removal of the Compliance Officer:
  1. a)The Central Bank reserves the right to remove the Compliance Officer of a Licensed Person at its sole discretion;
  2. b)The Licensed Person, in such cases, must comply with Paragraph 16.4.10 (b) of this Chapter; and
  3. c)The Central Bank reserves the right to communicate or not to communicate reasons to the Licensed Person for its decision to remove the Compliance Officer.

16.5 Appointment of the Alternate Compliance Officer
1. 16.5.1The Licensed Person must appoint an Alternate Compliance Officer to strengthen the AML/CFT compliance function subject to the following conditions:
  1. a)The Alternate Compliance Officer must be a full time employee of the Licensed Person;
  2. b)The Alternate Compliance Officer must not engage in any part time employment or act as a consultant outside the business of the Licensed Person;
  3. c)The Alternate Compliance Officer must be a resident in the UAE;
  4. d)A foreign national must be under the employment visa of the Licensed Person when employed as an Alternate Compliance Officer;
  5. e)The Alternate Compliance Officer must directly report to the Compliance Officer or to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) during the absence of the Compliance Officer;
  6. f)The Alternate Compliance Officer must have authority to act without any interference from the Manager in Charge or other employees of the Licensed Person;
  7. g)If the Licensed Person is in possession of either a Category B or Category C License, the role of its Alternate Compliance Officer must not be combined with any other function of the Licensed Person; and
  8. h)If the Licensed Person is in possession of a Category A License, the role of its Alternate Compliance Officer may be combined with any other function of the Licensed Person which does not create any conflict of interest.
2. 16.5.2Prior Approval for the Appointment:
  1. a)A Letter of No Objection must be obtained for appointing an Alternate Compliance Officer by submitting the following to the Banking Supervision Department:
    - •Letter from the authorized signatory seeking the Letter of No Objection from the Central Bank;
    - •Duly completed APA Form (Refer to Appendix 5 for this Form) and supporting documents; and
    - •Undertaking letter from the authorized signatory of the Licensed Person confirming the binding commitment of the Alternate Compliance Officer and the Licensed Person to comply with Paragraphs 16.5.1 (a) to (g) of this Chapter.
  2. b)The Central Bank shall conduct a fit and proper test on the proposed Alternate Compliance officer of the Licensed Person. The Central Bank reserves the right to:
    - •interview the proposed Alternate Compliance Officer as part of the fit and proper test, if it deems it necessary; and
    - •issue or decline the approval for the proposed Alternate Compliance Officer.
  3. c)In case the prior approval is rejected by the Central Bank, the Licensed Person must propose a new Alternate Compliance Officer within the timeline provided by the Central Bank in the Letter of Rejection. If a specific timeline is not provided in the Letter of Rejection, then the Licensed Person must propose a new Alternate Compliance Officer within a period of one hundred and eighty (180) calendar days from the date of Letter of Rejection; and
  4. d)Full details of the Alternate Compliance Officer must be provided to the FID via email to cbuaeamlscu@cbuae.gov.ae (Refer to Notice Number 1401/2010 issued by the Central Bank on 16^th March 2010).
3. 16.5.3Resignation of the Alternate Compliance Officer and Notification to the Central Bank:
  1. a)The Licensed Person must notify the Banking Supervision Department, within five (5) working days, in case the Alternate Compliance Officer resigns or vacates the office in any other manner with reasons thereof via email to: info.ehs@cbuae.gov.ae; and
  2. b)The Licensed Person must appoint a permanent replacement, within a period of one hundred and eighty (180) calendar days from the date when the position of the Alternate Compliance Officer falls vacant, after obtaining a Letter of No Objection from the Banking Supervision Department (Refer to Paragraph 16.5.2 of this Chapter for more information).
4. 16.5.4Removal of the Alternate Compliance Officer:
  1. a)The Central Bank reserves the right to remove the Alternate Compliance Officer of a Licensed Person at its sole discretion;
  2. b)The Licensed Person, in such cases, must comply with Paragraph 16.5.3 (b) of this Chapter; and
  3. c)The Central Bank reserves the right to communicate or not to communicate reasons to the Licensed Person for its decision to remove the Alternate Compliance Officer.

16.6 Continuous Professional Development Programs (CPD)
1. 16.6.1The Compliance Officer, Alternate Compliance Officer and other employees of the AML/CFT Compliance Department must undergo a minimum of forty eight (48) hours external training in AML/CFT compliance every year; and
2. 16.6.2Participation in any one or a combination of the following is acceptable in relation to CPD programs in this context:
  1. a)AML/CFT conferences or meetings or workshops whether inside or outside the UAE;
  2. b)face to face training by external agencies whether inside or outside the UAE;
  3. c)training by industry associations or regulatory bodies; and
  4. d)Web based training.

16.7 Know Your Customer (KYC) Process
1. 16.7.1The Licensed Person must carry out KYC process for its customers in order to confirm who its customers are, and to ensure that the funds involved in their transactions are originating from legitimate sources and used for legitimate purposes;
2. 16.7.2The Licensed Person must apply an appropriate KYC Process for its customers depending on the ML/FT risks associated with each customer or transaction; and
3. 16.7.3There are three different types of KYC Processes that must be applied based on the ML/FT risk associated with a customer. These are:
  1. a)Customer Identification (CID) Process;
  2. b)Customer Due Diligence (CDD) Process; and
  3. c)Enhanced Due Diligence (EDD) Process.

16.8 Customer Identification (CID) Process for Natural Persons
1. 16.8.1The Customer Identification (CID) process, in accordance with Paragraphs 16.8.2 to 16.8.5 of this Chapter, must be applied for natural persons who carry out “foreign currency exchange” transactions of value between AED 3,600 and AED 35,999.75. Please refer to Paragraph 16.13.1 of this Chapter for KYC process to be applied for natural persons who repeatedly exchange foreign currency of value below AED 3,600 per transaction;
2. 16.8.2The Customer Identification process is the verification of the original identification documents of the customer who is a natural person and systematically recording basic customer information in the Point of Sale system;
3. 16.8.3The Licensed Person must not accept any identification document (ID) other than one from the below list (in the order of preference) with an exception provided under Paragraph 16.13.2 of this Chapter:
  1. a)Emirates ID; or
  2. b)Passport with valid visa; or
  3. c)GCC National ID for GCC nationals.
4. 16.8.4Customer’s full legal name, residential status, mobile number, nationality, date of birth, ID type (whether Emirates ID, Passport or GCC national ID) and ID number must be recorded in the Point of Sale system;
5. 16.8.5The following customer information must be printed on the transaction receipt:
  1. a)Full legal name;
  2. b)Residential status (whether UAE Resident or UAE Non-Resident);
  3. c)Mobile number;
  4. d)Nationality;
  5. e)ID type (whether Emirates ID or Passport or GCC national ID); and
  6. f)ID number.

16.9 Customer Due Diligence (CDD) for Natural Persons
1. 16.9.1The Customer Due Diligence (CDD) process, in accordance with Paragraphs 16.9.2 to 16.9.11 of this Chapter, must be applied for a natural person who carries out the following transactions:
  1. a)Foreign currency exchange transactions, either one off or multiple in ninety (90) calendar days, of value between AED 36,000 and AED 99,999.75; and
  2. b)Money transfers, whether inward or outward, of value between AED 1 and AED 74,999.75.
2. 16.9.2Customer Due Diligence (CDD) is the process where additional information about the customer, who is a natural person, is collected via a customer onboarding process in accordance with Paragraph 16.9.3 of this Chapter;
3. 16.9.3The Licensed Person must create a customer profile by recording the customer information in its Point of Sale system and then provide a permanent “Unique Identification Number (UIN)” to the customer. The customer must be allowed to carry out transactions at the branch(es) of the Licensed Person only by using the Unique Identification Number. The Licensed Person must also comply with Paragraph 16.13.12 of this Chapter at all times;
4. 16.9.4The following customer information, at a minimum, must be captured in the Point of Sale system in addition to the verification of the original ID in accordance with Paragraph 16.8.3 of this Chapter:
  1. a)Full legal name;
  2. b)Residential status (whether UAE Resident or UAE Non-Resident);
  3. c)Address in the UAE (for UAE Residents);
  4. d)Temporary address in the UAE and the permanent address in the home country (for UAE Non-Residents);
  5. e)Mobile number;
  6. f)Email, if available;
  7. g)Date of Birth;
  8. h)Nationality;
  9. i)Country of Birth;
  10. j)ID type (whether Emirates ID or Passport or GCC national ID);
  11. k)ID number;
  12. l)ID place of issue;
  13. m)ID issue date;
  14. n)ID expiry date;
  15. o)Profession; and
  16. p)Expected annual activity (i.e. expected annual value and number of transactions for future transaction monitoring).
5. 16.9.5Area or district, city, Emirate or state or province and country must be recorded in the Point of Sale system as part of the address. The Licensed Person is expected to record the P.O Box number, house number/name, apartment or room number, building number/name, street name in the system wherever practically possible;
6. 16.9.6A copy of the ID must be retained from the original identification document which must be certified (i.e. certified copy) as “Original Sighted and Verified” under the signature of the employee who carries out the customer due diligence process;
7. 16.9.7The UIN given to a customer by a Licensed Person must be unique in nature and the same UIN must not be assigned to more than one customer. The same customer must not be given more than one UIN by a Licensed Person. Appropriate validation rules must be implemented in the system to comply with this requirement;
8. 16.9.8The customer profile must be reviewed and updated either annually or upon the expiry of the Identification Document whichever comes first. The original ID as per Paragraph 16.8.3 of this Chapter must be verified and its certified copy must be held in the records during the review of a customer profile;
9. 16.9.9Information on the “source of funds” and “purpose of transaction” must be captured in the Point of Sale system for each transaction that undergoes the CDD process;
10. 16.9.10The below customer information must be printed on the transaction receipt, at a minimum:
  1. a)Unique Identification Number (UIN) of the customer;
  2. b)Full legal name of the customer;
  3. c)Address in the UAE (required when the customer is a UAE Resident) - P.O Box number and street (if available), city, Emirate;
  4. d)Permanent address in the home country (required only when the customer is a UAE NonResident) - P.O Box number and street (if available), city, state or province, country;
  5. e)Mobile number;
  6. f)Nationality;
  7. g)ID type (whether Emirates ID or Passport or GCC national ID);
  8. h)ID number;
  9. i)ID place of issue;
  10. j)ID issue date;
  11. k)Method of payment (whether cash or cheque, etc.);
  12. l)Source of funds;
  13. m)Purpose of transaction; and
  14. n)Beneficiary’s name and bank account details (wherever applicable).
11. 16.9.11The receipt must be signed by the customer and must be retained in the records along with all KYC supporting documents in accordance with Paragraph 16.24 of this Chapter.

16.10 Enhanced Due Diligence (EDD) Process for Natural Persons
1. 16.10.1During the Enhanced Due Diligence for natural persons, the source of funds and purpose of transaction must be verified and confirmed in accordance with Paragraphs 16.10.2 to 16.10.5 of this Chapter in addition to the CDD process as per Paragraph 16.9 of this Chapter;
2. 16.10.2Below are the thresholds for the Enhanced Due Diligence for natural persons:
  1. a)Foreign currency exchange transactions of value equal to or above AED 100,000:- Evidence for the source of funds (example: bank statements) must be collected for verification in case the customer pays cash. Complete information of the purpose of the transaction must be collected. Appropriate evidence must be collected for the verification of the purpose of transaction in case there is any doubt or suspicion about the information provided by the customer;
  2. b)Outward money transfers of value equal to or above AED 75,000:- Evidence for the source of funds (example: bank statements) must be collected for verification if the customer pays cash. Complete information on the purpose of the transaction must be collected. Appropriate evidence must be collected for the verification of the purpose of transaction in case there is any doubt or suspicion about the information provided by the customer; and
  3. c)Inward money transfers of value equal to or above AED 75,000:- Full information for the source of funds and the purpose of transaction must be collected and recorded. Appropriate evidences must be collected for the verification of the purpose of transaction in case there is any doubt or suspicion about the information provided by the customer.
3. 16.10.3The following customer information must be printed on the transaction receipt, at a minimum:
  1. a)Unique Identification Number (UIN) of the customer;
  2. b)Full legal name of the customer;
  3. c)Address in the UAE (required when the customer is a UAE Resident) - P.O Box number and street (if available), city, Emirate;
  4. d)Permanent address in the home country (required only when the customer is a UAE NonResident) - P.O Box number and street (if available), city, state or province, country;
  5. e)Mobile number;
  6. f)Nationality;
  7. g)ID type (whether Emirates ID or Passport or GCC national ID);
  8. h)ID number;
  9. i)ID place of issue;
  10. j)ID issue date;
  11. k)Method of payment (whether cash or cheque, etc.);
  12. l)Source of funds;
  13. m)Purpose of transaction; and
  14. n)Beneficiary’s name and bank account details (wherever applicable).
4. 16.10.4The receipt must be signed by the customer and must be retained in the records along with all KYC supporting documents in accordance with Paragraph 16.24 of this Chapter; and
5. 16.10.5The Licensed Person must give special attention to transactions by natural persons who are visitors in the UAE. The Licensed Person may decide to perform the Enhanced Due Diligence on such customers regardless of their transaction value in case there is any doubt or suspicion about the information provided by such customers.

16.11 Enhanced Due Diligence (EDD) Process for Legal Entities
1. 16.11.1The EDD process, in accordance with Paragraphs 16.11.2 to 16.11.11 of this Chapter, must be applied for a customer at the time of onboarding (i.e. prior to entering into any business relationship), if it is a legal entity. The EDD must include verification of the identity of the legal entity (i.e. its licenses, incorporation documents, etc.) and identification of its ultimate beneficial owners;
2. 16.11.2The Licensed Person must verify appropriate documents and retain copies to confirm information under Paragraph 16.11.3 of this Chapter. The following process must be followed at a minimum while onboarding a legal entity as a customer:
  1. a)An appropriate KYC Questionnaire of the Licensed Person must be completed and signed by the legal entity;
  2. b)Ownership structure of the legal entity must be collected including the purpose and nature of the intended business relationship;
  3. c)Collect copies of valid permissions/licenses of the entity from competent authorities to carry out the business (examples: certificate of incorporation, trading license or equivalent, license issued by the Central Bank or other competent authorities where applicable, etc.). Certify these copies as “Original Sighted and Verified” by the employee of the Licensed Person who carries out the KYC process after the verification of originals;
  4. d)Licensed Person must carry out a ML/FT risk assessment on business activities of the legal entity by visiting its business location. Also, carry out a risk assessment of its customers;
  5. e)Original identification documents (in accordance with Paragraph 16.8.3 of this Chapter) of Ultimate Beneficial Owners (UBO) must be verified and retain the copies after certification by the employee of the Licensed Person as “Original Sighted and Verified”;
  6. f)Collect the list of authorized signatories and verify their original identification documents (copies to be certified as “Original Sighted and Verified” and must retain in the records);
  7. g)Assess and record the expected annual activity (annual value and number of transactions for future transaction monitoring);
  8. h)Authorization letter must be taken for representatives of the legal entity who carry out transactions on its behalf;
  9. i)Verify original identification documents of representatives, who have authorization to carry out transactions, in accordance with Paragraphs 16.8.3 and 16.9.6 of this Chapter (copies to be certified as “Original Sighted and Verified” and must retain in the records). Such representatives must be UAE residents. The relationship of such representative with the legal entity must be established;
  10. j)Apply sanction checks and internet searches on the name of the legal entity, Ultimate Beneficial Owners, group companies, subsidiaries and the names of representatives of the legal entity who are authorized to carry out transactions on its behalf;
  11. k)Apply FPEP checks on Ultimate Beneficial Owners and where the Ultimate Beneficial Owner is a FPEP, the Licensed Person must collect the information about the source of wealth of such UBO; and
  12. l)Both the Manager in Charge and the Compliance Officer must approve the business relationship with legal entities. Where an Ultimate Beneficial Owner is FPEP, the business relationship with such legal entity must be established only after obtaining approval of the Board of Directors (or of the Owner/Partners where there is no Board of Directors).
3. 16.11.3The following information about the customer, which is a legal entity, must be recorded in the Point of Sale system, at a minimum, to create the customer profile and the “Unique Identification Number” (UIN) after completing the Enhanced Due Diligence process under Paragraphs 16.11.1 and 16.11.2 of this Chapter:
  1. a)Full legal name of the entity;
  2. b)Residential status (whether incorporated/operating within the UAE or outside the UAE);
  3. c)Address (P.O Box, Shop No., Building name, Street, City, Emirate, Country);
  4. d)Phone numbers;
  5. e)Fax number;
  6. f)Email;
  7. g)Date of establishment;
  8. h)ID type (whether trade license or the equivalent);
  9. i)Trade license (or the equivalent) number;
  10. j)Trade license (or the equivalent) place of issue;
  11. k)Trade license (or the equivalent) issue date;
  12. l)Trade license (or the equivalent) expiry date;
  13. m)Type of business of the entity;
  14. n)Names and ID details, such as ID types and ID numbers, of Ultimate Beneficial Owners of the entity;
  15. o)Names and ID details, such as ID types and ID numbers, of persons authorized to carry out transaction on behalf of the entity; and
  16. p)Expected annual activity (i.e. expected annual value and number of transactions for future transaction monitoring).
4. 16.11.4The Licensed Person must collect appropriate documents to verify and confirm the source of funds, purpose of transaction and the commercial/economic reason for each transaction by legal entities;
5. 16.11.5The following customer information must be printed on the transaction receipt, at a minimum:
  1. a)Unique Identification Number assigned to the entity (UIN);
  2. b)Full legal name of the entity;
  3. c)Address (P.O Box, Shop No., Building name, Street, City, Emirate, Country);
  4. d)Phone number;
  5. e)Name and ID number of the person representing the legal entity to carry out transactions on its behalf;
  6. f)Country of incorporation;
  7. g)ID type (whether trade license or the equivalent);
  8. h)Trade license (or the equivalent) number;
  9. i)Trade license (or the equivalent) place of issue;
  10. j)Trade license (or the equivalent) issue date;
  11. k)Trade license (or the equivalent) expiry date;
  12. l)Method of payment (whether cash or cheque, etc.);
  13. m)Source of funds;
  14. n)Purpose of transaction; and
  15. o)Beneficiary name and bank account details (wherever applicable).
6. 16.11.6The receipt must be signed by the representative of the legal entity who carries out the transaction on its behalf and must be retained in the records along with all KYC supporting documents in accordance with Paragraph 16.24 of this Chapter;
7. 16.11.7The Enhanced Due Diligence must be repeated and the customer profile, including the supporting evidence as per Paragraph 16.11.2 of this Chapter, must be updated annually at a minimum. The Licensed Person must ensure that copies of valid licenses are available in the records at all times. The Enhanced Due Diligence must also be repeated whenever there is a change in the profile of the customer, such as any change in the ownership of an entity;
8. 16.11.8The Enhanced Due Diligence in accordance with Paragraph 16.11.2 of this Chapter must also be undertaken before entering into below types of business relationships:
  1. a)Foreign correspondent banking arrangements, such as those with banks, exchange houses or any other financial institutions, for the purpose of money transfer services;
  2. b)Money transfer arrangements with instant money transfer service providers;
  3. c)Hedging arrangements with local or foreign institutions;
  4. d)Arrangements to import or export banknotes from/to foreign institutions, such as Banks, exchange houses or other financial institutions outside the UAE; and
  5. e)Arrangements with local or foreign entities to offer special products/services.
9. 16.11.9All business relationships under Paragraph 16.11.8 of this Chapter must be approved by the Compliance Committee of the Licensed Person;
10. 16.11.10While undertaking Enhanced Due Diligence as per Paragraph 16.11.8 of this Chapter on entities located outside the UAE, the Licensed Person may:
  1. a)visit the business locations of entities which are located in high risk countries in order to carry out risk assessment as per Paragraph 16.11.2 (d) of this Chapter (i.e. no site visit is required when such entities are located in low or medium risk countries);
  2. b)apply 20% (instead of 5% as per the definition under Appendix 1) in order to identify the Ultimate Beneficial Owners provided that it is a regulated banking institution and 10% (instead of 5% as per the definition under Appendix 1) in all other cases; and
  3. c)collect copies of the identification documents of Ultimate Beneficial Owners on a risk sensitive basis which are certified as “Original Sighted and Verified” by the Compliance Officer of such foreign entities, in case the verification of original documents by the Licensed Person is practically impossible.
11. 16.11.11The Licensed Person must not enter into any business relationship with a Shell Company or a Shell Bank.

16.12 Transactions by Societies
1. 16.12.1The Licensed Person must not accept societies such as Co-operative Societies, Charitable Societies, Social or Professional Societies as customers unless they produce a certificate signed by H.E Minister of Community Development confirming their identities and permitting them to collect donations or to make money transfers out of the UAE;
2. 16.12.2Enhanced Due Diligence in line with 16.11 must be carried out before entering into any business relationship with societies; and
3. 16.12.3Business relationships with societies must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors) of the Licensed Person.

16.13 Additional Provisions on CID, CDD and EDD
1. 16.13.1The Licensed Person must apply the CID process in accordance with Paragraph 16.8 of this Chapter for a natural person who repeatedly exchanges foreign currency (example: once in a week) of value below AED 3,600 per transaction;
2. 16.13.2The Licensed Person may accept a Seaman’s Pass/ID in order to complete the KYC Process, instead of acceptable IDs listed under Paragraph 16.8.3 of this Chapter, from natural persons who carry out the following transactions:
  1. a)Foreign currency exchange transactions of aggregate value up to AED 35,999.75 per week; and
  2. b)Money transfer transactions of aggregate value up to AED 27,000 per week.
3. 16.13.3The Licensed Person, while accepting transactions under Paragraph 16.13.2 of this Chapter, must apply the CID process in accordance with Paragraph 16.8 of this Chapter for foreign currency exchange transactions and the CDD process in accordance with Paragraph 16.9 of this Chapter for money transfer transactions (except Paragraph 16.8.3 of this Chapter) at a minimum;
4. 16.13.4The Licensed Person must apply the EDD process that is effective and proportionate to the ML/FT risks, including obtaining the approval of the Manager in Charge and the Compliance Officer, for establishing business relationships or one-off transactions with:
  1. a)FPEPs (Refer to Paragraph 16.20 of this Chapter);
  2. b)customers from high risk jurisdictions as identified by FATF and/or similar bodies;
  3. c)unusually complex transactions or those which have no clear economic or legal purpose;
  4. d)UAE Non-Resident customers; and
  5. e)transactions which the Licensed Person considers as high risk.
5. 16.13.5The Licensed Person must conduct the EDD process for a customer, irrespective of the value of transaction, if it has reasonable ground to suspect that the customer is engaging in money laundering or terrorist financing. In case the suspicion continues to exist even after the EDD, the Licensed Person must immediately report such cases to the FID in accordance with Paragraph 16.21 of this Chapter;
6. 16.13.6The Licensed Person must also conduct the EDD on its existing customers, if:
  1. a)there is a material change in the nature or ownership of a customer who is a juridical person;
  2. b)there is doubt about the reliability or adequacy of information previously obtained in relation to the customer; or
  3. c)there is any other reason that the Licensed Person deems it appropriate.
7. 16.13.7If it is unable to verify the customer’s identity using reliable and independent sources of data or information, the Licensed Person must:
  1. a)immediately terminate any relationship with the customer; and
  2. b)consider whether it should make a suspicious transaction report to the FID.
8. 16.13.8The Licensed Person must be able to demonstrate to the Central Bank Examiners that the KYC Process that has been applied is appropriate in view of its risks related to the money laundering, terrorist financing or related financial crimes;
9. 16.13.9The Licensed Person must carry out the CDD process for every pre-paid card customer in addition to introducing appropriate velocity controls to monitor the activity of the customer based on the number of cards purchased (whether non-reloadable or reloadable) or number of times reloaded (where it is a reloadable card). These transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts;
10. 16.13.10The customer using automated machines (i.e. Kiosks) for executing transactions must have the Unique Identification Number (UIN) issued by the Licensed Person. In such cases, the Licensed Person must ensure that the customer is not given privileges to add new beneficiaries for conducting money transfers via such Kiosks directly. The Licensed Person must also set a maximum limit, which shall not exceed AED 3,600 per transaction for money transfers via such machines. In any case, the total value of money transfers by a customer via such machines shall not exceed AED 10,000 per month. All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts;
11. 16.13.11The Licensed Person must comply with the instructions and conditions that are stated in the Letter of No Objection issued by the Banking Supervision Department for special products or services;
12. 16.13.12The Licensed Person must implement appropriate measures/controls to ensure that the Unique Identification Number issued to a customer is being used only by that customer at all times. The Licensed Person may consider the following to comply with this requirement:
  1. a)Verification of the original ID as per Paragraph 16.8.3 of this Chapter prior to accepting transactions from a customer; or
  2. b)Issue ID/Membership/Loyalty Cards that contain the basic customer details (such as name, date of birth, nationality, UIN etc.) including a recent photograph and such original cards must be verified prior to accepting transactions from customers; or
  3. c)Introduce appropriate biometric systems.
13. 16.13.13 Natural persons, who do not have a valid visa to stay in the UAE, must not be permitted to carry out transactions unless they are in the grace period upon cancellation or expiry of the residence permit or on amnesty;
14. 16.13.14The Licensed Person must understand the purpose and intended nature of the business relationship and obtain further information in higher risk situations;
15. 16.13.15 The Licensed Person must have measures/controls in place for conducting on-going due diligence to determine whether transactions are consistent with the profile of the customer;
16. 16.13.16 The Licensed Person must comply with wire transfer rules as specified in FATF Recommendation 16 for originating institution, beneficiary institution and intermediary institution, as applicable, notwithstanding the amount involved; and
17. 16.13.17 The Licensed Person must apply the following KYC process for a customer who exchanges low denomination currency notes to larger ones:
  1. a)Customer Due Diligence (CDD) process, in accordance with Paragraph 16.9 of this Chapter, must be applied for a natural person when the value of such transaction is between AED 36,000 and AED 99,999.75;
  2. b)Enhanced Due Diligence (EDD) process, in accordance with Paragraph 16.10 of this Chapter, must be applied for a natural person when the value of such transaction is equal to or above AED 100,000;
  3. c)Enhanced Due Diligence (EDD) process, in accordance with Paragraph 16.11 of this Chapter, must be applied in case the customer is a legal entity irrespective of the value of such transaction; and
  4. d)If there are any reasonable grounds to suspect money laundering and/or terrorist financing, the Licensed Person must file a Suspicious Transaction Report (STR) with the FID, irrespective of the value of such transaction. Please refer to Paragraph 16.21.2 of this Chapter for more information on suspicious transaction reporting.

16.14 Third Party Transactions
1. 16.14.1A transaction is treated as a third party transaction when it is carried out by a person (hereafter known as ‘the representative’) on behalf of another natural person or a legal entity (hereafter known as ‘the beneficial owner of funds’). The Licensed Person must not accept third party transactions except in cases that are mentioned under Paragraphs 16.14.2 to 16.14.6 of this Chapter;
2. 16.14.2The Licensed Person may accept the transaction by a natural person on behalf of another natural person subject to the following conditions:
  1. a)The representative must produce a duly executed Power of Attorney (PoA) from the beneficial owner of funds to carry out such transactions. Where there is no PoA, the beneficial owner of funds must issue a letter authorizing the representative to carry out transactions on his/her behalf. The beneficial owner of funds must visit the Licensed Person to sign such letter of authority, the validity of which shall not exceed two (2) years from the date of issue;
  2. b)The letter of authority must refer to the type of transactions (whether currency exchange or money transfer) which the representative is authorized to carry out on behalf of the beneficial owner of funds as well as the identification details of both parties. The letter must also include the beneficiary details in the case of a money transfer transaction;
  3. c)The signature of the beneficial owner of funds in the letter of authority must be verified against that in the passport or the Emirates ID;
  4. d)The representative and the beneficial owner of funds must both be resident in the UAE;
  5. e)Original identification documents of both parties must be collected and verified in addition to retaining the copies of such identification documents certified as “Original Sighted and Verified”;
  6. f)The beneficial owner of funds must undergo the CDD process in accordance with Paragraph 16.9 of this Chapter. The EDD process must be applied, when applicable, in accordance with Paragraph 16.10 of this chapter;
  7. g)All transactions must be recorded in the system against the Unique Identification Number of the beneficial owner of funds. Name and ID details of the representative must also be recorded in the Point of Sale system;
  8. h)The names of both parties must be subjected to the sanction/FPEP screening. In the case of money transfer transactions, the beneficiary’s name as well as the name of beneficiary bank must also be appropriately screened;
  9. i)The name of the representative must be printed separately on the transaction receipt in addition to the information of the beneficial owner of funds in accordance with Paragraph 16.9.10 or 16.10.3 of this Chapter, whichever is applicable; and
  10. j)All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts.
3. 16.14.3The Requirement under Paragraph 16.14.2 of this Chapter is not applicable, where the transaction is carried out by a natural person on behalf of another natural person who is either working as domestic helper (examples are: house maid, cook, servant, cleaner, etc.) or unable to visit the licensed premises due to the inherent nature of their work/living conditions, subject to the following conditions:
  1. a)The representative must produce a letter signed by the beneficial owner of the funds authorizing the representative to carry out transactions. This letter of authority must refer to the type of transactions (whether currency exchange or money transfer) which the representative is authorized to carry out on behalf of the beneficial owner of funds as well as the identification details of both parties. The letter must also include the beneficiary details in the case of a money transfer transaction;
  2. b)The total value of transactions, whether foreign currency exchange or inward/outward remittance, shall not exceed AED 24,000 during a rolling three hundred and sixty five (365) days from the date of the first transaction for each beneficial owner of funds;
  3. c)The representative and the beneficial owner of funds must both be resident in the UAE;
  4. d)Original identification documents of both parties must be collected and verified in addition to retaining the copies of such identification documents certified as “Original Sighted and Verified”;
  5. e)The representative must undergo the CDD process in accordance with Paragraph 16.9 of this Chapter. The EDD process must be applied, when applicable, in accordance with Paragraph 16.10 of this Chapter. The Licensed Person is expected to take all measures practically possible to confirm that such transactions are genuine without leaving any chance for doubt or confusion for misuse of this arrangement;
  6. f)All such transactions must be recorded in the system against the Unique Identification Number of the representative. The name and ID details of the beneficial owner of funds must also be recorded in the Point of Sale system. The SMS notifications in accordance with Paragraph 4.9 of Chapter 4 must go directly to the beneficial owner of funds;
  7. g)The names of both parties must be subjected to sanction/FPEP screening. In the case of money transfer transactions, the beneficiary’s name as well as the name of beneficiary bank must also be appropriately screened;
  8. h)The name of the beneficial owner of funds must be printed separately on the transaction receipt in addition to the information of the representative in accordance with Paragraph 16.9.10 or 16.10.3 of this Chapter, whichever is applicable;
  9. i)All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts; and
  10. j)In case of any doubt or confusion regarding the documents submitted or information provided by the representative, the Licensed Person must insist the beneficial owner of funds to personally visit the Licensed Person to complete the KYC process. If the beneficial owner of the funds refuses to visit the Licensed Person, the relationship must be terminated and the case must be reported to the FID immediately where necessary.
4. 16.14.4Transactions by a natural person on behalf of another legal entity in the UAE falls under the scope of the EDD Process under Paragraph 16.11 of this Chapter. The conditions under Paragraph 16.14.5 of this Chapter must be applied where the remittance transactions are for importing goods or payment for services;
5. 16.14.5Remittance transactions from legal entities in the UAE for importing goods or payment for services (i.e. trade related transactions), must only be accepted subject to the below conditions:
  1. a)Enhanced Due Diligence (Please refer to Paragraph 16.11 of this Chapter) must be completed for each legal entity before onboarding the customer;
  2. b)The Licensed Person must establish the commercial/economic reason for each remittance transaction;
  3. c)The Licensed Person must ensure that supporting documents, such as Invoices, are in the name of the legal entity in the UAE and the goods are destined for the UAE;
  4. d)The names of all parties involved in the transaction such as names of remitter (i.e. legal entity), its Owner/Partners/Shareholders, authorized person who carries out the transaction (i.e. the representative) and beneficiary must undergo sanction/FPEP screening for each transaction;
  5. e)Preference must be given to settle such transactions through a bank, either by cheque or via bank transfer, instead of accepting cash;
  6. f)The Licensed Person must collect the original Bill of Lading/Airway Bill for the post transaction (i.e. after executing such transactions) verification, whenever the same is issued. A copy of the original Bill of Lading/Airway Bill certified as “Original Sighted and Verified” under the signature of the employee who carries out the KYC Process must be retained;
  7. g)The Licensed Person must also track the movement of such goods using an appropriate container/vessel tracking system when the settlement of the underlying transaction is in cash. Appropriate logs and evidences must be maintained by the Licensed Person for such tracking;
  8. h)All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts; and
  9. i)The authorized person who carries out the transaction (i.e. the representative) on behalf of the legal entity must be a resident in the UAE.
6. 16.14.6Where a legal entity in the UAE (i.e. the remitter) which remits on behalf of another entity outside the UAE (i.e. beneficial owner of funds) who imports goods or pays for services, the Licensed Person must accept such transactions subject to the below conditions:
  1. a)The Licensed Person must undertake the EDD on the remitter which must be in accordance with Paragraph 16.11 of this Chapter;
  2. b)The Licensed Person must also undertake the EDD on the beneficial owner of funds;
  3. c)There must be at least one shareholder or partner common to both entities (i.e. legal entity in the UAE and the entity outside the UAE);
  4. d)In case, there is no shareholder or partner common to both entities, then there must be a legally valid agreement between the remitter and the beneficial owner of funds, authorizing the remitter to carry out such transaction;
  5. e)All documents related to the incorporation of the entity outside the UAE (i.e. beneficial owner of funds) and the agreement between both the parties must be appropriately attested by relevant authorities in the respective foreign country and in the UAE;
  6. f)The name of the beneficial owner of the funds and its Owner/Partners/Shareholders must be captured in the POS system in addition to the required information of the remitter as per Paragraph 16.11.3 of this Chapter. Names of all parties involved in the transaction such as names of the remitter, beneficial owner of funds, Owner/Partners/Shareholders of both entities, authorized person who carries out the transaction (i.e. the representative) and beneficiary must undergo sanction/FPEP screening for each transaction;
  7. g)The Licensed Person must establish the commercial/economic reasons for each remittance transaction;
  8. h)The Licensed Person must ensure that supporting documents, such as invoices, are in the name of the beneficial owner of funds and the goods are destined for the home country of the beneficial owner of the funds;
  9. i)Preference must be given to settle such transactions through bank, either by cheque or via bank transfer, instead of accepting cash;
  10. j)The name of beneficial owner of funds must be printed on the receipt in addition to the information of the remitter as per Paragraph 16.11.5 of this Chapter;
  11. k)The Licensed Person must collect the original Bill of Lading/Airway Bill for post transaction verification whenever it is issued. A copy of the original Bill of Lading/Airway Bill certified as “Original Sighted and Verified” under the signature of the employee who carries out the KYC Process must be retained;
  12. l)The Licensed Person must track the movement of goods via an appropriate container/vessel tracking system in all cases of such remittance transactions. Appropriate logs and evidences must be maintained by the Licensed Person for such tracking;
  13. m)All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts;
  14. n)In case of any doubt or confusion regarding the documents submitted or information provided by the beneficial owner of funds, remitter or representative, then the Licensed Person must exit the relationship and the case must be reported to the FID immediately; and
  15. o)The authorized person who carries out the transaction (i.e. the representative) on behalf of the legal entity in the UAE must be a resident in the UAE.
7. 16.14.7The Licensed Person must not accept any transactions from a natural person, who is acting in personal capacity, on behalf of any foreign entity or a natural person who is a UAE Non-Resident.

16.15 Declaration Regarding Importing of Cash (DRIC)
1. 16.15.1The Licensed Person must comply with the Cash Declaration Regulations dated 09^th January 2011 and any subsequent amendments thereto;
2. 16.15.2The Licensed Person must collect and retain the original DRIC if the customer exchanges the full amount as stated in the DRIC;
3. 16.15.3In case the customer exchanges only part of the total amount stated in the DRIC, then the actual amount of currency exchanged by the Licensed Person must be endorsed on the original DRIC under the signature of the employee who carries out the KYC process and under the official stamp of the Licensed Person. In such cases, the original DRIC can be returned to the customer, but its copy after endorsement must be retained with the Licensed Person;
4. 16.15.4In case the amount of any partial exchange is endorsed on a DRIC, the Licensed Person who accepts such DRIC must exchange only the balance of the amount of currencies to ensure that the total amount of currency exchanged by the customer using the same DRIC does not exceed the total value stated in the DRIC; and
5. 16.15.5The DRIC form collected from a customer must not be treated as evidence for the source of funds or the purpose of a transaction. Appropriate due diligence procedures must be conducted and supporting documents as evidence for the source of funds or purpose of transaction must be collected whenever and wherever necessary.

16.16 Recruitment and Know Your Employee (KYE) Process
1. 16.16.1The Licensed Person must implement an appropriate recruitment and Know Your Employee process for hiring employees in accordance with Paragraph 8.2 of Chapter 8.

16.17 AML Training
1. 16.17.1The Licensed Person must provide comprehensive AML/CFT compliance training to all employees including its Manager in Charge, functional heads, Directors of the Board and Owner/Partners/Shareholders. The Licensed Person is required to coordinate with the FID regarding such training;
2. 16.17.2The AML/CFT compliance training must be provided to all new joiners within thirty (30) calendar days from the date of joining. The new joiners must not be allowed to serve any customer independently until they have successfully completed such training. Refresher training must be provided to all employees at regular intervals;
3. 16.17.3The frequency of refresher AML/CFT compliance training may be determined based on the ML/FT risk exposure of each employee. Employees who deal directly with customers, products or services must be trained at least annually at a minimum;
4. 16.17.4Refresher training must also be provided whenever there are changes in the AML Laws, Regulations, Notices, the Standards or the Licensed Person’s AML policy/procedures;
5. 16.17.5Appropriate processes must be implemented to periodically assess the AML/CFT awareness of employees and repeat training must be planned based on the result of such assessment process;
6. 16.17.6Appropriate AML/CFT training registers must be maintained in order for the Central Bank Examiners to verify the training history of each employee;
7. 16.17.7Evidence for all trainings conducted such as, the training policy, training materials, training register, training plan, training schedules, assessment sheets, training certificates, etc. must be retained for the verification by the Central Bank Examiners;
8. 16.17.8The AML/CFT training materials must be reviewed and updated at regular intervals or whenever there are changes in the AML Laws, Regulations, Notices, the Standards and the Licensed Person’s AML Policy/ Procedures; and
9. 16.17.9The AML/CFT training materials must cover, at a minimum:
  1. a)Money laundering and terrorist financing, definitions, typologies as well as recent trends;
  2. b)ML/FT risks associated with the products and services offered by the Licensed Person;
  3. c)AML/CFT policies and procedures including the highlights on recent changes;
  4. d)The regulatory responsibilities and obligations of employees under AML/CFT Laws, Regulations, Notices and the Standards;
  5. e)Description of Know Your Customer process and its importance;
  6. f)Due Diligence measures and procedures for monitoring transactions;
  7. g)Sanction screening and FPEP screening procedures;
  8. h)Red flags to identify unusual transactions or transaction patterns or customer behaviours;
  9. i)Processes and procedures of making internal disclosures of unusual transactions;
  10. j)Roles of the Compliance Officer and Alternate Compliance Officer including their full contact details;
  11. k)Tipping off;
  12. l)Record retention policy;
  13. m)Reference to industry guidance and other sources of information;
  14. n)Emerging ML/FT risks and measures to mitigate such risks;
  15. o)Penalties for non-compliance with the AML/CFT Laws, Regulations, Notices and the Standards; and
  16. p)Disciplinary procedures to be applied on employees for not adhering to the AML Policy and Procedures.

16.18 Transaction Monitoring
1. 16.18.1The Licensed Person must continuously monitor transactions on a risk-sensitive basis which must consist of the following:
  1. a)Scrutinizing the transactions concluded by a customer to ensure that transactions are consistent with the Licensed Person’s knowledge of the customer, the customer’s business, risk profile, the source of funds and where necessary, source of the customer’s wealth; and
  2. b)Reviewing the records of a customer to ensure that documents and information collected using KYC measures and ongoing monitoring for the customer are kept up-to-date and relevant.
2. 16.18.2The Licensed Person must introduce automated systems and tools to support transaction monitoring appropriate to the nature, size and complexity of its business;
3. 16.18.3The monitoring systems must be configured to identify abnormal/unusual transactions, patterns of activities or behaviours of customers by defining sufficient number of rules and parameters within the system. Special attention must be given to third party transactions while defining rules and parameters;
4. 16.18.4Information related to the expected annual activity collected at the time of customer onboarding process must be used to assess any deviations or unusual behaviours/patterns;
5. 16.18.5All abnormal/unusual transactions must be investigated and supporting records must be retained for the minimum retention period as per Paragraph 16.24 of this Chapter; and
6. 16.18.6After investigation of abnormal/unusual transactions, if reasonable grounds are established to suspect money laundering, terrorist financing and/or financing of illicit organizations, such transactions must be reported to the FID immediately. Please refer to Paragraph 16.21.2 of this Chapter for further information.

16.19 Sanction Screening
1. 16.19.1Appropriate systems must be introduced for real time screening, as part of the KYC process, on all parties involved in a transaction against all applicable sanction lists (i.e. the UN sanction lists and the names contained in the ‘search notices’/‘search and freeze notices’ issued by the Central Bank);
2. 16.19.2Written processes and procedures for the escalation and clearing of potential sanction matches must be introduced;
3. 16.19.3The logs/records related to the clearing of potential sanction matches must be available in the system for five (5) years;
4. 16.19.4The UN sanction lists must regularly and automatically be updated within the Point of Sale/computer systems of the Licensed Person preferably without any manual intervention. Addition and deletion of names in the UN sanction lists must be immediately updated by the Licensed Person as and when such changes are announced by the UN Security Council. Appropriate logs must be maintained in the system to confirm such updates;
5. 16.19.5In case the name of a customer is an exact match (i.e. a true match) to a name or names in the UN sanction lists or ‘search and freeze notices’ issued by the Central Bank, the Licensed Person must immediately freeze the funds of that customer. The Licensed Person must immediately inform the FID along with the details of the customer and the amount of funds frozen for further instructions. The Licensed Person must not defreeze such amounts without obtaining a confirmation from the FID;
6. 16.19.6In case the name of a party to a transaction is an exact match to a name or names in ‘search notices’ issued by the Central Bank, the Licensed Person must immediately follow the instructions provided in such notices; and
7. 16.19.7Sanction screening must be applied in the below cases:
  1. a)In the case of foreign currency exchange transactions, the customer’s name must be screened against the sanction lists;
  2. b)In the case of money transfer transactions, the Remitter’s name and Beneficiary’s name as well as the name of beneficiary bank must be screened against sanction lists;
  3. c)Where the transactions are conducted by a legal entity, the name of the authorised person who carries out the transaction (i.e. the representative) must be screened against sanctions lists in addition to the name of the entity and its Ultimate Beneficial Owners. The Licensed Person, where applicable, must also comply with Paragraph 16.19.7 (b) of this Chapter; and
  4. d)The Licensed Person must also comply with the sanction screening requirements, in the case of third party transactions, as required by Paragraph 16.14 of this Chapter.

16.20 Foreign Politically Exposed Person (FPEP) and Head of International Organization (HIO) Checks
1. 16.20.1The Licensed Person must implement appropriate systems and tools to determine whether a customer, who is a natural person or the beneficial owner of a juridical person, is a FPEP or HIO or family members or associates of such a person. The Licensed Person must also carry out a periodic review of existing customers to determine if any of them is a FPEP or HIO or a family member or associate of such a person;
2. 16.20.2Where a natural person is found to be a FPEP or a family member or associate of a FPEP, the Licensed Person must carry out Enhanced Due Diligence to establish business relationship and to conduct transactions accordingly. In addition to this, the Licensed Person must also take reasonable measures to determine the source of funds and collect the information regarding the source of wealth of such customers, if it deems it necessary;
3. 16.20.3Where a natural person is found to be a HIO or a family member or associate of a HIO, the Licensed Person must assess the level of risks involved and must conduct Enhanced Due Diligence to take measures as appropriate, in case the risk is considered High for ML/FT;
4. 16.20.4Approval from the Compliance Officer and the Manager in Charge must be obtained before processing any transaction in the Point of Sale system for a natural person who is a FPEP and for high risk HIO;
5. 16.20.5The Licensed Person must refer to Paragraphs 16.11.2 (k) and (l) of this Chapter for requirements while entering into business relationships with juridical persons (i.e. legal entities) owned by FPEPs; and
6. 16.20.6All transactions by a FPEP or HIO or by an entity where the Ultimate Beneficial Owner is a FPEP or HIO must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts.

16.21 Suspicious Transaction Reporting
1. 16.21.1Internal disclosure requirements:
  1. a)The Licensed Person must implement procedures, controls, systems and tools for its employees to internally disclose all suspected cases of money laundering or terrorist financing directly to the Compliance Officer or to an appropriate member of the compliance department without any interference from the Manager in Charge or any other employee of the Licensed Person;
  2. b)All internal disclosures must be thoroughly investigated to confirm if there are reasonable grounds for suspicion;
  3. c)If the investigation of an internal disclosure does not reveal reasonable grounds for suspicion, then the Compliance Officer may decide either to close the case or keep it open for future monitoring; and
  4. d)The Compliance Officer must retain documentary evidence regarding all internal disclosures, details of investigations undertaken and reasons for closing a case or keeping the case open for future monitoring under watch list or for reporting to the FID.
2. 16.21.2External Reporting to the FID:
  1. a)As a primary requirement of submitting Suspicious Transaction Reports (STR), the Licensed Person must obtain access to the online STR reporting portal of the Central Bank. The Licensed Person may contact the FID or the Banking Supervision Department for appropriate guidance to obtain access to the STR reporting portal;
  2. b)The Compliance Officer must report all cases where there are reasonable grounds to suspect money laundering, terrorist financing and/or financing of illicit organizations to the FID including any attempted transactions by suspicious customers;
  3. c)Procedures and controls must be implemented to ensure timely reporting of suspected cases to the FID;
  4. d)The Licensed Person must comply with all directions of the FID in relation to STRs submitted to them;
  5. e)The Licensed Person must keep appropriate records of STRs reported to the FID; and
  6. f)The Licensed Person must freeze the funds involved in any suspicious transactions related to terrorism, terrorist organizations, foreign terrorist fighters or for terrorism purposes and immediately report to the FID without any delay.

16.22 Tipping Off
1. 16.22.1Tipping off is prohibited and is a punishable criminal offence. The Licensed Person or its employees must not inform customers or any persons or third parties, either directly or indirectly, that their transactions are subject to monitoring, are under investigation or have been reported to the FID as suspicious transactions; and
2. 16.22.2The Compliance Officer must ensure that all employees of the Licensed Person are aware of the consequences of tipping off such as penalties and imprisonment. Sufficient AML/CFT training must be provided to all employees to avoid tipping off.

16.23 Employee Behaviour
1. 16.23.1The Licensed Person must watch out for its employee’s behaviour, such as, an employee whose lifestyle cannot be supported by his/her salary or an employee who is reluctant to take a vacation or is associated with unusually large numbers of transactions, etc.

16.24 Record Retention
1. 16.24.1All documents/records related to transactions such as transaction receipts (except the receipts as per Paragraph 16.8.5 of this Chapter), KYC, Customer Due Diligence and Enhanced Due Diligence must be retained for a minimum period of five (5) years from the date of transaction;
2. 16.24.2Records, in the context of Paragraph 16.24.1 of this Chapter, include electronic communication and documentation as well as physical, hard copy communication and documentation;
3. 16.24.3Records retained by the Licensed Person must be sufficient to permit the reconstruction of individual transactions;
4. 16.24.4AML training registers, training plans, AML training materials and other evidence for providing AML training must be retained for a period of five (5) years from the date of training;
5. 16.24.5Supporting documents for the transaction monitoring and investigations carried out on unusual transactions must be retained for a minimum period of five (5) years;
6. 16.24.6All documents related to STRs including internal disclosures by employees must be retained for a minimum period of five (5) years from the date the STR was reported. In case the matter is subject to litigation in a court or under investigation by an enforcement agency, the supporting documents related to such transactions or STR must be retained until the final verdict is received from the court or until the Licensed Person is notified that the investigation is completed; and
7. 16.24.7Any other records to demonstrate compliance with the AML/CFT Laws, Regulations, Notices and the Standards must also be retained.

16.25 Bi-Annual Compliance Report
1. 16.25.1The Compliance Officer must prepare Bi-Annual Compliance Reports (i.e. reports for the six (6) months period ending on 30^th June and 31^st December of the respective financial year) in order to assess the effectiveness of the Licensed Person’s AML/CFT policies, procedures, systems and controls to prevent money laundering and terrorist financing;
2. 16.25.2Bi-Annual Compliance Reports must be submitted within one (1) month from the end of each reporting period to:
  1. a)the Compliance Committee; and
  2. b)the Board of Directors (or the Owner/Partners where there is no Board of Directors).
3. 16.25.3Bi-Annual Compliance Reports must cover at least the following:
  1. a)Assessment of ML/FT risks associated with the business of the Licensed Person and the effectiveness of its Policies, Procedures, Systems and Controls;
  2. b)Summary of the gap analysis between the AML/CFT Program of the Licensed Person and existing AML Laws, Regulations, Notices and the Standards as well as the actions taken by the Compliance Officer to bridge or resolve such gaps;
  3. c)Details of AML/CFT breaches highlighted in the most recent Central Bank examination report and the reports by Internal/External Auditors;
  4. d)The number of internal suspicious disclosures made by employees and the number of cases investigated, closed, kept open for future monitoring or reported to the FID as STRs during the reporting period;
  5. e)The number of suspicious transactions detected and reported to the FID via independent transaction monitoring by the Compliance Officer during the reporting period;
  6. f)Changes in the AML/CFT policies and procedures reviewed and the details of any AML/CFT policy or procedures newly introduced during the reporting period;
  7. g)Statistics on total employees, new joiners during the reporting period, number of employees trained and the number of employees not trained (if any) including reasons for not training employees;
  8. h)Areas where the AML/CFT training programme must be improved and proposals made to enhance the training;
  9. i)Recommendations to the Manager in Charge and the Board of Directors (or to the Owner/Partners where there is no Board of Directors) for the improvement of the AML/CFT function of the Licensed Person;
  10. j)Details of Compliance Officer’s requests for additional human resources, systems, controls, tools and technology changes for the attention of the Board of Directors (or of the Owner/Partners where there is no Board of Directors);
  11. k)An action plan to improve the AML/CFT compliance function for the next six (6) months along with the current status of similar action plan for previous six (6) months; and
  12. l)The conclusion of the Compliance Officer about the effectiveness of the existing AML/CFT function of the Licensed Person.
4. 16.25.4The Bi-Annual Compliance Report must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors); and
5. 16.25.5A copy of the Bi-Annual Compliance Report must be submitted to the Banking Supervision Department and the FID along with comments from the Board of Directors (or from the Owner/Partners where there is no Board of Directors) within four (4) months from the end of each reporting period.

16.26 Independent Audit/Agreed-Upon Procedures on AML/CFT Compliance Function
1. 16.26.1The Compliance officer’s function must undergo regular audit by the Internal Auditor. Internal audit findings must be reported to the Board of Directors (or to the Owner/Partners where there is no Board of Directors);
2. 16.26.2External Auditors must perform Agreed-Upon Procedures on the AML/CFT Compliance function annually and report their findings directly to the Board of Directors (or to the Owner/Partners where there is no Board of Directors). The Licensed Person must submit a copy of this report to the Banking Supervision Department within four (4) months from the end of each financial year; and
3. 16.26.3The Board of Directors (or the Owner/Partners where there is no Board of Directors) must ensure that appropriate actions are taken by the Compliance Officer, Manager in Charge and other functional heads to resolve findings of internal and external auditors in a timely manner.

16.27 Uploading of Remittance Data and Responding to Central Bank Queries
1. 16.27.1The Licensed Person must upload remittance data to the Central Bank Remittances Reporting System on a daily basis. Remittance data must be uploaded before the end of the next business day; and
2. 16.27.2The Licensed Person must also introduce appropriate systems and tools to enable immediate responses to the enquiries received from the Central Bank (example: Search or Freeze notices) and other competent authorities in the UAE.

16.28 New or Developing Technologies and Products and Transactions
1. 16.28.1The Licensed Person must pay special attention to any ML/FT risk that may arise from new or developing technologies, products or transactions that may favour anonymity and take measures to prevent the use of such products to launder money or finance terrorism.

16.29 Role of the Compliance Committee
1. 16.29.1Please refer to Paragraph 6.9.3 of Chapter 6 for the roles and responsibilities of the Compliance Committee.

16.30 Scope of the Standards
1. 16.30.1The standards under this Chapter shall apply to all Licensed Persons and their branches, offices and subsidiaries operating in the UAE as well as their employees, Board of Directors, Owner/Partners/Shareholders; and
2. 16.30.2The standards under this Chapter also apply to all branches and subsidiaries of the Licensed Person operating in foreign jurisdictions where the AML/CFT compliance requirements are less stringent than that contained in this Chapter.

16.31 Relationship with Other Documents
1. 16.31.1AML/CFT Standards of this Chapter must be read in conjunction with the following Laws and Regulations of the UAE:
  1. a)Federal Law number 4 of 2002 regarding Criminalization of Money Laundering;
  2. b)Federal Law Number 9 of 2014 regarding amendment of some provisions in Federal Law number 4 of 2002;
  3. c)Decree Number 38 of 2014 Regarding the Executive Bye Law of the Federal Law number 4 of 2002;
  4. d)Notice No. 24/2000 issued on 14^th November 2000 and its subsequent amendments;
  5. e)Notice No. 1401/2010 issued on 16^th March 2010; and
  6. f)Any other Notices, Circulars or Regulations issued hereafter by the Central Bank of the UAE on AML/CFT compliance.

E. Customer Protection Standards

Chapter 17: Customer Complaints Process

Introduction
The Central Bank expects the Licensed Person to provide services to its customers in an utmost professional manner and to ensure their rights are appropriately protected. This chapter summarizes the minimum standards that a Licensed Person must maintain at all times in order to handle complaints from its customers effectively and efficiently.

17.1 Customer Complaints Processes and Procedures
1. 17.1.1The Licensed Person must implement appropriate processes and procedures to resolve complaints from its customers in a timely manner.

17.2 Customer Support Officer
1. 17.2.1The Licensed Person must assign a dedicated phone number and an email ID for its customers to lodge their complaints;
2. 17.2.2The designated phone number and the email ID must be printed on all receipts given to the customer and also must be displayed at a prominent location in the licensed premises;
3. 17.2.3The Licensed Person must appoint/designate, subject to Paragraph 17.2.4 of this Chapter, an officer for handling customer complaints at its Head Office. The responsibilities of this officer must include the following:
  1. a)Receive complaints from customers either directly or through the branches;
  2. b)Record all complaints irrespective of its nature in a separate register;
  3. c)Resolve customer complaints; and
  4. d)Submit periodical reports to the Manager in Charge.
4. 17.2.4Depending on the nature, size and complexity of the business, the Licensed Person may appoint a dedicated Officer to handle customer complaints or combine this role with another suitable function subject to the conditions under Paragraphs 7.2.4 (a) of Chapter 7, 16.4.7 (a) and 16.5.1 (g) of Chapter 16;
5. 17.2.5Appropriate registers and log sheets must be maintained to record all customer complaints. Adequate entries must be made in such registers to demonstrate when the complaint was received or how and when it was resolved; and
6. 17.2.6All customer complaints must be dealt with fairly and promptly.

17.3 Turnaround Time
1. 17.3.1The Licensed Person must send a confirmation upon the receipt of every complaint to the customer within two (2) business days via SMS or email;
2. 17.3.2All complaints must be resolved within a reasonable period of time which shall not exceed ten (10) business days;
3. 17.3.3A final response must be provided to the customer within ten (10) business days; and
4. 17.3.4In case, a complaint is not resolved within ten (10) business days (i.e. an overdue complaint), the Licensed Person must update the customer, on the very next business day, with reasonable justifications for the possible delay.

17.4 Disclosure of Unresolved Complaints
1. 17.4.1The details of all overdue complaints for each month must be reported to the Manager in Charge within five (5) business days from the end of every month; and
2. 17.4.2The Manager in Charge must evaluate the effectiveness of the customer complaint procedure based on the report on overdue complaints.

17.5 Internal Audit
1. 17.5.1The scope of the internal audit must include the overall efficiency of the Licensed Person in addressing customer complaints; and
2. 17.5.2The Internal Auditor must give special attention to the turnaround time for each customer complaint and investigate the reasons for overdue complaints.

Chapter 18: Unclaimed Funds

Introduction
As part of protecting the interest of customers, the Licensed Person has an obligation to assess, document and disclose the amount of unclaimed funds and monitor such funds until it is paid to the respective customer(s). This chapter describes the meaning, treatment and disclosure requirements related to unclaimed funds.

18.1 Meaning of Unclaimed Funds
1. 18.1.1Funds involved in any money transfer transaction shall be treated as unclaimed funds under the following conditions:
  1. a)The funds involved in an outward money transfer to a bank account, whether local or foreign, will be considered as unclaimed funds if the Licensed Person fails to pay it back to the respective customer within seven (7) calendar days upon cancellation of that transaction by the remitter or upon being returned by the beneficiary bank as it could not credit the beneficiary’s account for various reasons. The Licensed Person must collect the funds back from the foreign or local bank if the settlement of such transaction has already been completed with the bank;
  2. b)The funds involved in an outward remittance via an instant money transfer service provider or any other financial institutions to be paid to the beneficiary in cash will be treated as unclaimed funds if the beneficiary fails to collect the funds within ninety (90) calendar days from the date of transaction. The Licensed Person must collect the funds back from the instant money transfer service provider or the financial institution if the settlement of such transaction has already been completed;
  3. c)The funds involved in a demand draft issued by the Licensed Person shall be considered as unclaimed funds if the beneficiary fails to cash such draft prior to the date of its expiry. The Licensed Person must collect the funds back from the foreign correspondent bank in case the settlement has already been completed;
  4. d)Inward remittance transaction for which the Licensed Person received the settlement funds from a foreign correspondent will be treated as unclaimed funds if it is not paid to the beneficiary within thirty (30) calendar days from the date of receiving the payment instruction unless it is refunded to such foreign correspondent; and
  5. e)WPS Funds held by the Licensed Person against the WPS SIF File rejected (due to errors in the SIF File) by the Central Bank must be classified as unclaimed funds if the client (i.e. the employer) fails to provide the correct file to the Licensed Person within five (5) business days from the date of rejection.

18.2 Management of Unclaimed Funds
1. 18.2.1The Licensed Person must ensure that unclaimed funds are assessed, documented, monitored and disclosed on a monthly basis subject to the below standards:
  1. a)The Licensed Person must implement Policies and Procedures to assess, document, disclose and monitor unclaimed funds. These Policies and Procedures must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors);
  2. b)Roles and responsibilities in relation to the management of unclaimed funds must be clearly defined;
  3. c)The unclaimed funds must be segregated and held as cash in local currency stock or kept in the local bank account. This fund must not be used for day to day business activities;
  4. d)The Licensed Person must constantly try to communicate with the respective customer(s) to refund unclaimed funds;
  5. e)The Licensed Person must assess the amount of unclaimed funds as on the last day of every month and disclose it as a separate item under “Current Liabilities” of the monthly return Form No. 1; and
  6. f)The Internal Auditor must review the procedures and the management of unclaimed funds as stated under Paragraphs 18.2.1 (a) to (e) of this Chapter and report its findings to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).

F. Appendices

Appendix 1: Definitions
1. 1.“the Central Bank” means the Central Bank of the United Arab Emirates.
2. 2.“the Banking Supervision Department (the BSD)” means the Banking Supervision Department at the Central Bank of the UAE.
3. 3.“the FID” means the Financial Intelligence Department at the Central Bank of the UAE (formerly known as the Anti-Money Laundering and Suspicious Cases Unit or the AMLSCU). It is the Financial Intelligence Unit (FIU) of the UAE and the sole national centre for receiving, analyzing and disseminating suspicious transaction reports (STRs) filed by banks, exchange houses, other financial institutions and designated non-financial businesses and professions (DNFBPs) as per the Federal Law No. (9) of 2014 regarding the amendment of some Provisions of the Federal Law No. (4) of 2002 regarding Criminalization of Money Laundering and its Executive By-Law No. (38) of 2014.
4. 4.“the Licensed Person” means any natural or juridical person authorized to conduct Exchange Business under the Regulations.
5. 5.“License” means license issued by the Central Bank for the carrying out Exchange Business.
6. 6.“Exchange Business”; shall mean:
  1. i.Dealing in sale and purchase of foreign currencies and travelers cheques;
  2. ii.Executing remittance operations in local and foreign currencies;
  3. iii.Payment of wages through establishing a link to the operating system of “wages protection” (WPS); and
  4. iv.Other business licensed by the Central Bank.
7. 7.“Paid-Up Capital” means the cash paid by the Owner, Partners or Shareholders of a Licensed Person into the account of the entity, as per requirements of the Regulations.
8. 8.“Licensed Premises” means the premises where the Licensed Person is permitted by the Central Bank to carry out Exchange Business.
9. 9.“Instant money transfer service provider” means a money remitting institution licensed and regulated by an appropriate Regulator in its home country who will have necessary proprietary software applications and infrastructure to transfer funds instantly from an agent in one country to an agent in another country and/or domestically.
10. 10.“Designated Remittance Intermediate Account” shall mean an account with a Bank licensed by the Central Bank of the UAE where the customers’ remittance funds are deposited temporarily prior to the execution of remittances to the foreign correspondents or remittance partners.
11. 11.“ML/FT” means the Money Laundering or Terrorist Financing as defined in the Federal Law No (9) of 2014 regarding the amendment of some Provisions of the Federal Law number (4) of 2002 regarding Criminalization of Money Laundering.
12. 12.“AML/CFT Program (Anti Money Laundering and Combating Financing of Terrorism Program)” means the Policies, Procedures, Systems, Controls, etc. introduced to prevent Money Laundering and Financing of Terrorism.
13. 13.“Ultimate Beneficial Owner or the UBO” means the ‘Natural Person’ who ultimately owns or controls a customer and/or the natural person on whose behalf a transaction is being conducted. It also includes those persons who exercise ultimate effective control over a juridical person. A Natural Person who owns 5% or above of the juridical person is treated as an UBO. Also be guided by the FATF paper on Transparency and Beneficial Ownership (October 2014) regarding effective control and related matters.
14. 14.“Foreign Politically Exposed Person (FPEP)” means an individual who is or was previously entrusted with a prominent public function by a foreign country such as heads of state or government, senior politicians, senior government officials and judicial or military officials, senior executives of state owned corporations, senior officials of political parties, Head of an International Organization (HIO), and such individual’s family members or close associates.
15. 15.“Head of an International Organization (HIO)” means individuals who are or were previously entrusted with a prominent function by an international organization such as members of senior management or individuals entrusted with equivalent functions (i.e. directors, deputy directors, members of the board or equivalent functions) and such individual’s family members and close associates.
16. 16.“Source of funds” means how the money, involved in the transaction, was originally derived or earned. Examples of source of funds are: salary, wages, inheritance, gratuity, end of service benefits, bank loan, income from businesses, sale of property, sale of land, sale of investments, etc. For verification of the source of funds, documents include but are not limited to salary slip, labor contract, court order, bank statements, etc.
17. 17.“Purpose of transaction” means an explanation about why a customer is conducting a transaction or the reason for which the funds will be used. Examples of purpose of transaction are: family support, education, medical, tourism, debt settlement, financial investment, direct investment, or trading etc. For verification of the purpose of transaction, documents may include any documentation proving the purpose for which the money will be used.

Appendix 2: List of Laws, Regulations and Notices
1. 1.The provisions of Union Law No. (10) of 1980 concerning the Central Bank, the monetary system and the organization of banking and its amendments.
2. 2.Resolution No. 31/2/1986 issued on 16/7/1986 regarding organization of the foreign exchange profession in the UAE.
3. 3.Regulations regarding Licensing and Monitoring of Exchange Business issued on 6^th January 2014.
4. 4.Amendments to Regulations regarding Licensing and Monitoring of Exchange Business by virtue of Notice No 269/2016 dated 25^th August 2016.
5. 5.Federal Law number 4 of 2002 regarding Criminalization of Money Laundering.
6. 6.Federal Law Number 9 of 2014 regarding amendment of some provisions in Federal Law number 4 of 2002.
7. 7.Decree Number 38 of 2014 regarding the Executive By Law of the Federal Law number 4 of 2002.
8. 8.Notice No. 24/2000 issued on 14^th November 2000 and its subsequent amendments.
9. 9.Notice No. 1401/2010 issued on 16^th March 2010.
10. 10.Rules of the Wage Protection System issued by the Central Bank.
11. 11.Notice No. 249/2016 issued on 3^rd August 2016.
12. 12.Notice No. 171/2017 issued on 12^th June 2016.
13. 13.Any other Notices, Circular or Regulations issued hereafter by the Central Bank of the UAE regarding Exchange Business.

Appendix 3: List of Compulsory Reports and Forms

Prudential reporting and submission deadlines

The Licensed Person must submit the following returns/reports to the Central Bank within the deadlines mentioned hereunder:

No.	Name of the Return/Report	Frequency	Deadline	Submitted to
1	Daily Remittance Data - via Daily Remittances Reporting Systems of the Central Bank	Daily	Before the end of next business day	FID via online systems
2	Submission of ERF 20, 21 & 38 - Online reporting via IRR Systems	Monthly	On or before the 15^th of the month following the end of the reporting period	BSD via online systems
3	Submission of ERF 93 & 94 - Online reporting via IRR Systems	Quarterly	On or before the 15^th of the month following the end of the reporting period	BSD via online systems
4	Statement of Assets and Liabilities and Contra Accounts - Form 1	Monthly	On or before the 14^th of the month following the end of the reporting period	BSD via Email
5	Profit and Loss Account - Form 2	Monthly	On or before the 14^th of the month following the end of the reporting period	BSD via Email
6	Due from/to Banks and Exchange Houses - Form 3	Monthly	On or before the 14^th of the month following the end of the reporting period	BSD via Email
7	Encumbered Placements - Form 4	Monthly	On or before the 14^th of the month following the end of the reporting period	BSD via Email
8	Statement of Borrowings - Form 5	Monthly	On or before the 14^th of the month following the end of the reporting period	BSD via Email
9	Statement of Remittances Payable - Form 6	Monthly	On or before the 14^th of the month following the end of the reporting period	BSD via Email
10	Related Party Transactions - Form 7	Monthly	On or before the 14^th of the month following the end of the reporting period	BSD via Email
11	List of Outstanding Guarantees Issued by Banks/Financial Institutions on behalf of the Exchange House - Form 8	Monthly	On or before the 14^th of the month following the end of the reporting period	BSD via Email
12	Statement of Staff Position - Form 9	Quarterly	On or before the 14^th of the month following the end of the reporting period	BSD via Email
13	List of Accounts with Banks, Exchange Houses and Financial Institutions outside the UAE - Form 10	Quarterly	On or before the 14^th of the month following the end of the reporting period	BSD via Email
14	List of Accounts with Banks, Exchange Houses and Financial Institutions in the UAE - Form 11	Quarterly	On or before the 14^th of the month following the end of the reporting period	BSD via Email
15	List of Vostro Accounts - Form 12	Quarterly	On or before the 14^th of the month following the end of the reporting period	BSD via Email
16	Currency Exposures - Form 13	Quarterly	On or before the 14^th of the month following the end of the reporting period	BSD via Email
17	Exchange Transactions - Form 14	Quarterly	On or before the 14^th of the month following the end of the reporting period	BSD via Email
18	List of Branches with Address - Emirate-wise - Form 15	Quarterly	On or before the 14^th of the month following the end of the reporting period	BSD via Email
19	List of Branches/Affiliates/Liaison Offices Abroad - Form 16	Quarterly	On or before the 14^th of the month following the end of the reporting period	BSD via Email
20	Number of Correspondents (Nostro Accounts) - Form 17	Quarterly	On or before the 14^th of the month following the end of the reporting period	BSD via Email
21	Bi-Annual Compliance Report from the Compliance Officer as per Paragraph 16.25.5 of Chapter 16	Bi-Annual	Within four months from the end of the reporting period	BSD and FID
22	Submission of Auditors’ Report, Financial Statements and Management Letter as per Paragraphs 7.3.4 (a) and 7.3.5 (d) of Chapter 7	Annual	On or before 31^st March of the year following the end of the reporting period	BSD
23	Submission of External Auditor’s findings based on the Agreed-Upon Procedures on AML/CFT Compliance function as per Paragraph 16.26.2 of Chapter 16	Annual	On or before 30^th April of the year following the end of the reporting period	BSD

Notes:

1.“Annual return/report” means a return/report for the period from 1^st January to 31^st December of each financial year;
2.“Bi-Annual returns/reports” are returns/reports for the six (6) months period ending on 30^th June and 31^st December of each financial year;
3.“Quarterly returns/reports” are returns/reports for the three (3) months period ending on 31^st March, 30^th June, 30^th September and 31^st December of each financial year;
4.In the case of a startup business, the starting date of a return/report will be the actual date of commencement of business in all above cases;
5.The Central Bank reserves the right to alter the format or add/remove the information required in any return/report or introduce additional return(s)/report(s) or discontinue existing return(s)/report(s) at any point in time;
6.Form 1 to Form 17 (i.e. items from 4 to 20 of the above table) must be submitted to the Banking Supervision Department via email info.ehs@cbuae.gov.ae only;
7.Bi-Annual Compliance Report from the Compliance Officer (i.e. item 21 of the above table) must be submitted to the Banking Supervision Department via email mfo.ehs@cbuae.gov.ae in addition to submitting a hard copy to the FID; and
8.Auditors’ Report, Financial Statements, Management Letter and External Auditor’s findings based on the Agreed-Upon Procedures on AML/CFT Compliance function (i.e. items 22 and 23 of the above table) must be submitted to the Banking Supervision Department via email info.ehs@cbuae.gov.ae in addition to submitting the hard copies.

Appendix 4: Supervisory Powers and Non-Compliance Charges

A.Supervisory Powers and Enforcement Actions

The Central Bank shall impose the following administrative sanctions on a Licensed Person who continues its operations in breach of various provisions/requirements of applicable Laws, Rules, Regulations, Notices and the Standards:

a)Issuance of warning letter;
b)Decline approvals of any kind;
c)Restrict the growth of the business by declining new branch or new product approvals;
d)Restrict the validity of the renewed license for a period less than one (1) year;
e)Decline to renew license(s);
f)Temporarily or permanently suspend one or more of the licensed activities such as remittance activity, WPS, banknotes export/import, etc.;
g)Limit the powers of the Board of Directors, Management or Managers or Owners including the appointment of a temporary observer;
h)Administrative sanctions including levying non-compliance charges (i.e. financial penalties or fines) as per Article 11.3 (b) of Federal Law No. (9) of 2014 regarding the amendment of some provisions in Federal Law Number (4) of 2002;
i)Temporary suspension of the license;
j)Revoke the license to carry out Exchange Business; and
k)Prohibit the concerned violating parties from working in the Exchange Business sector for a period to be defined by the Central Bank.

B.Non-Compliance Charges

The Central Bank shall impose non-compliance charges or fines, in accordance with Article 11.3 (b) of Federal Law No. (9) of 2014, on a Licensed Person when, based on the available facts and information, it is satisfied that the Licensed Person has failed to comply with the provisions of the Federal Law No. (9) of 2014, the Cabinet Resolution No. 38 of 2014 regarding the Executive Bylaws of Federal Law No. 4 of 2002, the Central Bank Regulation Concerning Procedures for AntiMoney Laundering (Ref No. 24/2000 issued on 14^th November 2000, i.e. “the AML/CFT Regulations”) and its Addendum (Notice No. 2922/2008 issued on 17^th June 2008, i.e. “the Addendum”) and any other amendments thereto. Such non-compliance charges are imposed in addition to the sanctions/penalties stated in Article (13), Article (14), Article (15) or Article (16) of Federal Law No. (9) of 2014. The non-compliance charges are stated in the below table:

No.	Description of the Non-Compliant Item	Non-Compliance Charge
1	Failure to carry out appropriate KYC process (i.e. CID/CDD/EDD/ongoing CDD) in accordance with Articles 2, 3 and 5.4 of the AML/CFT Regulations and Subject Nos. 1, 2, 4(b) and 4(c) of the Addendum.	Articles 3 and 5.4	AED 150,000
		Subject Nos. 1 & 4(c)	AED 200,000
		Subject No. 2	AED 100,000
		Subject No. 4(b)	AED 250,000
2	Failure to prohibit relationships with Shell Banks and Shell Companies (in accordance with Article 2 of the AML/CFT Regulations and Subject No. 5 of the Addendum).	AED 250,000
3	Failure to obtain the Letter of No Objection from the Central Bank prior to opening current accounts (i.e. Nostro/Remittance relationships) with banks and other financial institutions outside the UAE (Refer to Article 15.7 of the AML/CFT Regulations).	AED 150,000
4	Failure to appoint a Compliance Officer (Refer to Article 16.3 (a) of the AML/CFT Regulations).	AED 250,000
5	Failure to carry out a ‘fit and proper test’ on the Compliance Officer or any other employee who are relevant to AML/CFT compliance function (in accordance with Article 2 of the AML/CFT Regulations and Subject No. 10 of the Addendum).	AED 50,000
6	Failure to carry out an independent audit on AML/CFT Compliance function (Refer to Article 2 of the AML/CFT Regulations and Subject No. 10 of the Addendum).	AED 50,000
7	Failure to develop and implement appropriate AML/CFT internal control systems (Policies, Procedures, Systems and other Controls) to comply with the AML/CFT Regulations and the Addendum (Refer to Article 16.3 (b) of the AML/CFT Regulations).	AED 200,000
8	Failure to provide initial AML/CFT training to employees (Refer to Article 17 of the AML/CFT Regulations).	AED 100,000
9	Failure to comply with the record retention requirements (Refer to Articles 2, 18 and 21 of the AML/CFT Regulations).	AED 250,000
10	Failure to provide periodical/ongoing training to the Compliance Officer and other relevant employees for Continuous Professional Development (Refer to Article 2 of the AML/CFT Regulations and Subject No. 10 of the Addendum).	AED 50,000
11	Failure to introduce FPEP screening systems in accordance with Subject No. 4 (a) of the Addendum, Article 2 of the AML/CFT Regulations and Cabinet Resolution No. 38 of 2014 regarding the Executive Bylaws of Federal Law No. 4 of 2002.	AED 50,000
12	Failure to comply with any requirements of the AML/CFT Regulations and its Addendum including any amendments thereto, not listed above.	Any amount between AED 50,000 to AED 500,000 depending on the severity of the breach and at the discretion of the Central Bank.

The Licensed Person must note that the non-compliance charges or fines stated above shall be levied for each non-compliant item separately and therefore, the cumulative of such noncompliance charges for multiple violations by a Licensed Person may exceed AED 500,000.

The Central Bank shall impose other administrative sanctions on a Licensed Person for failing to comply with any provision of applicable Laws, Rules, Regulations, Notices and the Standards. Such administrative sanctions including non-compliance charges shall be determined in accordance with the prevailing Laws and Regulations and shall be published as and when it becomes available under a formal Notice from the Central Bank.

C.Imposing Administrative Sanctions and Right to Make Representation

1.Before imposing an administrative sanction, the Central Bank shall give the Licensed Person a written notice:
1. a)of the nature of the alleged non-compliance;
2. b)of the intention to impose an administrative sanction and the amount;
3. c)particulars of the intended administrative sanction; and
4. d)that the Licensed Person may, within a period specified in the notice, make representations in writing to the “Assistant Governor for Banking Supervision” as to why the administrative sanction should not be imposed.
2.After considering the representation from the Licensed Person, if any, the Central Bank shall inform the Licensed Person in writing about its final decision to impose an appropriate administrative sanction.
3.The Central Bank further reserves the right to impose non-compliance charges which are higher than those published in the above table. In cases where it may be required to determine such higher non-compliance charges which, in accordance with AML/CFT Laws and Regulations shall not be less than AED 50,000 and shall not exceed AED 500,000, the Central Bank will consider the following factors:
1. a)the nature, duration, seriousness and extent of the relevant non-compliance;
2. b)license category and type of business activities;
3. c)the risk grading of the Licensed Person awarded by the Central Bank;
4. d)whether the Licensed Person has previously failed to comply with such requirements; and
5. e)the effectiveness of the remedial measures taken by the Licensed Person to prevent a recurrence of such non-compliance.

Appendix 5 - Forms and Templates

Details of Forms and Page Numbers

No.	Form Name	Purpose of the Form	Page Number(s)
1	FAA Form	To open Hedge accounts or Account/Relationship for remittance with a Foreign Bank, Financial Institution and IMTS provider	125
2	CRV Form	To enable the Central Bank to compute the minimum required Bank Guarantee	126
3	FIR Form	To report Fraud Incidents	127
4	CIR Form	To report Counterfeit Currency Incidents	128
5	LPA Form	To apply for a new license, change of license category or change of shareholding/ownership structure	129 - 143
6	APA Form	To request for a Letter of No Objection to appoint Manager in Charge, Compliance Officer or Alternate Compliance Officer	144 - 154

FAA Form

Foreign Account Application (FAA Form) to the Banking Supervision Department **

Details of the Applicant
1	Name of the Exchange House
2	Name & details of the contact person of the Exchange House, if further information is required	Name: …………………………………………………….. Phone:…………………… Mobile: ……………………… Email: ……………………………………………………..

Details of Foreign Banks/Financial Institutions/IMTS Providers ***
No.	Full Legal Name	Address	Name & Contact Details of the Regulator	Purpose (whether for Remittance, IMTS or for Hedging)
1
2
3
4
5
Declaration by the Authorized Signatory
We hereby confirm that we have conducted Enhanced Due Diligence on above Foreign Banks/Financial Institutions/IMTS Providers in accordance with Paragraph 16.11.8 of Chapter 16 of the Standards. Draft agreements are attached with this form. I/We hereby confirm that, to the best of my/our knowledge and belief, all information furnished to the Central Bank of the UAE with regard to this application for the above stated purpose(s) is true and correct.
Name & Signature of Authorized Signatory			Date & Company Stamp

**Email the duly filled in FAA Form & Relationship Details Spreadsheet (Refer to Notice 171/2017 dated 12^th June 2017 issued by the Central Bank) to info.ehs@cbuae.gov.ae along with a letter signed by the Authorised Signatory of the Exchange House seeking the approval for the above relationships and the draft of the agreements.

*** Provide the details in a separate FAA Form in case the number of relationships exceeds 5.

CRV Form

Certificate of Remittance Value (CRV Form) to the Banking Supervision Department **
(To be submitted within two (2) months from the end of every financial year)

Date:

The Chief Manager,
Licensing Division, Banking Supervision Department,
Central Bank of the UAE, Abu Dhabi, UAE.

Dear Sir

Sub: Certificate of Remittance Value

We hereby certify the following information after verifying the books of accounts of ……………………………………………..… (Name of the Exchange House) for the financial year ended on 31^st December ………………..

Total Remittance Turnover*** in AED for the financial year	Average monthly Remittance Turnover in AED for the financial year	5% of the average monthly Remittance Turnover in AED for the financial year	Total value in AED of the existing Bank Guarantee currently given to the Central Bank	Additional Bank Guarantee required in AED to be given as per Paragraph 2.4.1 of the Standards, if required

Yours Faithfully,

(Name and Signature of External Auditors)

(Name and Signature of the Licensed Person)

**Email the duly filled in CRV Form to info.ehs@cbuae.gov.ae and then submit the original to the BSD.

*** Remittance Turnover means the total value of inward and outward remittances. Domestic remittances, where the origin and destination of remittances are within the UAE, are excluded.

FIR Form

Fraud Incident Reporting (FIR Form) to the Banking Supervision Department**

Details of the Place & Date of Fraud Incident
1	Name of the Exchange House
2	Name & details of the contact person of the Exchange House, if further information is required	Name: …………………………………………………….. Phone:…………………… Mobile: ……………………… Email: ……………………………………………………..
3	Name & address of the branch where the incident happened
4	Date & time of incident

Details of the Fraud Incident & Amount
1	Amount in AED
2	Nature & mode of operation of the incident
3	How was the incident discovered & by Whom?

Details of the Perpetrator ***
1	Name of the perpetrator
2	Nationality: …………………...	ID Type: …………………. ID Number: ………………..
3	Residential Status	UAE Resident - UAE Non-Resident -
4	Contact details of the perpetrator, if available	Address: Phone: Mobile:
5	a)Was your employee connected with this incident? Yes - No -	b)Has the incident been reported to the Police? Yes - No -	c)Do you have any insurance against such losses? Yes - No -
6	If answer to question 5 (a) is YES, then provide employee’s details.	Name of the employee: …………………........................... Nationality: …………………............................................. ID Type: …………………ID Number: ……………….....

Actions Taken by the Exchange House
1	State actions taken by the Exchange House
Name & Signature of Authorized Signatory		Date & Company Stamp

** Email the duly filled in FIR Form to info.ehs@cbuae.gov.ae and then submit the original to the BSD.

*** Provide the details in a separate page in case more than one individual involved in the incident.

LPA Form (Page – 1/15)

EXCHANGE BUSINESS

LICENSED PERSON’S
APPLICATION FORM
(LPA FORM)

APPLICATION TYPE	New License Change License Category Change Capital/Shareholding Structure
NAME OF APPLICANT
LICENSE CATEGORY REQUESTED	Category A Category B Category C
CONTACT DETAILS	Name: __________________________ Title/Capacity: __________________________ Tel: __________________________ Fax: __________________________ E-mail:
DATE OF SUBMITTING THE FORM

Please return completed form, together with supporting documentation to Licensing Division, Banking Supervision Department, Central Bank of the U.A.E.

LPA Form (Page – 2/15)

Table of Contents

SECTION	CONTENTS	PAGE NO.
1.	GUIDELINES	131
2.	LICENSING PROCESS	132
3.	APPLICANT’S DETAILS	133
4.	SHAREHOLDERS/ OWNERS/ PARTNERS	136
5.	BOARD OF DIRECTORS	138
6.	AUTHORIZED PERSONS	139
7.	REQUIRED DOCUMENTS	140
8.	DECLARATION	143

LPA Form (Page – 3/15)

Section 1: GUIDELINES

1.Any person may submit to the Central Bank an application for a new license, change license category or change in capital or shareholding structure of license. However, any material changes or proposed changes to the information provided in support of an application must be immediately reported to the Central Bank.
2.An applicant may appoint a representative to prepare and submit the application. However, the applicant retains full responsibility for the accuracy and completeness of the application. The Central Bank also expects to be able to liaise directly with the applicant during the assessment process, when seeking clarification of any issues.
3.All documentation provided to the Central Bank must be in either Arabic or English. Any documentation in a language other than Arabic or English must be accompanied by Arabic or English translation. Moreover, all figures submitted must be in either AED or USD.
4.Complete all sections as fully as possible, attaching supporting documents and continuation sheets where required.
5.The Central Bank may require the applicant to amend aspects of their services/activities in order to comply with the licensing requirements.
6.The applicant may withdraw its application at any time during the process by notifying the Central Bank.
7.Failure to provide all required information may result in significant delays in processing the application. The Central Bank does not accept responsibility for any loss caused to the applicant by any such delay.
8.If any question is not applicable in a particular circumstance, please clearly indicate by marking ‘N/A’, with an explanation as to why it does not apply.
9.Applicants are reminded that no person may undertake an Exchange Business within or from the United Arab Emirates unless licensed by the Central Bank.
10.Please return completed form, together with supporting documentation to:

Licensing Division - Banking Supervision Department
Central Bank of the U.A.E.

LPA Form (Page – 4/15)

Section 2: LICENSING PROCESS

1.All potential new applicants are encouraged to contact the Central Bank at an early stage to discuss their plans and requirements. The Licensing Division at the Central Bank would expect to hold at least one pre-application meeting with the applicant, prior to receiving an application.
2.Applicants must submit a formal application letter signed by an authorized signatory, including the request and reasons for applying.
3.Applicants seeking new license must submit the following duly completed Forms, along with the related supporting documents:
1. a)Licensed Person’s Application Form (LPA FORM)
2. b)Authorised Person’s Appointment Form (APA FORM)
4.Applicants seeking new license must submit all required documents as listed in ‘Section 7: REQUIRED DOCUMENTS’ of this Form.
5.The Central Bank shall notify the applicant of the outcome of the application, which the Central Bank considers to be complete. The Central Bank will review the applications and accordingly advise the applicant in writing when it has:
1. a)Approve the applicant’s request without conditions;
2. b)Approve the applicant’s request subject to conditions specified by the Central Bank; or
3. c)Reject the applicant’s request.
6.Queries may be addressed to:

Licensing Division
Banking Supervision Department
Central Bank of the U.A.E.

LPA Form (Page – 5/15)

Section 3: APPLICANT’S DETAILS

Please submit all information requested below. You can use a continuation sheet if necessary. If the question is not applicable, please clearly indicate by marking ‘N/A’.

1.Name of the applicant (Please provide the current and proposed, in case of change in the applicant’s name)
2.Legal form (Please provide the current and proposed, in case of change in the legal form)
3.Authorised and paid-up capital (Please provide the current and proposed, in case of change in the authorised and paid-up capital)
4.Origin of the capital source(s), with the related bank documents as proof
5.License category (Please provide the current and proposed, in case of change in the legal form)
6.Reasons for applying at the Central Bank
7.The external auditor (existing or to be appointed - specify which)

LPA Form (Page – 6/15)

Section 3: APPLICANT’S DETAILS (Continue)

8.The organization structure with the reporting lines to be included. Please describe, and provide further details in the business plan. (For applications for new license or in case of change in the organization structure of a Licensed Person).
9.Outline the framework of the company’s risk management and monitoring system with respect to the major potential risks. Please provide further details in the business plan. (For applications for new license)
10.Supply details of any expansion plans (branches or subsidiaries inside or outside the UAE), and anticipated manpower/staffing requirements in the next three (3) years, reflecting the Emiratisation requirements (For applications for new license)
11.Other ancillary activities. Please describe, and provide further details in the business plan. (For applications for new license)
12.Details of any entity licensed or authorized within the group by a regulatory/supervisory authority (For applications for new license or change in capital or shareholding structure)

No.	Entity Name	License/ Authorization Type	Regulatory/ Supervisory Name	Regulatory/ Supervisory Contact Details
1.
2.
3.
4.

LPA Form (Page – 7/15)

Section 3: APPLICANT’S DETAILS (Continue)

13.Has the applicant or member(s) of its group been the subject of any litigation or convicted in a Court of Law (or known circumstances which might give rise to litigation) over the past five (5) years, or is any litigation currently outstanding? If yes, please provide details
14.Are there any restrictions imposed on the operations of the applicant or member(s) of its group by any regulatory authorities? If yes, please provide details
15.Has the applicant had any of its previous applications in other countries rejected? If yes, please provide details (name of the Regulator, date of rejecting the application, reasons for the rejection)

LPA Form (Page – 8/15)

Section 4: SHAREHOLDERS/ OWNERS/ PARTNERS

1.Please list all particulars required below (including previous names used) of all proposed shareholders, owners or partners. If space is insufficient, please provide on separate sheet of paper.

No.	Name	Nationality/ Country of Incorporation	Amount in AED	Percentage of Shareholding
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Total

LPA Form (Page – 9/15)

Section 4: SHAREHOLDERS/ OWNERS/ PARTNERS (Continue)

2.Please list all particulars required below (including previous names used) of all existing shareholders, owners or partners (if applicable). If space is insufficient, please provide on separate sheet of paper.

No.	Name	Nationality/ Country of Incorporation	Amount in AED	Percentage of Shareholding
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Total

LPA Form (Page – 10/15)

Section 5: BOARD OF DIRECTORS

1.Please complete the table below for all proposed members of the Board of Directors (if applicable). For “Other Responsibilities”, please list all positions held as board of director or senior manager in any other institutions or company.

No.	Name	Nationality	Other Responsibilities
No.	Name	Nationality	Position	Company/ Institution
1.
2.
3.
4.
5.

2.Please complete the table below for all existing members of the Board of Directors (if applicable). For “Other Responsibilities”, please list all positions held as board of director or senior manager in any other institutions or company.

No.	Name	Nationality	Other Responsibilities
No.	Name	Nationality	Position	Company/ Institution
1.
2.
3.
4.
5.

LPA Form (Page – 11/15)

Section 6: AUTHORIZED PERSONS

1.Please list all particulars required below (including previous names used) of all current and/or proposed Authorized Persons. Also, include completed Authorized Person Appointment Form (APA Form) along with the supporting documents for each proposed name provided.

No.	Position	Name		APA Form Attached (Yes/No)
No.	Position	Current	Proposed (if applicable)	APA Form Attached (Yes/No)
1.	Manager in Charge
2.	Compliance Officer
3.	Alternate Compliance Officer

2.Please list all current and/or proposed Functions Heads below (including previous names used). If space is insufficient, please provide on separate sheet of paper.

No.	Position	Name
No.	Position	Current	Proposed (if applicable)
1.
2.
3.

LPA Form (Page – 12/15)

Section 7: REQUIRED DOCUMENTS

Please select the documents submitted with this form. If the required document is not applicable, please clearly indicate by marking ‘N/A’.

⬜A formal application letter signed by authorized signatory, including the request and reasons for applying.
⬜A certified copy of the Board resolution of the applicant, confirming its decision to seek a license/ change license category (if applicable).
⬜Copy of the commercial registration, where the applicant is an existing company.
⬜APA Forms for person wishing to undertake an authorized function.
⬜Business plan including short history of the applicant and its shareholders, the reasons for applying and market objectives, a description of the group and organizational structure, a brief summary of its key business lines, its mind and management, financial projections and all related assumptions covering at least the first three (3) years of operations, an assessment of potential risks and their mitigations, board and senior management, and any functions to be outsourced.
⬜Details of the applicant’s group structure.
⬜Copies of the audited financial statements of the applicant’s major shareholders (for corporates only) for the three (3) years preceding the application.
⬜A copy of the applicant’s memorandum and articles of association in draft form.
⬜A letter of non-objection to the applicant from the applicant’s lead supervisor (in the case of applicants that are part of a regulated group), and confirmation that it is in good regulatory standing and in compliance with applicable supervisory requirements.
⬜A copy of the certificate of license issued by the regulatory authority (In the case of applicants that are part of a regulated group).
⬜A capital deposit certificate from a licensed bank by Central Bank.
⬜The applicant’s location address and details of premises to be used to carry out the business.
⬜A copy of the required approvals from the Ministry of Economy and Department of Economic Development.

LPA Form (Page – 13/15)

Section 7: REQUIRED DOCUMENTS (Continue)

⬜Undertaking from the Shareholders to comply with the provisions of the Union Law No. (10) of 1980 concerning the Central Bank, the monetary system and organization of banking, and the decision of the Board of the Central Bank concerning the licensing and regulation of the exchange business in the country, as amended, and any other decisions or instructions or directives or circulars or correspondence issued by the Central Bank, as well as subjecting the institution / company records and documents to the Central Bank supervision and audit.
⬜An undertaking from the Shareholders to provide, in case the application is approved, a bank guarantee drawn in favor of the Central Bank issued by a bank licensed in the UAE.
⬜A certification / acknowledgment that the Shareholders are not bankrupt, issued and certified based on the applicable laws of the concerned authorities in the country (the courts).
⬜Bank statement of the Shareholders for a period of one (1) year from all banks that they are dealing with in the country.
⬜Written acknowledgment provided by the Shareholders confirming that they have never causes any financial losses bared by banks or other financial institutions operating in the UAE from any financial facility obtained from these banks or financial institutions.
⬜Written acknowledgment provided by the Shareholders that his/their contribution in the company is actual and not hypocritical for the benefit of any other party as an exchange for a commission.
⬜Bank reference of the Shareholders to be provided to the Central Bank from each bank they are dealing with during the past seven (7) years. The bank reference should include a paragraph about the cheques and whether the Shareholders have issued cheques that were bounced due to insufficient funds in their accounts during that specified period.
⬜Undertaking from the Shareholders that the company is committed to fulfill any obligations that may arise to third parties and any operations the company will undertake in the future.
⬜Undertaking from the Shareholders not to be committed to contracts that leads to financial obligations, prior to receiving the in-principal approval from the Central Bank to carry out Exchange Business.

LPA Form (Page – 14/15)

Section 7: REQUIRED DOCUMENTS (Continue)

⬜Undertaking from the Shareholders that if it was proven to the Central Bank that the license granted has been rented/ leased for a commission, the Central Bank has the right to cancel the license without referencing back to them.
⬜Undertaking from the Shareholders confirming that the company will:
- •Not manage clients’ money in or outside the UAE, or open marginal accounts to their clients.
- •Not rent this license, or any other license provided by the Central Bank, when granted to them in the future.
- •Execute all exchange business activities based on receipts, advertise to customers clearly about currency rates, and keep copies of all receipts and correspondence regularly in accounting records.
- •Not bail foreign financial facilities, nor act as a local agent to them.
- •Not represent foreign financial facilities.
- •Not sign contracts with foreign financial facilities for the management of the company.
⬜Undertaking from the Shareholders that they will be in contact with the Central Bank, and will inform the Central Bank of any changes in address or place of residence or change in their management positions. They should also record the minutes of their meetings and provide the Central Bank with a copy of them.
⬜Undertaking from the Shareholders that they are aware about all applicable Laws, Rules, Regulations, Notices and the Standards issued by the Central Bank regarding the exchange business and antimoney laundering on an ongoing basis, and the company will be keeping a copy of these laws and regulations in special files, where they will be held accountable for any failure in compliance with this requirement.

LPA Form (Page – 15/15)

Section 8: DECLARATION

We declare that the information submitted for this Form is complete and accurate to the best of our knowledge and that there are no other facts relevant to this Form that the Central Bank should be aware of.

We understand that providing any information to the Central Bank that is false or misleading in connection with this Form may result in the refusal of the application or, if discovered later, the subsequent cancellation of any approvals provided. We shall also inform the Central Bank of any material changes to the Form that may arise during the application.

We authorize the Central Bank to make such enquiries and seek further information it deems necessary in considering this application.

No.	Name	Signature	Date
1.
2.

In case of application for new license, the above declaration must be signed by at least two major Shareholders. Should any shareholder is corporate, the declaration must be signed by two Directors of the Board, Owner, two major Partners, or two major Shareholders and bear the corporate seal.

In case of application for existing Licensed Persons, the above declaration must be signed by at least two Directors of the Board. In the absence of the Board of Directors, the above declaration must be signed by the Owner, two major Partners, or two major Shareholders.

APA Form (Page – 1/11)

EXCHANGE BUSINESS

AUTHORISED PERSON’S
APPOINTMENT FORM
(APA FORM)

NAME OF CANDIDATE FOR A UTHORISED PERSON
NAME OF LICENSED PERSON
LICENSE CATEGORY	Category A Category B Category C
CONTACT DETAILS	Name: __________________________ Title/Capacity: __________________________ Tel: __________________________ Fax: __________________________ E-mail:
DATE OF SUBMITTING THE FORM

Please return completed form together with supporting documentation to Supervision & Examination Division, Banking Supervision Department, Central Bank of the U.A.E.

APA Form (Page – 2/11)

Table of Contents

SECTION	CONTENTS	PAGE NO.
1.	GUIDELINES	146
2.	AUTHORISATION PROCESS	147
3.	CANDIDATE’S DETAILS	148
4.	FUNCTION DETAILS	150
5.	ELECTRONIC APPOINTMENT APPLICATION FORM	151
6.	INTRODUCTORY STATEMENT FORM	151
7.	REQUIRED DOCUMENTS	152
8.	DECLARATION	154

APA Form (Page – 3/11)

Section 1: GUIDELINES

1.All Licensed Persons must submit a formal request letter and complete this Form for submission to the Central Bank prior to appointing any person who will be in charge of an Authorised Function (i.e. Manager in Charge, Compliance Officer or Alternate Compliance Officer). However, any material changes or proposed changes to the information provided in this Form must immediately be reported to the Central Bank.
2.The Licensed Person retains full responsibility for the accuracy and completeness of the application. The Central Bank also expects to be able to liaise directly with the Licensed Person or Candidate during the assessment process, when seeking clarification of any issues.
3.All documentation provided to the Central Bank must be in either Arabic or English. Any documentation in a language other than Arabic or English must be accompanied by a certified Arabic or English translation.
4.All sections must be fully completed as possible, attaching supporting documents and continuation sheets where required.
5.The Licensed Person may withdraw its application at any time during the process by notifying the Central Bank.
6.Failure to provide all required information may result in significant delays in processing the application. The Central Bank does not accept responsibility for any loss, caused to the Licensed Person or to the candidate, as a result of such delay.
7.If any question is not applicable in a particular circumstance, please clearly indicate by marking ‘N/A’, with an explanation as to why it does not apply.
8.Licensed Persons are reminded that providing any information which is false or misleading may result in cancellation of the application or imposition of other disciplinary measures.
9.Please return completed form, together with supporting documentation to:

Supervision & Examination Division
Banking Supervision Department
Central Bank of the U.A.E.

APA Form (Page – 4/11)

Section 2: AUTHORISATION PROCESS

1.Licensed Persons must ensure that they meet the minimum requirements before submitting an application, including, where applicable, the minimum qualifications and competency requirements of the requested position.
2.Licensed Persons must submit a formal application letter signed by an authorized signatory of the Licensed Person, highlighting the requested position along with this Form. The Licensed Person must submit any related information that may be important to the application, which was not covered in this Form. It must not be assumed that information is known to the Central Bank merely because it is in the public domain or has previously been disclosed to the Central Bank or another regulatory body. If there is any doubt about the relevance of information, it must be disclosed.
3.Licensed Persons must submit all required documents as listed in ‘Section 7: REQUIRED DOCUMENTS’ of this Form.
4.The Central Bank may require the Licensed Person to provide further information at any time after receiving this Form and before determining whether approval is to be granted or not.
5.A meeting with the candidate may be required prior to finalizing the outcome of the application.
6.The Central Bank shall notify the Licensed Person of the outcome of the application within sixty (60) days from the date of receiving the application, which the Central Bank considers complete. The Central Bank will review the applications and accordingly advise the Licensed Person in writing when it has:
1. (a)Granted an approval without conditions;
2. (b)Granted an approval subject to conditions specified by the Central Bank; or
3. (c)Refused the application.
7.Queries may be addressed to Banking Supervision Department, Central Bank of the U.A.E via email:
info.ehs@cbuae.gov.ae

APA Form (Page – 5/11)

Section 3: CANDIDATE’S DETAILS

Please submit all information requested below. You may use a continuation sheet if necessary. If the question is not applicable, please clearly mark as ‘N/A’.

1.Name of the candidate for the position of Authorized Person

First Name: Middle Name:
Family Name: Alias:
Gender:
2.Has the candidate had any previous name (s) by which he (she) is known? If yes, please specify
3.Names of companies owned by the candidate or members of the candidate’s direct family where ownership is equal to or greater than 5%

Name of Company Country Nature of Business Ownership % Ownership Amount
4.Details of any company where the candidate currently serves as a director, when the directorship started and the countries in which the company is registered

Date (from) Name of Company/Nature of Business Country Position

APA Form (Page – 6/11)

Section 3: CANDIDATE’S DETAILS (Continue)

5.Details of all academic and professional qualifications as well as the year and place where these were obtained (please enclose certified copies)

Academic/ Professional Qualification	Name of Institution	Place of Institution	Year	Notes (e.g. membership no.)

6.Details of employment over the past ten (10) years, including the full name and the employer, the nature of the business, the position held and the relevant datesaddress of of service

Date (from/to)	Name of Employer	Nature of Business	Country	Position

APA Form (Page – 7/11)

Section 4: FUNCTION DETAILS

1.Position for which the candidate is being nominated:
2.Responsibilities of the proposed position:
3.Draft copy of the candidate’s employment contract, stipulating all responsibilities and powers delegated to him/her, with a clause clarifying that any violation he/she commits would be criminal if it is proven that he has signed an incorrect or misleading document.
4.Organization Chart (showing the candidate upward and downwards reporting lines).

APA Form (Page – 8/11)

Section 5: ELECTRONIC APPOINTMENT APPLICATION FORM

Please submit the Excel worksheet of the Electronic Appointment Application Form along with the related documents in Arabic only as per Notice No. 249/2016 dated 3^rd August 2016 to:

Email: obaid.romaithi@cbuae.gov.ae
Copy to: info.ehs@cbuae.gov.ae

Also, submit hard copies of the above-mentioned Excel worksheet along with the related documents to:

Supervision & Examination Division
Banking Supervision Department
Central Bank of the U.A.E.

Queries regarding the Electronic Appointment Application Form may be addressed to the Banking Supervision Department, Central Bank of the UAE:

Mr. Obaid Al- Romaithi
Telephone: 02-6915240
Email: obaid.romaithi@cbuae.gov.ae
Copy to: info.ehs@cbuae.gov.ae

Section 6: INTRODUCTORY STATEMENT FORM

Please return the completed Introductory Statement form in either Arabic or English to:

Supervision & Examination Division
Banking Supervision Department
Central Bank of the U.A.E.

APA Form (Page – 9/11)

Section 7: REQUIRED DOCUMENTS

Please select the documents submitted with this form. If the required document is not applicable, please clearly indicate by marking ‘N/A’.

⬜A formal application letter signed by authorized signatory.
⬜A bank reference from one or more banks for the past seven (7) years, confirming that the candidate has had no cheques returned during this period.
⬜Certified copies of academic and professional qualifications.
⬜Organization Chart showing the candidate upward and downwards reporting line.
⬜Soft copy of the Excel worksheet of the Electronic Appointment Application Form with the related documents to be sent to obaid.romaithi@cbuae.gov.ae under copy to info.ehs@cbuae.gov.ae.
⬜Hard copy of the Excel worksheet of the Electronic Appointment Application Form with the related documents to Supervision & Examination Division, the Central Bank.
⬜Completed Introductory Statement form with the related documents to Supervision & Examination Division, the Central Bank.
⬜An undertaking from the candidate confirming that he/she has never inflicted or caused losses for or on behalf of any institution operating in the UAE (Applicable for Manager in Charge only).
⬜An undertaking from the candidate confirming that he/she is fully aware of the Laws, Rules, Regulations, Notices and the Standards related to the Exchange Business, and that he/she would be fully prepared to attend a personal interview with senior officials at the Central Bank.
⬜An undertaking letter from the candidate confirming that all educational documents provided to the Central Bank are duly attested by the competent authorities. Applications will be rejected if educational documents are not attested.
⬜Draft of the Power of Attorney that will be given to the candidate (Applicable for Manager in Charge only).

APA Form (Page – 10/11)

Section 7: REQUIRED DOCUMENTS (Continue)

⬜A copy of the draft employment agreement that contains all responsibilities/authorities delegated to the proposed Manager in Charge in detail. There must be a clause in the employment agreement stating that any violation (violation clause) on the part of proposed Manager in Charge will be considered a criminal violation and he/she will be subject to punishment if it is proved that what he/she has signed was incorrect or misleading. It also must include that he/she is responsible for the management of the Licensed Person and is authorized to sign on its behalf (Applicable for Manager in Charge only).
⬜An undertaking from the Owner/Partners/Shareholders of the Licensed Person that all its correspondence addressed to the Central Bank must be signed by person(s) authorized to sign on its behalf, along with the full name of such person(s) and the designation(s). Enclose copies of the official power of attorney issued to such person(s).
⬜An undertaking letter from the Owner/Partners/Shareholders of the Licensed Person to comply with Paragraphs 16.4.6, 16.4.7 and 16.4.8 of the Standards (Applicable for Compliance Officer only).
⬜An undertaking letter from the Owner/Partners/Shareholders of the Licensed Person to comply with Paragraphs 16.5.1 (a) to (g) of the Standards (Applicable for Alternate Compliance Officer only).

APA Form (Page – 11/11)

Section 8: DECLARATION

We declare that the information contained in and submitted along with this Form is complete and accurate to the best of our knowledge and that there are no other relevant facts that the Central Bank must be aware of.

We understand that providing any information to the Central Bank that is false or misleading may result in declining the application or, if discovered later, the subsequent cancellation of any approvals provided. We shall also inform the Central Bank of any material changes to pertinent information contained in the Form that may arise during the application process. We authorize the Central Bank to make such enquiries and seek further information it deems necessary whilst considering this application.

No.	Name	Signature	Date
1.
2.

The above declaration must be signed by at least two Directors of the Board. In the absence of the Board of Directors, the above declaration must be signed by the Owner, two major Partners, or two major Shareholders.

Appendix 6 Agreed-Upon Procedures (AUP) for Remittance Intermediate Account
An External Auditor must perform the following procedures, at a minimum, on the Remittance Intermediate Account and report their findings as required by Article 9 (n) and (o) of Notice 1/2014 issued by the Central Bank (i.e. Regulations Regarding Licensing and Monitoring of Exchange Business) and Paragraph 4.13 of Chapter 4 of the Standards.
1. 1.Confirm that the Licensed Person maintains a “Designated Remittance Intermediate Account” with a Bank licensed by the Central Bank of the UAE;
2. 2.Verify and confirm that the Licensed Person deposits the funds received from its remittance customers directly into the “Designated Remittance Intermediate Account” before the end of banking hours on the next business day;
3. 3.Check whether the funds in the “Designated Remittance Intermediate Account” related to the remittance by customers are ‘ring-fenced’ against withdrawals for any purpose other than prefunding/settling the foreign correspondent accounts;
4. 4.Obtain the General Ledger of the Remittance Intermediate Account for the relevant month;
5. 5.Ensure that the relevant outward remittance transactions are recorded through the Remittance Intermediate Account in the General Ledger;
6. 6.Check, on a sample basis (risk based), that the transactions from the Remittance Intermediate Account in the General Ledger are transferred to the respective ledger accounts of foreign correspondents as and when the remittance instructions are issued (i.e. upon payment order transmission) to the respective foreign correspondents;
7. 7.Check, on a sample basis (risk based), that the foreign correspondent accounts are sufficiently funded before issuing the remittance instructions to the respective foreign correspondents or settlement is made whenever required in order to pay the beneficiary without any delay;
8. 8.Obtain statements for the relevant month, on a sample basis (risk based), from foreign correspondents and from the bank where the “Designated Remittance Intermediate Account” is maintained. Ensure that the amount of local currency, balances in the Designated Remittance Intermediate Account and foreign banks is sufficient to cover the liabilities towards the remittance customers; and
9. 9.The External Auditor and the Licensed Person must agree on additional procedures depending on the nature, size and complexity of the business of the Licensed Person.
G. Version Control Table
The Standards for Exchange Business in the UAE
Version No. Version Name Month and Year of
Issue Details of Amendments
1.10 First
Version February 2018 Not applicable as this is the first version

(Restricted) Finance Companies

Finance Companies Regulation
C 3/2023 Effective from 29/9/2023
The Board of Directors of the Central Bank,
Having perused Decretal Federal Law No. (14) of 2018 Regardng the Central Bank & Organisation of Financial Institutions and Activities and its amendments;
Decree Federal Law No. (20) of 2018 regarding Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations and its amendments;
Federal Law No. (6) of 2010 regarding the Credit Information and its amendments;
Federal Decree Law No. (32) of 2021 concerning Commercial Companies; and
Cabinet Decision No. (10) of 2019 Concerning the Implementing Regulation of Decree Federal Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations and its amendments.
Has decided the following:

Article (1) Introduction

1.1

The Central Bank is seeking to enhance the organization, development and regulation of Finance Companies and Restricted Licence Finance Companies in the United Arab Emirates (U.A.E.) in the context of the overall organization of the financial sector.

1.2

In introducing this Regulation the Central Bank wishes to ensure that Finance Companies and Restricted Licence Finance Companies in the U.A.E. are:

a.	Operating within transparent and well-defined organizational structures and operations;
b.	Prudently managed within a framework of permissible activities; and
c.	Equipped with the necessary financial resources and internal risk management systems.

1.3

This Regulation also establishes a framework for the regulation and supervision of Restricted Licence Finance Companies and sets requirements for Finance Companies to contract with Agents, both of which are permitted to offer only Short-Term Credit faciltiies. Restricted Licence Finance Companies are not permitted to contract with Agents to offer Short-Term Credit. Agents, therefore, must partner with either a Finance Company or a Bank before offering Short- Term Credit. The following are outside of the scope of this Regulation:

a.	Short-Term Credit activities conducted directly between Juridical Persons and not conducted by way of business;
b.	Any credit activity, whereby the payment to the vendor directly by the purchaser of a good or service is completed on an instalment basis and not conducted by way of business; and
c.	Factoring and/or Finance Lease activities.

Article (2) Objective

2.1

The objective of this Regulation is to provide a regulatory framework in which Finance Companies and Restricted Licence Finance Companies can operate and develop within the overall U.A.E. financial sector in a robust and prudent manner. The framework set out in this Regulation is aimed at:

a.	Protecting the customers of Finance Companies and Restricted Licence Finance Companies;
b.	Protecting Finance Companies and Restricted Licence Finance Companies; and
c.	Enhancing the overall stability of the financial sector.

2.2

This Regulation is issued by the Central Bank pursuant to the powers vested in the Central Bank Law.

2.3

Where this Regulation includes a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements, which are additional to the list provided in the relevant article.

Article (3) Application

3.1	This Regulation applies to Finance Companies and Restricted Licence Finance Companies except where specifically mentioned otherwise in this Regulation. All branches of any Finance Company or Restricted Licence Finance Company operating in the U.A.E. shall be regarded together as one Licensee.
3.2	Part I of this Regulation applies fully to Finance Companies with the exception of Restricted Licence Finance Companies.
3.3	Part II of this Regulation applies fully to Restricted Licence Finance Companies. Finance Companies and Banks must ensure that their Agents comply with the Articles in Part II of the Regulation which are applicable to Agents, as indicated. Agents are not required to comply with Articles (21) – Licensing, (22) – License Restrictions, and (25) – Minimum Capital Requirements.
3.4	Part III of this Regulation applies fully to Finance Companies and Restricted Licence Finance Companies.

Article (4) Definitions

The following terms and phrases shall have the definitions assigned to them for the purpose of this Regulation:

Affiliate: an entity that, directly or indirectly, is controlled by, or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity, or of the power to direct or cause the direction of the management of another entity;

Agent: a Juridical Person who is contracted to offer, grant, market, sell, intermediate and/or process a Short-Term Credit with a Borrower on behalf of a Finance Company or a Bank;

Aggregate Funding: the total amount of debt capital that a Finance Company borrows from external sources, including its Parent Company. This includes, but is not limited to,

Aggregate Liabilities: the total amount of onbalance sheet and off-balance sheet liabilities of a Finance Company;

AML Law: means Decree Federal Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations and Cabinet Decision No. (10) of 2019 Concerning the Implementing Regulation of Decree Federal Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations, as amended, and any instructions, guidelines and notices issued relating to their implementation;

Authorized Individual: any natural person authorized in accordance with the provisions of the Central Bank Law, to carry on any of the Designated Functions;

Bank: any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily carry on the activity of taking deposits, and any other licensed financial activities;

Borrower: a UAE resident Person who is granted a Short-Term Credit;

Central Bank: the Central Bank of the United Arab Emirates;

Central Bank Law: Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organisation of Financial Institutions and Activities, as amended;

Commercial Companies Law: Federal Decree Law No. 32 of 2021 on Commercial Companies, as amended;

Confidential Data: account or other information relating to a Finance Company customer or employee, who is or can be identified, either from the confidential data or from the confidential data in conjunction with other information that is in, or is likely to come into, the possession of a person, organization, or process that is granted access to the confidential data;

Controlling Influence: the relationship between a Parent Company and a Subsidiary, where the Parent Company holds a minimum of 50% of the Subsidiary’s share capital or has control over it via, for example, the composition of the board of directors, or via a similar relationship between any natural or Juridical Person or company;

Credit Exposure: the value of a funded and unfunded exposure and unused committed lines that are subject to any credit risks, such as default or credit rating downgrade;

Credit Information Agency: Al Etihad Credit Bureau and any credit information agency established for the purpose of credit reporting requirements in the UAE;

Credit Report: is a collection of historical credit data from various financial institutions, utility companies, government, etc., on individuals and companies in the UAE;

Crowdfunding: is solicitation of funds from persons through a platform for a specific purpose;

Designated Functions: functions of the Authorized Individual at, or for the benefit of, a Licensee of influential nature on the institution’s activities;

Duty of Care: the duty of a member of the board of directors to act on an informed and prudent basis in decisions with respect to the Finance Company;

Duty of Loyalty: the duty of a member of the board of directors to act in the interest of the Finance Company;

Factoring: (as defined in Federal Decree-Law No. 16/2021 on Factoring and Transfer of Civil Accounts Receivable) a transaction whereby the assignor transfers the current or future debtor ’ s accounts receivable, or both, to an assignee, or agrees that the assignee maintains and collects entries related to the transferred accounts receivable and provides protection to the assignee in case the debtor breaches the payment;

Fee: Any fees, charges, penalties and commissions incurred on a product and/or service by a Borrower;

Finance Lease: (as defined in Federal Law No. 8/2018 on Finance Lease) a relationship whereby the lessor owns the leased property for rental purposes and leases it to the lessee for a specified period under a separate contract in accordance with the provisions of the Federal Law, while granting the latter the right of choosing to own the leased property in accordance with the provisions hereof;

Financing: permitted activities as referred to in Article 10 of this Regulation;

Finance Company: a conventional finance company and/or an Islamic Finance Company;

Fitness and Probity or Fit and Proper: professional requirements and personal integrity requirements addressed to the board of directors and Senior Management in this Regulation;

aa.

Foreign Funding: any borrowing or acceptance of deposits from any corporate entity incorporated outside of the U.A.E. and its free zones;

ab.

Free Zone: all free zones in the UAE except the financial free zones;

ac.

Higher Sharia’a Authority: the Authority established by the Central Bank to ensure implementation of Islamic Sharia’a provisions at financial institutions carrying on their entire activities or part thereof in accordance with Islamic Sharia’a provisions;

ad.

Independent Member of the Board: a member of the board of directors who does not have any management responsibilities within the Finance Company and is not under any undue influence, internal or external, or ownership, that would impede the board member’s exercise of objective judgment, including but not limited to a relationship with the Finance Company, any of its Senior Management, external auditor, significant shareholders, subsidiaries or affiliates that could lead to financial or other benefit, in addition to other conditions that the Central Bank may specify from time to time;

ae.

Islamic Finance Company: a Central Bank licensed company engaged in Financing activities whose memorandum and articles of association include a commitment to apply Sharia'a provisions and to conduct its activities as per those provisions;

af.

Juridical Person: a Juridical Person in accordance with Article 92 of Federal Law No. 5 of 1985 Concerning the Issuance of the Civil Transactions Law. For the purpose of this Regulation, this definition only refers to Juridical Persons in the U.A.E.;

ag.

License: authorization issued by the Central Bank to conduct the business of Finance Companies or Restricted Licence Finance Companies;

ah.

Licensee: a Juridical Person licensed by the Central Bank to conduct Financing activities per the provisions of this Regulation;

ai.

Material Business Activity: an activity of the Finance Company that has the potential, if disrupted, to have a significant impact on the Finance Company’s business operations or its ability to manage risks effectively;

aj.

Outsourcing: an agreement with another party either within or outside the UAE, including a party related to the Licensee, to perform on a continuing basis an activity which currently is, or could be, undertaken by the Licensee itself;

ak.

Parent Company: an entity (the 'first entity') which:

1.	holds a majority of the voting rights in another entity (the 'second entity');
2.	is a shareholder of the second entity and has the right to appoint or remove a majority of the board of directors or managers of the second entity; or
3.	is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity.
	or;
4.	if the second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.

al.

Principal Shareholder: any shareholder of a Finance Company who owns, directly or indirectly, 5% or more of shareholdings of a Finance Company;

am.

Regulations: any resolution, regulation, circular, rule, standard or notice issued by the Central Bank;

an.

Related Entities: any of the following:

1.	Two or more natural or Juridical Persons who, unless shown otherwise, constitute a single risk because one of them, directly or indirectly, has control over the other or others, or can exercise a Controlling Influence over the other party in making financial and operating decisions; or
2.	Two or more natural or Juridical Persons between whom there is no relationship of control but who are to be regarded as constituting a single risk because they are so inter-related that, if one of them were to experience financial problems, the other or all of the others would be likely to encounter repayment difficulties;

ao.

Restricted Licence Finance Company: a Juridical Person licensed by the Central Bank to conduct the licensed financial activity of granting Short-Term Credit only;

ap.

Senior Management: the executive management of the Finance Company or Restricted Licence Finance Company responsible and accountable to the board of directors for the sound and prudent day-to-day management of the Finance Company or Restricted Licence Finance Company, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer and heads of the compliance and internal audit functions;

aq.

Short-Term Credit: any credit which is granted to a Borrower for a period of not more than twelve (12) months, for the express purposes of purchasing specified, identifiable goods or services, without interest being charged nor a lien being placed against collateral nor a security deposit being required from the Borrower;

ar.

Subsidiary: an entity (the 'first entity') is a subsidiary of a Finance Company (the 'second entity') if the second entity:

1.	holds a majority of the voting rights in the first entity;
2.	is a shareholder of the first entity and has the right to appoint or remove a majority of the board of directors or managers of the first entity; or
3.	is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity.
	or;
4.	if the first entity is a subsidiary of another entity which is itself a subsidiary of the second entity;

as.

U.A.E. Banks: all banks licensed by the Central Bank.

Article (5) Superseded Requirements and General Provisions

5.1	This Regulation replaces all previous Central Bank regulations with respect to Finance Companies including the following:

Regulations	Provisions
Central Bank Board of Directors' Resolution No. 58/3/96 regarding the regulation for finance companies and its amendments	All articles
Central Bank Board of Directors' Resolution No. 165/6/2004 regarding the regulation for finance companies which conduct their business per Islamic Sharia'a Principles	All articles

PART I - Finance Companies (does not apply to Restricted Licence Finance Companies)

Article (6) Applying for a License

6.1

The conducting of Financing activities in the U.A.E. is prohibited unless licensed by the Central Bank to do so.

6.2

Conducting Financing activities is restricted to Juridical Persons. The application must specify the range of activities for which the License is requested and must include the following:

6.2.1

A statement identifying the nature and scope of the types of activities, mentioned in Article 10 of this Regulation, that a new Finance Company proposes to undertake. In addition, the statement must specify any plans the applicant may have with regard to the future developments of these kinds of business, as well as details regarding the applicant's arrangements related to managing its business.

6.2.2

A feasibility study identifying the target market, the services to be provided, the business model and the strategy of the Finance Company, in addition to a three-year feasibility study that includes at least the following:

a.	Financing activities and products to be launched;
b.	Estimated financial statements, projected annual revenue and expenses, financial margins and targeted growth rates, taking into account Central Bank requirements according to Article 11 and Article 12 of this Regulation;
c.	Projected start-up costs and financing thereof;
d.	Projected ongoing financing of operations;
e.	The risk factors;
f.	A summary of the corporate structure, legal form and corporate governance standards adopted by the Finance Company;
g.	Branches to be established by the Finance Company; and
h.	A recruitment plan with the projected number of employees, including those of U.A.E. nationality. The Central Bank may set specific requirements for the share of employees of the Finance Company who are U.A.E. nationals.

6.2.3

The names, addresses, nationalities and share holdings of the shareholders, in addition to a certified copy of the memorandum and articles of association after the completion of the establishment procedures, as per the provisions of the Commercial Companies Law. For the shareholders who are U.A.E. nationals, U.A.E. identity cards are required in addition to a list of family members and their relationship to the founding members. For expatriate shareholders, passport and valid residency visa copies and U.A.E. identity cards are required. If the founding members are Juridical Persons, then constitutional documents duly legalized are required.

6.2.4

Organizational structure showing the main departments, sections, lines of reporting, authorities and responsibilities. This structure should be appropriate, balanced, and acceptable to the Central Bank.

6.2.5

Curriculum vitae of persons recommended for board of directors and Senior Management positions. The Central Bank may decide to interview nominees.

6.2.6

A certificate issued by a U.A.E. Bank indicating that the license applicant holds at least 25 million United Arab Emirates Dirhams of its paid up capital in deposits; in addition, an undertaking to deposit the remaining balance of the minimum required paid-up capital immediately after obtaining a preliminary approval from the Central Bank.

6.2.7

A letter of unconditional guarantee by one of the U.A.E. Banks, issued to the Central Bank, for an amount equivalent to the minimum required paid-up capital. This letter of guarantee must be renewable automatically until the required minimum paid-up capital is paid in full. The letter of guarantee shall be released upon the request of the founding shareholders in the following cases:

a.	Payment of the required minimum amount of paid-up capital in cash;
b.	Withdrawal of the License application; or
c.	Rejection of the License application by the Central Bank.

6.2.8

An undertaking to abide by the provisions of the Central Bank Law and the Commercial Companies Law as well as the provisions of this Regulation and any decisions, instructions, directives, circulars or correspondence issued by the Central Bank with regard to Financing activities.

6.2.9

An undertaking to make available records and documents to be supervised, examined and reviewed by the Central Bank, as well as an undertaking to comply with the AML Law.

6.2.10

Any other information and/or documents requested by the Central Bank for the purpose of deciding on the application for a License.

6.3

The applicants might apply for either a conventional Finance Company License or an Islamic Finance Company License. As such, Islamic windows in conventional Finance Companies are prohibited.

6.4

The legal form of a Finance Company must be in one of the forms stipulated in the Commercial Companies Law. It shall be subject to Central Bank licensing, supervision and examination, as per the provisions of the Central Bank Law.

Article (7) Scope of License

7.1	The Licensee must commence licensed activities, specified in its License according to Article 10 of this Regulation, within a maximum of 12 months from the date of notification of approval of License.
7.2	The License shall be granted for an initial period of three years and shall be renewable for same periods unless otherwise required by the Central Bank. A Finance Company must apply to the Central Bank for License renewal no later than two months before the expiry date of the existing License.
7.3	The License shall contain the terms deemed appropriate by the Central Bank.
7.4	The Central Bank may take any action deemed appropriate to ensure the sound functioning of the Finance Companies.

Article (8) Notification of Approval or Refusal

8.1	The Central Bank may approve or refuse the License application after reviewing the application and obtaining all requested information.
8.2	The Central Bank shall notify the applicant of its decision in writing, with reasons provided in the event a License application is refused, within fifteen days after the date of the decision of the Central Bank’s board of directors.

Article (9) License Amendment, Cancellation or Restriction

9.1

The Central Bank may, at any time, through a decision by its board, cancel, change, restrict, impose or withdraw any condition imposed on a License. The Finance Company shall have the right to comment with regard to the reasons for such cancellation, alteration, restriction, imposition or withdrawal. The Central Bank shall not be obliged to but may consider such comments at its sole discretion.

9.2

The Central Bank may, through a decision by its board, revoke or withdraw a License of a Finance Company in the following cases:

a.	If the Finance Company violates any provision of this Regulation, or the provisions of the Central Bank Law, or any other applicable laws, regulations, decisions, instructions, directives, circulars or correspondence issued by the Central Bank, including regulations regarding anti-money laundering / combating the financing of terrorism requirements; or if the License requirements are not met or cannot be met;
b.	If the Central Bank is provided with false, misleading or inaccurate information by the Finance Company or by those acting on its behalf, including its managers, supervisors or auditors;
c.	If the interests of the current or potential customers of the Finance Company are at risk, whether due to the manner in which the Finance Company conducts its business or intends to conduct its business, or for any other significant reason;
d.	If an order to liquidate the business of the Finance Company or of its Parent Company is issued by any competent judicial authority;
e.	If a court receiver, or any other similar officer is appointed to oversee the business of the Finance Company;
f.	If a bankruptcy order against the Finance Company is issued;
g.	If the Finance Company has not commenced operations within twelve months from the date of notification of approval of the License;
h.	If the Finance Company ceases to operate for a period of twelve consecutive months;
i.	If the Central Bank determines that the Finance Company is unable to repay debts that are due, or that asset values are less than its liabilities, after taking into consideration current and future claims;
j.	If the concerned local authorities have withdrawn any licenses granted by them to the Finance Company;
k.	If the Finance Company conducts any business activity from premises other than those approved by the Central Bank;
l.	If the Senior Management of the Finance Company is not deemed Fit and Proper; and
m.	In any additional case determined by the Central Bank at its sole discretion.

9.3

A Finance Company wishing to cease or suspend any of its licensed activities must apply to the Central Bank at least six months in advance providing the reasons for such a cessation or suspension.

9.4

Any Finance Company that fails to comply with the AML Law and regulations and any other resolutions or instructions issued by the Central Bank in this regard, will be penalized in accordance with the prevailing laws and regulations.

9.5

In case a Finance Company is not compliant with any of the provisions of this Regulation, the Central Bank shall have the sole authority to consider imposing fines, penalties or any such action on the Finance Company at the sole discretion of the Central Bank.

Article (10) Permitted activities

10.1

A company can apply for a License to conduct one or more of the following types of activities:

a.	Retail finance, including personal loans, credit cards, vehicle loans and Short-Term Credit;
b.	Mortgage finance, including residential mortgages and commercial mortgages;
c.	Wholesale finance, including loans to large corporate borrowers, small and medium-sized enterprises, microfinancing, finance and operating leasing and wage protection schemes;
d.	Pre-paid cards; and
e.	Distribution of third party products as an agent; provided that the Finance Company received approval from the relevant competent authority for the distribution of the third party products concerned.

The licensing application must state the products within each activity that the Finance Company intends to offer to its customers.

10.2

The board of the Central Bank can review the list of permitted activities specified in Article 10.1 of this Regulation and amend it.

10.3

The financing activities of an Islamic Finance Company are those provided under Article 10.1 subject to compliance with Islamic Sharia'a provisions.

10.4

A Finance Company may only accept deposits from Juridical Persons and only issue certificates of deposit to Juridical Persons. A Finance Company is strictly prohibited from accepting deposits or loans from individuals and from opening accounts of any kind, excluding loan accounts and in any form on behalf of individuals.

10.5

A Finance Company is permitted to borrow from U.A.E. Banks. A Finance Company may receive Foreign funding provided that adequate hedging is in place to mitigate the currency risk. Foreign funding must not exceed 25% of the sum of Aggregate Funding and deposits of a Finance Company.

10.6

A Finance Company must have its License updated in order to conduct any activity outside of those specified in the License of the Finance Company.

10.7

A Finance Company must obtain a no objection letter from the Central Bank in order to provide any new product line from within activities specified in the License of the Finance Company.

10.8

Consistent with Articles 10.1a, 10.1b and 10.1c of this Regulation, the Finance Company may extend advances and loans to Juridical Persons and individuals based in the U.A.E. and offer revolving credit facilities, open letters of credit and issue letters of guarantee to Juridical Persons.

10.9

A Finance Company may apply to the Central Bank for non-objection to partner with an Agent to offer Short-Term Credit. Where the Finance Company contracts with an Agent, the Finance Company must, at a minimum, ensure that the Agent complies fully with all applicable Articles of Part II of this Regulation with the exception of Articles (21) – Licensing, (22) – License Restrictions and (25) – Minimum Capital Requirements. The Central Bank shall set the requirements for Finance Companies to obtain a non-objection to contract with an Agent on a case by case basis.

10.10

The Finance Company’s partnership with an Agent may only involve:

a.	The Agent offering the Short-Term Credit products and services of and funded by the Finance Company to Borrowers; and/or
b.	The Agent granting Short-Term Credit products to Borrowers, which are fully funded by the Agent.

10.11

Consistent with Article 10.1d of this Regulation, the Central Bank shall approve the request of a Finance Company to act as a program manager for the reloadable prepaid cards programs of a U.A.E. Bank with the following conditions:

a.	Escrow accounts (pool accounts) should be ring-fenced from deposits of the Finance Company;
b.	The U.A.E. Bank remains responsible for anti-money laundering / combating the financing of terrorism compliance and reporting functions;
c.	The U.A.E. Bank remains responsible for ensuring that appropriate systems and controls are in place to monitor all transactions;
d.	The board of directors of the Finance Company should oversee the business risks;
e.	The Finance Company is responsible for ensuring anti-money laundering / know-your-customer procedures, specially initial know-your-customer procedures, are in place and operate effectively;
f.	The Finance Company must ensure that its anti-money laundering / knowyour-customer procedures are in line with the anti-money laundering / know-your-customer procedures of the U.A.E. Banks;
g.	The Finance Company must screen every transaction against money laundering and terrorism financing for amounts that exceed the threshold as per the law or regulation concerned or any notice issued by the Central Bank;
h.	The Finance Company should ensure that procedures are in place on pool account operation, reconciliation controls and independent audit reviews; and
i.	The Finance Company must abide by all relevant laws and regulations at all times, in this regard.

10.12

In keeping with Article 10.4 of this Regulation, a Finance Company may accept deposits from Juridical Persons and issue certificates of deposit to Juridical Persons, provided that:

a.	They are term deposits only, with a minimum tenor of thirty days;
b.	Any deposit accepted is subject to a robust asset and liability management; and
c.	A single party deposit does not exceed 20% of the total amount of all accepted deposits and certificates of deposits of a Finance Company.

10.13

A Finance Company may only participate in the share capital of the following companies. Companies concerned must be incorporated in the U.A.E. or its Free Zones:

a.	Brokerage companies;
b.	Money exchange companies;
c.	U.A.E. Banks; and
d.	Finance Companies.

10.14

Any single participation mentioned in Article 10.13 of this Regulation must not exceed 10% of the aggregate capital funds as defined in Article 11 of this Regulation and the aggregate participation in the capital base of the companies mentioned in Article 10.13 of this Regulation must not exceed 25% of the Aggregate Capital Funds of the Finance Company.

10.15

Any participation in any finance sector company mentioned in Article 10.13 of this Regulation must not exceed 25% of the share capital of the investee. This restriction does not apply to companies supporting operational activities of the investing Finance Company.

10.16

A Finance Company may place deposits in U.A.E. Banks and obtain certificates of deposit from U.A.E. Banks provided that:

a.	The number of U.A.E. Banks, in which the Finance Company places its deposits is greater than or equal to four; and
b.	Any such deposit or certificate of deposit placed in any U.A.E. Bank does not exceed 10% of the Aggregate Capital Funds of the Finance Company.

10.17

A Finance Company must obtain approval from the Central Bank in order to issue bonds or sukuks. Bonds and sukuks of a Finance Company must be denominated in United Arab Emirates Dirhams or United States Dollar only.

10.18

A Finance Company is prohibited from financing a borrower which is not an entity incorporated in the U.A.E or its free zones, or a U.A.E. resident, or where the mortgaged assets are not in the U.A.E.

10.19

A Finance Company is prohibited from conducting any money-exchange business and from entering into any unhedged foreign exchange contracts.

10.20

A Finance Company must not purchase or acquire any immovable property, except for immovable property that may be used as premises for its operations.

10.21

Article 10.20 of this Regulation shall not prevent a Finance Company from securing a debt on any immovable property and in the event of default in payment of the debt, from entering into a settlement agreement with the relevant borrower and as a result holding that immovable property for realization by sale or auction within three years from the date such ownership was established. The said period could be extended by the Central Bank based on justification acceptable to the Central Bank.

10.22

Article 10.20 of this Regulation shall not apply to Islamic Finance Companies, which may own property including immovable property and goods as part of an underlying financing contract with a borrower.

10.23

Article 10.20 of this Regulation shall not apply to such property as may from time to time be explicitly approved in advance by the Central Bank.

10.24

A Finance Company must not engage in any activity for which it is not licensed under applicable laws and regulations.

Article (11) Minimum Capital Requirements

11.1

Aggregate capital funds consist of the following items:

a.	Paid-up capital;
b.	Reserves, excluding revaluation reserve; and
c.	Retained earnings.

11.2

The following items must be deducted from aggregate capital funds:

a.	Accumulated losses; and
b.	Goodwill.

11.3

The minimum required paid-up capital for a Finance Company is 150 million United Arab Emirates Dirham.

11.4

In the event that Aggregate Capital Funds of a Finance Company fall below 150 million United Arab Emirates Dirham, the Finance Company must present a plan to rectify the shortfall to the Central Bank within 30 days of the occurrence of the shortfall. The plan must be approved by the board of directors of the Central Bank.

11.5

U.A.E. national ownership of a Finance Company must comprise at least 60% of total paid-up capital.

11.6

The amount of Aggregate Liabilities of a Finance Company must be limited to 100% of its Aggregate Capital Funds during the first two years of operation. Thereafter, approval may be sought from the Central Bank to allow the value of Aggregate Liabilities to increase to 200% of the Aggregate Capital Funds; up to 300% after four years; up to 500% after seven years; and up to 700% after ten years. A Finance Company may, for the purpose of this calculation, deduct from Aggregate Liabilities any of the following items:

a.	Cash collaterals;
b.	Bank guarantees from U.A.E. Banks; and
c.	Sovereign guarantees.

The items listed under the letters a, b and c of this Article must be legally enforceable.

11.7

A Finance Company should allocate at least 10% of its annual net profits to the establishment of a statutory reserve until such point as that statutory reserve equals 50% of its paid-up capital.

11.8

Shareholders of a Finance Company must not withdraw an amount exceeding their share of the annual net profit identified in the provisions of the Commercial Companies Law.

11.9

A Finance Company must obtain approval from the Central Bank for any proposed dividend distribution and they must do so before announcing the proposed dividend publicly in a press announcement or by other means of communication and prior to submitting a proposal for a distribution of profits for shareholder approval.

Article (12) Liquidity Requirements

12.1

The following items may be considered as liquid assets:

a.	Cash held in a U.A.E. Bank;
b.	Certificates of deposit issued by the Central Bank held via a U.A.E. Bank;
c.	Short-term deposits with a U.A.E. Bank with maturity up to 30 days; and
d.	UAE Federal and local government bonds, which must not exceed 30% of the total amount of liquid assets.

Encumbered cash held as collateral by a Finance Company is not considered as liquid assets.

12.2

To withstand short-term liquidity stress, Finance Companies are required to hold an amount equivalent to 10% of their Aggregate Liabilities in liquid assets. A Finance Company may, for the purpose of this calculation, deduct from Aggregate Liabilities any of the following items:

a.	Cash collaterals;
b.	Bank guarantees from U.A.E. Banks; and
c.	Sovereign guarantees.

The items listed under the letters a, b and c of this Article must be legally enforceable.

12.3

Consistent with Article 12.2 of this Regulation a Finance Company must not hold more than 25% of its liquid assets in a single U.A.E. Bank.

12.4

Customer deposits of a Finance Company are not subject to cash reserve requirements.

Article (13) Credit Exposure Restrictions

13.1

A Finance Company’s Credit Exposure to a single borrower or group of Related Entities is considered as a Large Credit Exposure, where its value is equal to or exceeds 7% of the Finance Company’s Aggregate Capital Funds. For the purpose of calculating the value of a Large Credit Exposure, a Finance Company may consider whether to deduct any of the following items:

a.	Provisions;
b.	Cash collaterals;
c.	Bank guarantees from U.A.E. Banks; and
d.	Sovereign guarantees.

The items listed under the letters b, c and d of this Article must be legally enforceable.

13.2

The aggregate amount of Large Credit Exposures must not exceed 100% of the Aggregate Capital Funds of a Finance Company.

13.3

In addition to Article 13.2, the Central Bank has defined maximum permissible Credit Exposure limits, as shown in Table 1 below.

Table 1: Maximum Credit Exposure Limits

Borrower	Aggregate percentage of Aggregate Capital Funds	Individual percentage of Aggregate Capital Funds
A single borrower	Not applicable	10%
A group of Related Entities	Not applicable	15%
Principal Shareholders and their Related Entities	20%	10%
Subsidiaries and Affiliates of a Finance Company	20%	10%
Board members	Not allowed	Not allowed
Employees of the Finance Company	2%	Maximum 20 times of salary
External auditors, consultants and lawyers of a Finance Company	Not allowed	Not allowed

13.4	Where a Principal Shareholder is also a member of the board of directors of a Finance Company, Credit Exposures will be considered within the Principal Shareholders' Credit Exposure limits.

Article (14) Corporate Governance

14.1

A Finance Company must develop its own principles and policy for corporate governance, have them approved by its board of directors and provide the Central Bank with a copy thereof. The corporate governance policy must, at a minimum, include the following items:

a.	A description of the organizational structure, including all departments and positions as well as their duties and responsibilities;
b.	Controls for independence and segregation of duties;
c.	Roles, responsibilities, and composition of the board of directors and, if applicable, its committees;
d.	Remuneration and compensation policies;
e.	Conflict of interest controls;
f.	Integrity and transparency controls;
g.	Controls ensuring compliance with applicable laws and regulations;
h.	Methods for maintaining confidentiality of information;
i.	Controls for the protection of corporate assets; and
j.	Delegation of authority.

Founding shareholders

14.2

Each founding shareholder must satisfy Fit and Proper requirements defined by the Central Bank. In particular, a founding shareholder must not have:

a.	Been convicted of any crime involving dishonor or dishonesty, or that involves violence;
b.	Failed to honor financial liabilities to any bank or creditor;
c.	Declared bankruptcy or failed to reach a settlement agreement with creditors;
d.	Had properties confiscated; or
e.	Been placed under court receivership, unless he has been rehabilitated or pardoned by the relevant authorities.

14.3

The number of founding shareholders of a Finance Company should be in line with the Commercial Companies Law.

Responsibility of the board

14.4

Members of the board of directors of the Finance Company must act with integrity, exercising their Duty of Care and Duty of Loyalty.

14.5

Members of the board of directors of the Finance Company are responsible for ensuring effective control over the Finance Company’s entire business. Members of the board of directors of the Finance Company must ensure that a Finance Company has a robust corporate governance policy commensurate with its risk profile.

14.6

Members of the board of directors of the Finance Company are responsible for approving and overseeing implementation of the Finance Company’s strategic objectives and its risk management function, compliance function and internal and external audit.

14.7

Members of the board of directors of the Finance Company are responsible for the organizational structure of the Finance Company, including specifying the key responsibilities and authorities of the board and the Senior Management including the heads of the risk management, compliance and internal audit functions.

14.8

Members of the board of directors of the Finance Company are responsible for overseeing Senior Management, ensuring that the Finance Company’s activities are carried out in a manner consistent with the business strategy, corporate governance framework, remuneration and other policies approved by the board of directors of the Finance Company.

Board composition and qualification

14.9

The board of directors of a Finance Company must have no fewer than five members. At least 60% of the board members must be experienced in the finance and banking business. At least 60% of board members of an Islamic Finance Company must have knowledge of the Islamic finance and banking business.

14.10

The majority of the board of directors of a Finance Company must be U.A.E. nationals. The board must be chaired by one of the board members who is a U.A.E. national.

14.11

All of the members of the board of directors must be non-executives. There must be no overlap between the function and role of the board and general management. A person holding a position in Senior Management must not hold a board position.

14.12

At least 1/3 of the members of the board of directors must be independent members in order to facilitate effective oversight of the Finance Company. Collectively, the board members must have knowledge of all significant businesses of the Finance Company. The board members must have an appropriate balance of skills, diversity and expertise commensurate with the size, complexity and risk profile of the Finance Company.

14.13

A Finance Company must have a clear and rigorous process for identifying, assessing and selecting candidates for the board of directors of the Finance Company. At a minimum, board members must meet the following Fit and Proper requirements:

a.	Possess the necessary knowledge, skills and experience; and
b.	Have sufficient time to fully discharge their responsibilities.

14.14

The board members of a Finance Company must satisfy Fit and Proper requirements defined by the Central Bank. In particular, a board member must not have:

a.	Served as an auditor of a Finance Company while concurrently serving in the board of directors of the same Finance Company;
b.	Been terminated from any senior executive position in a company engaged in financial activities on the basis of disciplinary matters or on the basis of a disciplinary action based on a court judgement;
c.	Been convicted of any crime involving dishonor or dishonesty, or that involves violence;
d.	Failed to honor financial liabilities to any bank or creditor;
e.	Declared bankruptcy or failed to reach a settlement agreement with creditors;
f.	Had properties confiscated; or
g.	Been placed under court receivership, unless he had been rehabilitated or pardoned by the relevant authorities.

14.15

A Finance Company must obtain approval from the Central Bank prior to nominating or appointing members to its board of directors.

14.16

A Finance Company must obtain approval from the Central Bank prior to any membership changes in its board of directors.

Board committees

14.17

To cover areas requiring special expertise, the board of directors of a Finance Company must form board committees. Said committees must at a minimum include a separate board Audit Committee and a separate board Risk Management Committee. Where board committees are set up, they must be chaired by an Independent Member of the board of directors and must not be chaired by a member of the Senior Management or an external party.

Credit committee

14.18

To review and approve substantial loans, the board of directors of a Finance Company is encouraged to establish a credit committee of no fewer than three members. Significant loans must be reviewed and approved by the board of directors. Finance Companies must decide on the definition of substantial and significant loans individually, based on the size of the Finance Company and its scope of activities.

Sharia’a supervision committee of an Islamic Finance Company

14.19

The memorandum and articles of association of an Islamic Finance Company must state the appointment of a Sharia'a supervision committee, of no less than three members from among Islamic doctrinal specialists, who have previous experience in the area of Islamic financing.

14.20

The Sharia'a supervision committee must ensure that the conduct and transactions of an Islamic Finance Company are in accordance with Islamic Sharia'a provisions. The articles of association of an Islamic Finance Company must specify the method by which the said committee is formed and the manner in which it conducts its duties and functions.

14.21

The Sharia'a supervision committee must be responsible and accountable for all its decisions, views and opinions related to Sharia'a matters. While the board of directors of a Finance Company bears the ultimate responsibility and accountability on the overall governance of the Islamic Finance Company, the Central Bank expects the board of directors of a Finance Company to be guided by the Sharia'a supervision committee on compliance with all Sharia'a decisions, views and opinions applicable to the business of the Islamic Finance Company.

14.22

In case a dispute or conflict arises between the Sharia’a supervision committee and the management of the Finance Company, the committee must refer the matter to the Higher Sharia’a Authority for decision.

14.23

An Islamic Finance Company must ensure that its corporate governance framework adequately provides for:

a.	Compliance with Sharia'a provisions;
b.	The role of the Sharia'a supervision committee in the governance of the Islamic Finance Company;
c.	The rights of investment account holders and the processes and controls for protecting their rights; and
d.	Transparency of financial reporting in respect of investment accounts.

14.24

An Islamic Finance Company must ensure compliance with any direction or guidance issued by the Higher Sharia'a Authority with respect to its Sharia'a governance framework.

14.25

An Islamic Finance Company must immediately notify the Central Bank and the Higher Sharia'a Authority if it becomes aware of any material information that may negatively affect the Fitness and Probity of a Sharia'a supervision committee member.

Senior Management

14.26

Any nominee for Senior Management must satisfy Fit and Proper requirements defined by the Central Bank. In particular, members of Senior Management must not have:

a.	Been dismissed from a previous job on the basis of disciplinary action;
b.	Been convicted in any crime involving dishonor or dishonesty, or that involves violence;
c.	Failed to honor financial liabilities to any bank or creditor;
d.	Declared bankruptcy or failed to reach a settlement agreement with creditors;
e.	Had properties confiscated; or
f.	Been placed under court receivership, unless they had been rehabilitated or pardoned by the relevant authorities.

14.27

The nominee for a Senior Management position of a Finance Company must, at a minimum, meet the following professional requirements:

a.	Be theoretically and practically familiar with the Financing business;
b.	Have appropriate academic and professional qualifications; and
c.	Adequate experience in the finance field for not less than ten years. The Central Bank may, at its own discretion, reduce periods of experience.

14.28

The nominee for a Senior Management position of an Islamic Finance Company must, at a minimum, meet the following professional requirements:

a.	Be theoretically and practically familiar with the Islamic Financing business;
b.	Have appropriate academic and professional qualification; and
c.	Adequate experience in the finance field for not less than ten years. The Central Bank may, at its own discretion, reduce periods of experience.

On a case-by-case basis, the Central Bank shall have the right to exempt the nominees from such conditions upon the sole discretion of the Central Bank.

14.29

The post of the chief executive officer of a Finance Company or his equivalent must be separated from other roles within the group of companies that the Finance Company belongs to, with authorities and responsibilities defined by the board of directors. The chief executive officer or his equivalent is responsible for reporting significant transactions, major decisions and activities to the board of directors of the Finance Company.

Article (15) Internal policies and procedures

15.1

The Finance Company must establish written organizational policies and procedures, which must be reviewed annually and communicated to employees in a timely manner. At a minimum, the organizational policies and procedures must include the following items:

a.	Extension of credit;
b.	Risk management, assessment, handling, monitoring and disclosure thereof;
c.	Information technology and security;
d.	Internal audit;
e.	Compliance with relevant laws, regulations and instructions;
f.	Remuneration and incentives, including remuneration and incentives of Senior Management and remuneration of the board members; and
g.	Outsourcing of business activities.

15.2

In keeping with provisions of Article 10 of this Regulation, a Finance Company must demonstrate that it has developed sound risk management policies and controls and adequate internal policies and procedures for each product offered by the Finance Company.

15.3

A Finance Company must have an appropriate and balanced organizational structure, showing the main departments, sections, lines of reporting, authorities and responsibilities; the structure should be acceptable to the Central Bank.

15.4

The segregation of duties must be maintained to ensure the application of the generally accepted policies and procedures for protecting the assets and funds of a Finance Company, and avoiding fraud and embezzlement. Executive positions must not be combined in such a way that they might introduce a conflict of interest.

Additional Requirements for internal policies and procedures of an Islamic Finance Company

15.5

The management of an Islamic Finance Company must be responsible for observing and implementing Sharia'a rulings and decisions made by the Sharia'a supervision committee. The Finance Company is required to have procedures in place to ensure that any Sharia'a issues arising in the course of business are referred to the Sharia'a supervision committee for decisions, views and opinions.

15.6

A Finance Company must adhere to the Fit and Proper criteria that govern appointment, replacement and termination of members and chairmen of the Sharia’a Supervision Committee.

15.7

An Islamic Finance Company must take the necessary steps to ensure that proper systems and controls are in place in order to ensure Sharia'a provisions are complied with at all times, including but not limited to the following:

a.	An Islamic Finance Company must prepare procedure manuals for the operations duly approved by their Sharia'a supervision committee as well as the board of directors or in the case of branches of an Islamic Finance Company operating in the U.A.E., by their head office;
b.	An Islamic Finance Company must prepare a full set of documents pertaining to the investment and financing products relating to its operations. The full set of the documents duly vetted by their Sharia'a supervision committee must be maintained by the company. Similarly, all documents in respect of new schemes offered by the Islamic Finance Company must also be prepared and maintained before the launching of the scheme;
c.	All documents, including, but not limited to, ledgers, registers, pay-inslips, cheques, receipts and passbooks used in an Islamic Finance Company must be appropriately marked, so as to easily distinguish them from the documents pertaining to a Conventional Finance Company; and
d.	An Islamic Finance Company must undertake an internal Sharia'a review on the operations of the company at least annually.

Extension of credit

15.8

A Finance Company must draw up policies and procedures for Financing, which, at a minimum, must include the following items:

a.	classification of credit worthiness;
b.	Procedures for dealing with declining credit rating and non-performing loans;
c.	Acceptable collaterals and the basis for assessing its value;
d.	Monitoring, administration and enforcement of collateral; and
e.	Risk provisioning.

15.9

Finance Companies must establish and maintain regular procedures for classifying the loans and advances that they extend to their customers in accordance with the regulations and guidelines of the Central Bank. These requirements on the classification of loans and their provisions may occasionally be updated by the Central Bank.

15.10

Upon obtaining the borrower's consent, the Finance Company must review the consumer’s credit record to verify the consumer’s solvency, ability to repay and credit behavior and document such verification in a credit file.

15.11

A Finance Company must have a credit approval matrix for the extension of credit according to the type and amount of the credit. The credit approval matrix must be approved by the board of directors of the Finance Company. The decision to approve or reject credit must be in accordance with the authority granted in the credit approval matrix.

15.12

The Finance Company must follow a sound method with written, transparent and clear procedures to assess credit worthiness of the applicants and their ability to repay. The board of directors of the Finance Company must approve these procedures and review them at least once every two years and update the same if necessary. The Finance Company must apply these procedures before extending credit and document the same in the credit file.

15.13

Credit Exposure risks must be assessed and risk rated prior to making the decision to extend credit. The risk classification must be reviewed at least once a year.

15.14

The Finance Company must specify procedures for early detection of risks to identify credit exposures that manifests clear signs of increased risk and develop quantitative and qualitative indicators for early identification of risks.

Risk management function

15.15

A Finance Company should establish a clear, written risk management policy that is approved by the board of directors of the Finance Company. The risk management policy must address all relevant risks, taking into account the full range of business activities conducted by the Finance Company. At a minimum, the policy must include the following risks:

a.	Credit risks;
b.	Market risks;
c.	Asset-liability mismatch risks;
d.	Liquidity risks; and
e.	Operational risks, including information technology and security risks.

15.16

The risk management function must be functionally independent of the risk generating business lines and is responsible for the design, maintenance and ongoing development of the risk framework within the Finance Company. The risk management function must not report hierarchically or functionally to any person or function that is directly responsible for risk generation. The risk management function must have appropriate access to the board of directors of a Finance Company.

15.17

A Finance Company must set appropriate procedures for the identification, assessment, management and monitoring of risks and prepare risk reports thereon.

15.18

A Finance Company must prepare a quarterly risk report to be discussed by the board of directors after being reviewed by Senior Management.

Information Technology and Security

15.19

The technical facilities and systems of a Finance Company must be sufficient for the operational needs, business activities and risk exposure of the Finance Company.

15.20

A Finance Company must maintain all business documents, records and files in an orderly, transparent and safe manner and ensure the completion and periodic updating of these files. Said documents, records and files must be retained for at least a period of five years from the date of termination of the relationship with the customer.

15.21

Information technology systems and related processes must be developed to ensure data availability, integration, integrity and confidentiality. Such systems must be periodically assessed by the Finance Company in accordance with relevant regulations and standards and must be tested prior to launching and after introducing any modification thereto.

15.22

The Finance Company must use its information technology infrastructure to enhance its ability to retrieve all know-yourcustomer and transactions records in a timely manner.

15.23

The Finance Company must develop a business continuity plan that ensures alternative solutions that will enable the recommencement of operations within a reasonable time in the event that they are disrupted.

Internal audit function

15.24

The Finance Company must have an internal audit function that reports directly to the board of directors of the Finance Company. This function must be independent and its employees must not be assigned any other responsibilities.

15.25

The internal audit function must operate according to a comprehensive audit plan. The audit plan must be approved by the board of directors of the Finance Company and reviewed annually. Major activities and operations, including those related to risk management and compliance must be audited at least annually.

15.26

The internal audit function must prepare and submit to the board of directors a written report on its activities on a quarterly basis.

Compliance function

15.27

A Finance Company must comply with all applicable laws and regulations, decisions, instructions, directives, circulars, correspondence and policies. To prevent violations, a Finance Company must implement adequate measures and controls.

15.28

A Finance Company must have an independent compliance function that ensures the compliance of the Finance Company with all applicable laws, regulations, decisions, instructions, directives, circulars, correspondence and policies.

15.29

A Finance Company must create the role of a compliance officer, which has a direct reporting line to the board of directors of the Finance Company. The compliance officer must be appointed by the board of directors. The compliance officer must be independent in carrying out his assigned duties and must not be assigned any other responsibilities. The compliance officer must submit a quarterly report on compliance to the board of directors.

15.30

A Finance Company must have a board approved written compliance policy. This compliance policy sets out the powers, obligations and responsibilities of the compliance function, as well as compliance programs and related procedures, including arranging regular anti-money laundering / combating the financing of terrorism training programs for the staff.

15.31

The Finance Company must set adequate internal policies and procedures to combat financial crimes, specifically money laundering and terrorism financing. A Finance Company must report any suspicious transactions, activities or operations to the Financial Intelligence Unit at the Central Bank in a timely manner.

Remuneration and incentives

15.32

The Finance Company must ensure that it has an adequate number of staff who are experienced and qualified to meet the operational needs, business activities and risks of the Finance Company. Staff remuneration and incentives must be fair, in line with the risk management strategy of the Finance Company and not give rise to any potential conflict of interest.

Outsourcing

15.33

A Finance Company must ensure that all Outsourcing agreements include appropriate provisions for the safeguarding of confidential data. These include, but are not limited to, contractual provisions to ensure that a service provider in possession of confidential data may not provide any other party with access to the confidential data without first obtaining the specific authorization of the Finance Company.

15.34

A Finance Company must ensure that it retains ownership of all data provided to a service provider, including but not limited to confidential data and has unfettered access to all data, including the right of return of all data and records for the duration of and at the termination of any Outsourcing agreement.

15.35

Finance Companies must have a process for determining the materiality of outsourced business activities. The process must consider the potential of the outsourced activity, if disrupted, to adversely affect the Finance Company’s operations or ability to manage risks.

15.36

The Outsourcing of Material Business Activities must be approved by the board of directors of the Finance Company, a committee of the board or designated senior officers.

15.37

A Finance Company must apply for and receive a notice of non-objection by the Central Bank prior to entering into an agreement to outsource a Material Business Activity, whether to a related party or third party.

15.38

While all requests for non-objection will be considered on their individual merits, the Central Bank will not permit the Outsourcing to a third party of core activities, key management and control functions of the Finance Company including, at a minimum, the following items:

a.	Senior Management oversight;
b.	Credit management and decisions;
c.	Risk management;
d.	Compliance;
e.	Internal audit; and
f.	Management of the risk taking functions.

15.39

Every agreement governing an outsourced business activity must include an explicit provision giving the Central Bank, or an agent appointed by the Central Bank, access to the service provider. The provision must include the right to conduct on-site visits at the service provider if the Central Bank considers this necessary for supervisory purposes and require the service provider to provide directly to the Central Bank, or an agent appointed by the Central Bank, any data or information required for supervisory purposes, upon request by the Central Bank.

15.40

A Finance Company must not enter into an Outsourcing agreement with a third party or related party that involves the storage of Confidential Data outside of the U.A.E. A Finance Company may, however, enter into an Outsourcing agreement with a third party that involves the storage of Confidential Data in the Free Zones.

15.41

For any outsourced Material Business Activity, the internal audit function of the Finance Company must provide independent assurance similar to that required if the activity was undertaken by the Finance Company.

15.42

The internal audit function must regularly review and report to the board of directors of a Finance Company on compliance with the Outsourcing policies and procedures of the Finance Company.

15.43

For any outsourced Material Business Activity, the compliance function of the Finance Company must review and report to Senior Management or the board of directors of a Finance Company on the observance by the service providers of all applicable compliance policies of the Finance Company.

15.44

An Islamic Finance Company must ensure that its Outsourcing policies and arrangements are consistent with Sharia’a provisions.

15.45

An Islamic Finance Company must ensure that its policies and procedures for the assessment of any proposed Outsourcing arrangement specifically consider operational and reputational risks from failure by the service provider to adhere to Sharia’a provisions.

15.46

A Finance Company must report to the Central Bank on its Outsourcing arrangements in the format and frequency prescribed by the Central Bank.

15.47

A Finance Company must provide upon request any specific information with respect to Outsourcing arrangements that the Central Bank may require.

15.48

A Finance Company must immediately notify the Central Bank when it becomes aware of any material breach of the terms of an outsourcing agreement, or other development with respect to an outsourced business activity, that has, or is likely to have, a significant impact on operations, reputation or the financial condition of the Finance Company or otherwise lead to the disclosure of confidential information.

Article (16) Consumer Protection

16.1	The commercial name of a Finance Company must not include the terms "bank", "investment company", "commercial company" or any other term that might suggest anything outside the scope of the Financing activities outlined in Article 10 of this Regulation.
16.2	A Finance Company must provide its borrowers with sufficient and transparent information, including costs and risks associated with the loan, to enable the borrower to make an informed assessment of the suitability of the loan to their needs and financial circumstances.
16.3	A Finance Company must adhere to the Central Bank’s regulations regarding loans offered to customers. There should be transparency in preparing and publishing all fees, charges and interest rates (or profits) including the method of calculating interest / profit.
16.4	Borrowers should be provided with information setting out the total cost of the loan during the loan period. The borrower must sign each page of the loan documentation and be given a copy signed by both the Finance Company and the borrower.
16.5	A Finance Company must use official documents on all transactions when dealing with its customers.
16.6	A Finance Company must follow Central Bank Regulations pertaining to consumer protection. These Regulations are occasionally updated by the Central Bank

Article (17) Credit Reports

17.1

A Finance Company must strictly adhere to the following credit reporting requirements:

a.	Provide credit information of borrowers to a Credit Information Agency on at least a monthly basis unless otherwise required by the law or the Central Bank; and
b.	Request credit information of borrowers from a Credit Information Agency before extending credit to an individual borrower.

Article (18) Regulatory Reporting and Prior Approval from the Central Bank

Reporting to the Central Bank

18.1

The financial year of the licensed Finance Company must commence on 1st January and end on the 31st of December (except in the year of formation, which commences on the registration of the Finance Company in the commercial registry and ends on the 31st of December of the next year, provided it does not exceed eighteen months).

18.2

A Finance Company must implement all applicable International Accounting Standards/International Financial Reporting Standards and provide the Central Bank with two copies of signed audited financial statements, including external auditor reports, before 31st March every year. The Central Bank will review the financial statements and give its approval for their publication.

18.3

A Finance Company must publish on its website or in a newspaper of broad circulation its audited annual accounts. Such publications must occur prior to 30th April of every year.

18.4

A Finance Company must provide the Central Bank with a list of its board members and their shareholding in the Finance Company annually, as well as an annual list of shareholders with shareholdings of 5% or more.

18.5

A Finance Company must provide the Central Bank with supervisory return forms on a regular basis, as specified by the Central Bank. For the purpose of calculating reporting requirements regarding Aggregate Capital Funds, Finance Companies must ensure that any capital increase has been validated by an external auditor.

18.6

A Finance Company must provide the Central Bank with any statements, information or statistics regarding any specific period required at any time; these should conform to the records of the company. All information shall be considered confidential and treated on that basis.

Prior approval by the Central Bank

18.7

The licensed Finance Company must strictly adhere to the following:

a.	Not to make any changes to its name, legal form or capital without prior written approval from the Central Bank;
b.	Not to merge or consolidate with any other person or entity, without the prior written approval of the Central Bank;
c.	To conduct its business from independent and appropriate premises; relocation is not allowed without prior approval from the Central Bank;
d.	Not to open any branches except after obtaining prior approval from the Central Bank. In this case, consideration shall be given to the financial position of the Finance Company and its past compliance with regulatory requirements where applicable;
e.	Issue all correspondence and documentation in the name of the entity and duly signed by authorized persons;
f.	Make no amendments to its memorandum and articles of association without the approval of the Central Bank;
g.	Obtain prior approval from the Central Bank for the appointment of Senior Management;
h.	Obtain prior approval from the Central Bank before commencing any additional activities apart from those specified in Article 10.1 of this Regulation;
i.	Obtain prior approval from the Central Bank before commencing third party product distribution activities;
j.	Obtain prior non-objection from the Central Bank before contracting with an Agent;
k.	Obtain prior approval from the Central Bank before incorporating any subsidiary; and
l.	Not to incur any encumbrance on any of its assets without prior approval from the Central Bank.

18.8

Any changes in the Finance Company’s shareholdings of 5% or more require prior approval from the Central Bank.

Article (19) External Audit

19.1

A Finance Company must appoint a statutory external auditor acceptable to the Central Bank, maintain proper accounting records and submit statements concerning these records to the Central Bank on the required forms.

19.2

The person nominated as external auditor of a Finance Company should be theoretically and practically familiar with the finance business and should have relevant managerial experience.

19.3

A Finance Company must obtain approval from the Central Bank prior to appointing an external auditor. The Central Bank may require the Finance Company to appoint another auditor if the size and nature of the business of the Finance Company so requires.

19.4

A Finance Company must not provide financing, facilities or open any accounts for its external auditors.

19.5

A Finance Company must rotate their external audit firm at least every 6 years subject to the conduct of a procurement procedure. In addition, a Finance Company must rotate their external audit firm’s partner in charge of the audit every 3 years.

19.6

The Central Bank may require a Finance Company to replace its external auditor or change the partner of its external auditor or may appoint another external auditor at the expense of the Finance Company in the following cases:

a.	If required by the size and nature of its business;
b.	If the external auditor commits a violation of a professional nature;
c.	If there is a reason to believe that the external auditor has a conflict of interest; or
d.	If the integrity of the finance sector or governance considerations and the protection of stakeholders’ interest so requires.

Article (20) On-Site Examination

20.1	The Central Bank shall conduct periodic examinations of the business of the Finance Company to ensure the soundness of the financial position of the Finance Company and the application of the provisions of this Regulation as well as any other laws mentioned in this Regulation and instructions issued by the Central Bank.
20.2	The Central Bank may from time to time conduct examination of the Finance Company and of any branch or subsidiary operating in the U.A.E. or abroad to ensure the soundness of its financial position and compliance with the Articles of this Regulation and/or any other directives prescribed by the Central Bank.
20.3	Whenever the Central Bank has reason to believe that a person is conducting Financing activities without a License, the Central Bank may depute its examiner to check the books of accounts and records of that person in order to ascertain whether or not that person has violated or is violating any Articles of this Regulation.
20.4	For the purpose of an examination by the Central Bank, a Finance Company must provide full access to its accounts, records and documents and must give such information and facilities as may be required to conduct the examination.
20.5	If any accounts, records or documents as required for proper execution of an examination are not produced by the Finance Company, the board of directors and the Senior Management of the Finance Company shall be held responsible by the Central Bank.
20.6	Should the Central Bank's examination reveal that the operations of a Finance Company are unsound, the Central Bank may appoint a qualified person to advise and monitor the Finance Company. The advisor's emoluments shall be paid by the Finance Company.

PART II – Restricted Licence Finance Companies and Agents

Article (21) Licensing

21.1

Any person who intends to operate as a Restricted Licence Finance Company providing Short-Term Credit, must obtain a Licence to do so from the Central Bank.

21.2

An applicant for a License under this Regulation shall apply to the Central Bank in the form prescribed by the Central Bank.

21.3

Any applicant for a License under this Regulation must provide all information and documents required to assess the applicant’s suitability for a License.

21.4

The application and all supporting documents shall be in either Arabic or English. Documents in any other language shall be accompanied by a certified English or Arabic translation. Any financial figures should be presented in UAE Dirham (AED).

21.5

The applicant must disclose, at the time of the application, the sources of funding for its activities/ business and immediately inform the Central Bank of any material changes in its funding arrangements.

21.6

As part of the licensing process, an applicant for a License is required to submit a three (3) year business plan to the Central Bank with clear detail on the business model, lines of activity and governance arrangements.

21.7

The Central Bank may require the applicant to appoint a skilled person(s) to carry out a third party assessment of any aspect of the company’s proposed business model/systems. The findings and reports of the third party assessment will form part of the core licensing information required to be submitted by an applicant to the Central Bank.

21.8

The Central Bank shall communicate its decision considering the merits of the application and:

a.	Grant the License with or without conditions and limitations; or
b.	Reject the application, stating the reasons for rejecting the application.

21.9

A Restricted Licence Finance Company must commence the provision of Short-Term Credit within a maximum of twelve (12) months from the date of notification of approval of the License.

21.10

A Restricted Licence Finance Company which intends to amend, cease or suspend the provision of Short-Term Credit must apply to the Central Bank at least six months in advance, providing the reasons for such a cessation or suspension.

21.11

A Restricted Licence Finance Company must maintain a physical presence in the UAE.

21.12

The legal form of a Restricted Licence Finance Company must be in one of the forms stipulated in the Commercial Companies Law.

21.13

The commercial or trade name of a Restricted Licence Finance Company or Agent must comply with the restrictions of the Central Bank Law. The commercial and trade name shall not include any term that may indicate any activity other than the provision of Short-Term Credit in accordance with this Regulation.

21.14

A Restricted Licence Finance Company must not use the term Finance Company in its commercial or trade name. The trade name may include the term Short-Term Credit.

21.15

A Restricted Licence Finance Company must seek prior approval from the Central Bank for any changes to its name, legal form, memorandum or articles of association.

21.16

A Restricted Licence Finance Company must not engage in any regulated activity for which it is not licensed under the Central Bank Law and/or its Regulations.

21.17

As per Article (70) of the Central Bank Law, the Central Bank shall have the right, at any time, to impose, change or cancel any restriction or condition on any License granted under this Regulation.

21.18

As per Article (71) of the Central Bank Law, the Central Bank may, at any time, suspend, withdraw or revoke any Licence issued under this Regulation.

21.19

The Central Bank may take any action deemed appropriate to ensure the sound functioning of Licensees and/or the financial sector.

21.20

The Central Bank may, at its sole discretion, impose any penalty it deems appropriate on any person found to be carrying on Financing activities, including offering or granting Short-Term Credit, in the UAE, without a License.

Article (22) License Restrictions

22.1	A Restricted Licence Finance Company may only carry on the provisions of Short-Term Credit within the criteria set in Article (24) of this Regulation.
22.2	A Restricted Licence Finance Company’s activities must be funded exclusively through shareholder’s equity, retained earnings and/or debt instruments.
22.3	A Restricted Licence Finance Company is prohibited from accessing funds through Crowdfunding to finance its activities licensed under this Regulation.
22.4	A Restricted Licence Finance Company is prohibited from accepting deposits of any type.

Article (23) Permitted Activities

23.1	The maximum total Short-Term Credit extended to a Borrower by a Restricted Licence Finance Company or Agent, at any given time must not exceed Twenty Thousand Dirham (AED 20,000) or the total of three (3) months’ verified net income of the Borrower, whichever is lower (subject to any restrictions established in relevant UAE laws).
23.2	The maximum credit granted to a Borrower should be based on the results of affordability assessments conducted, given due consideration to the repayment ability, reducing the risk of overindebtedness and ensuring the fair treatment of Borrowers.
23.3	Restricted Licence Finance Companies or Agents must not charge interest on Short-Term Credit.
23.4	The total Fees, including late payment Fees charged on any Short-Term Credit by a Restricted Licence Finance Company or Agent, must not exceed 30% of the original credit amount. Therefore, the maximum recoverable amount from a Borrower on any Short-Term Credit, including where the credit is restructured, rescheduled, rolled-over or where there is any other deviation from the original agreement, must not total more that 130% of the value of the original credit granted to the Borrower. The Central Bank will review this requirement at regular intervals to ensure appropriateness of the maximum percentage and to adjust as needed, in the context of inter alia prevailing market conditions.
23.5	The repayment term of Short-Term Credit offered by a Restricted Licence Finance Company or an Agent must not exceed twelve (12) months from the date of the original agreement to lend, including any form of credit restructuring, rescheduling, roll-over or other form of deviation from the original agreement, affecting both the amount and the original term of the Short-Term Credit.
23.6	Restricted Licence Finance Companies and Agents must honour the original term of the Short-Term Credit and must not demand full payment prior to the end of the term of the credit agreed upon in the Borrower contract.
23.7	Borrowers’ assets, including movable and immovable property, must not be used by Restricted Licence Finance Companies or Agents to secure (whether fully or partially), any Short-Term Credit extended to a Borrower. Implementation of this requirement must be in alignment with Article (121 bis) of the Central Bank Law.

Article (24) Credit Reports

24.1

Restricted Licence Finance Companies and Agents must strictly adhere to the following credit reporting requirements:

a.	Provide credit information of Borrowers to the Credit Information Agency, based on the terms and conditions of the Credit Information Agency; and
b.	Request credit information of Borrowers from the Credit Information Agency, before extending credit to Borrowers in amounts of five thousand Dirham (AED 5,000) or higher.

24.2

The credit information of Borrrowers must not be shared or disclosed to any third party without the Borrower’s express consent to share with the identified party. Restricted Licence Finance Companies and Agents must ensure that they are in full compliance with all applicable legal requirements concerning data protection.

24.3

Access to and review of a Borrower’s Credit Report and other credit information by a Restricted Licence Finance Company or an Agent, including information from a Borrower’s employer must be conducted with the Borrower’s express consent.

24.4

Restricted Licence Finance Companies and Agents must disclose to Borrowers that credit information will be retrieved from (where applicable) and shared with the Credit Information Agency; and explain the implications of borrowing, late payment and default, on the Borrower’s Credit Report.

24.5

A Restricted Licence Finance Company or Agent must review Borrower information to conduct an affordability assessment to verify the Borrower's solvency and ability to repay and document such verification in a credit file. The credit information reviewed must incude the Borrower’s Credt Report in the case of credits granted in amounts of five thousand Dirham (AED 5,000) or more.

24.6

A Restricted Licence Finance Company or Agent must not grant a Short-Term Credit product with a credit limit that is unaffordable for the Borrower based on the results of the affordability assessment.

24.7

A Restricted Licence Finance Company’s or Agent’s review of a Borrower’s Credit Report must be conducted at the initiation of the credit relationship, prior to approving additional credit applications and before increasing the Borrower’s credit limit, if the total credit amount is five thousand Dirham (AED 5,000) or more.

Article (25) Minimum Capital Requirements

25.1

A Restricted Licence Finance Company must maintain a minimum level of capital on an ongoing basis.

25.2

A Restricted Licence Finance Company must hold and maintain the higher of:

a.	Aggregate Capital Funds of Twenty million Dirham (AED 20,000,000); or
b.	Aggregate Capital Funds equivalent to 5 per cent of the outstanding lending volume.

25.3

Aggregate Capital Funds consist of the following items:

a.	Paid-up capital;
b.	Reserves, excluding revaluation reserve; and
c.	Retained earnings.

25.4

The following items must be deducted from Aggregate Capital Funds:

a.	Accumulated losses; and
b.	Goodwill.

25.5

A Restricted Licence Finance Company must obtain prior approval from the Central Bank for any changes to its capital.

25.6

The Central Bank may, at its sole discretion, impose a higher minimum capital requirement on a Restricted Licence Finance Company, taking into consideration, inter alia, its size, the nature and scale of its operations and the volume of transactions.

Article (26) Governance

26.1	Restricted Licence Finance Companies and Agents must develop principles and policies for corporate governance; put in place an approved organisational and governance structure; and implement a Fit and Proper framework.
26.2	A Restricted Licence Finance Company must submit to the Central Bank, its organisational and governance structure; and provide updated copies in the event of significant changes to the structure(s).
26.3	Restricted Licence Finance Companies and Agents must ensure that they institute appropriate risk management frameworks; adequate internal controls; proper segregation of duties within the organisational structure; and that their operations are undertaken within the boundaries of clearly documented and internally audited policies, authorities and procedures.
26.4	Restricted Licence Finance Companies must obtain prior approval from the Central Bank prior to the appointment of any Authorized Individuals.
26.5	All individuals required to be approved as Authorized Individuals of a Restricted Licence Finance Company, including but not limited to members of the board of directors, Senior Management and persons in control functions, must be Fit and Proper and remain so for the duration of their appointment.
26.6	Restricted Licence Finance Companies must obtain approval from the Central Bank prior to any membership changes in its board of directors.
26.7	Restricted Licence Finance Companies and Agents shall have adequate staff who possess the requisite qualifications, competencies and skills to individually and collectively provide the range of skills and experience to manage their affairs in a sound and prudent manner.

Article (27) Risk Management and Internal Controls

27.1	Restricted Licence Finance Companies and Agents must have appropriate, approvcd risk governance frameworks in place that identify all material risks. This includes policies, processes, procedures, systems and controls to identify, measure, evaluate, monitor, report and control or mitigate material sources of risk on a timely basis.
27.2	Restricted Licence Finance Companies and Agents must ensure that they have instituted adequate internal controls, ensured proper segregation of duties within the organisational structure and that their operations are undertaken within the boundaries of clearly documented policies, authorities and procedures
27.3	Restricted Licence Finance Companies’ and Agents’ definition and assessment of material risks must take into account its risk profile, nature, size and complexity of its business and structure.
27.4	Restricted Licence Finance Companies and Agents must have in place mitigating action plans for key material risks and monitor and report on these on an ongoing basis.
27.5	Restricted Licence Finance Companies and Agents must institute adequate internal controls and management procedures in relation to cyber and fraud related risks.
27.6	Restricted Licence Finance Companies and Agents must have adequate resources to undertake proper underwriting of credits and compreshensive credit risk assessments of Borrowers prior to approving a Short-Term Credit.

Article (28) Compliance with Laws and Central Bank Regulations

28.1	Restricted Licence Finance Companies and Agents must institute adequate compliance arrangements to ensure that they remain in full compliance, where applicable, with relevant UAE laws, including the Central Bank Law and the Commercial Companies Law, this Regulation and any other applicable Regulations. Any breaches must be reported to the Central Bank.
28.2	The Central Bank may set additional prudential or other requirements for Restricted Licence Finance Companies and/or Agents. Such requirements may include, but are not limited to, restrictions on the size and scale of activities; requirements for specific governance or management arrangements; and/or capital adequacy requirements.
28.3	Restricted Licence Finance Companies and Agents must comply with the AML Law; and address money laundering and terrorist financing risks through appropriate preventive measures to deter abuse of the sector as a conduit for illicit funds, and detect money laundering and terrorist financing activities and report any suspicious transactions to the Financial Intelligence Unit at the Central Bank.
28.4	Restricted Licence Finance Companies and Agents must be operated prudently and with competence in a manner that will not adversely affect the interests of Borrowers. Restricted Licence Finance Companies and Agents must also comply with all applicable regulatory requirements for consumer protection of the Central Bank, per the CBUAE’s Consumer Protection Regulation (Circular No. 8 – 2020) and related standards which may be updated from time to time.
28.5	Restricted Licence Finance Companies and Agents must ensure that Outsourcing service providers, maintain an appropriate level of information security, risk management, and service delivery; and are in compliance with all relevant UAE laws and Central Bank Regulations applicable to their outsourced services.

Article (29) Transparency and Disclosures

29.1	Restricted Licence Finance Companies and Agents must, where applicable, comply with the requirements related to transparency and disclosures as articulated in the Central Bank’s Consumer Protection Regulation and Standards.
29.2	Restricted Licence Finance Companies and Agents must structure their activities in a clear, transparent format using plain language.
29.3	Advertising by Restricted Licence Finance Companies and Agents, and all information provided, must in all cases, indicate to Borrowers in a clear and conspicuous manner, that products being offered are Short-Term Credit.
29.4	To ensure that Borrowers are able to make an informed assessment of the suitability of the Short-Term Credit to their needs and financial circumstances, Restricted Licence Finance Companies and Agents must provide comprehensive and transparent information on key product features including, but not limited to, the total amount and expiry date of the credit, the process for accessing and repayment of the credit, related Fees, actions in the event of default, and Borrower rights.
29.5	Restricted Licence Finance Companies and Agents must disclose the terms and conditions of their business to Borrowers and articulate these within an enforceable contract; and disclose any subsequent updates to these terms and conditions.
29.6	Restricted Licence Finance Companies and Agents must disclose to Borrowers, the total Fees payable by the Borrower for the Short-Term Credit. The total amount/value of Fees must be disclosed as a total amount/value and as a percentage of the credit value. Restricted Licence Finance Companies and Agents must also provide clear examples of how the Fees will be calculated and applied, particularly as they relate to any late payment Fees.
29.7	Restricted Licence Finance Companies and Agents must advise Borrowers of the consequences of late payment and encourage them to make prompt settlement. Any applicable late payment Fees must be explicitly outlined to Borrowers, and must be reasonable.
29.8	The Borrower must sign the credit documentation and be provided with a copy signed by both the Restricted Licence Finance Company and/or the Agent, and the Borrower.
29.9	Restricted Licence Finance Companies and Agents must clearly disclose the available provisions for hardship assistance to Borrowers who experience financial difficulties, including suitable debt management solutions and the related policy on forbearance.
29.10	Restricted Licence Finance Companies and Agents must develop adequate collection policies and procedures, setting out actions to be taken against Borrowers who fail to make timely payments. The relevant details of these policies and procedures should be clearly communicated to Borrowers. The collections policies and procedures and related controls must meet the requirements of the Central Bank’s Consumer Protection Regulation and Standards.

Article (30) Dispute and Complaints Management

30.1	Restricted Licence Finance Companies and Agents must establish internal complaints handling, dispute handling and grievance redress mechanisms to deal with complaints from Borrowers or other parties in a timely and fair manner; and include the details of these mechanisms in their agreements.

Article (31) Reporting and Record Keeping

31.1

A Restricted Licence Finance Companies must submit reports to the Central Bank in the prescribed form, frequency and timeframe, which are established by the Central Bank from time to time.

31.2

Restricted Licence Finance Companies shall report the following to the Central Bank, at intervals stipulated by the Central Bank:

a.	Financial position;
b.	Description of its products and services;
c.	Description of its Fee structure;
d.	Description of its customer base;
e.	Details of its credit portfolio, including size and demographic allocation;
f.	Portfolio in arrears and defaults;
g.	Description of complaints received and resolution status of these complaints;
h.	All fraud related activity including internal, external and attempted cases of fraud;
i.	Details of vulnerabilities identified in the online systems and security;
j.	Details of contracts/Outsourcing arrangements ; and
k.	Any other information requested by the Central Bank.

31.3

A Restricted Licence Finance Company must immediately notify the Central Bank of any changes in its ownership and/or senior management.

31.4

Restricted Licence Finance Companies and Agents must maintain adequate and accurate books and records at all times in respect of their business, agreements, contracts and accounting records, in line with the relevant legal framework.

31.5

Restricted Licence Finance Companies and Agents must demarcate and segregate their business in respect of Licensed Financial Activities from any other business as it relates to the maintenance of separate accounting and accounts; and segregating files and other information.

31.6

Restricted Licence Finance Companies and Agents must maintain the strictest standards of Borrower data protection and information confidentiality and security, including implementing the necessary systems and controls to ensure such standards are met.

31.7

All documents, records and materials must be made available for inspection by the Central Bank from time to time at the request of the Central Bank and/or during the conduct of assessments, including Central Bank onsite examinations, other third party reviews requested by the Central Bank and/or special audits by an external auditor.

31.8

The records maintained by Restricted Licence Finance Companies and Agents must include:

a.	Historical records of information displayed online (websites / social media / any other media) and any print copies, if applicable, displaying the Restricted Licence Finance Company’s and Agent’s promotional communication, advertisements or online banners and tag lines;
b.	Internal policies, procedures and operating documents;
c.	Corporate and financial records and general ledger and sub-ledgers;
d.	Reports and statements issued to Borrowers and regulators;
e.	Any contracts, agreements, Credit Reports, communications and other documents related to Borrowers;
f.	Records demonstrating that the Restricted Licence Finance Company or Agent has control mechanisms in place to address complaints and grievances;
g.	Records of Borrowers’ complaints and resolution status;
h.	Management information, accounts and communications;
i.	Human resource records;
j.	Information technology architecture and security related documents; and
k.	Any other records stipulated by the Central Bank.

Article (32) Supervision and Examination

32.1	The Central Bank may carry out, or appoint a third party to carry out onsite examinations of a Restricted Licence Finance Company or an Agent, at any time it deems appropriate, to ensure adherence to UAE laws and Central Bank’s Regulations.

PART III – Finance Companies and Restricted Licence Finance Companies

Article (33) Enforcement and Sanctions

33.1	Violation of any provision of this Regulation and any accompanying Standards may be subject to supervisory action and administrative and financial sanctions as deemed appropriate by the Central Bank.
33.2	Supervisory action and administrative and financial sanctions by the Central Bank may include withdrawing, replacing or restricting the powers of senior management or members of the board of directors, providing for the interim management of the Finance Company or the Restricted Licence Finance Company, imposition of fines or barring individuals from the UAE financial sector.

Article (34) Interpretation of Regulation
34.1 The Regulatory Development Department of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.

Article (35) Publication and Application

35.1	This Regulation shall be published in the Official Gazette in both Arabic and English and shall come into effect on the day of its publication.
35.2	From the effective date of the Regulation, any person who is engaged in Financing activities and is not licensed by the Central Bank, must within ninety (90) days, apply to the Central Bank for a License or immediately cease undertaking all Financing activity.

Article (36) Transition Arrangements
36.1 The Central Bank may, at its sole discretion, and on a case by case basis, approve transitional arrangements for License applicants/Licensees to come into full compliance with the Regulation.

Article (37) Cancellation of Previous Regulation
37.1 This Regulation repeals and replaces the following Central Bank Regulation:

a. The Finance Companies Regulation issued via Circular No. 112/2018, dated 24/04/2018.

Representative Offices

The Central Bank Board of Directors’ Resolution No. 57/3/1996

*REGARDING THE REGULATION FOR REPRESENTATIVE OFFICES*
The Chairman of the Board of Directors,
Having perused Union Law No. (10) of 1980, regarding the Central Bank, the monetary system, and organization of the banking profession, particularly Articles 11, 12, 18, 77, 120, 121, 122 and 123,
And Union Decree No. (80) of 1995, regarding the formation of the Board of Directors of the Central Bank,
And the Board of Directors’ resolution, taken in its meeting on 14/4/1996,
The following has been decided:

Article (1) Definitions

1.1	For the purpose of this resolution:
	a)	‘Board of Directors’ shall mean the Board of Directors of the Central Bank.
	b)	‘Governor’ shall mean the Governor of the Central Bank.
	c)	‘Representative Office’ shall mean the Office which represents a foreign bank or any other foreign financial establishments in the country.
	d)	‘Licence’ shall mean the licence issued by the Central Bank, allowing the licensee to conduct the business of representative office.
	e)	‘Licensed Financial Establishment’ shall mean the foreign bank or any other foreign financial establishment licensed to open a representative office in the country.
	f)	‘Relevant Authority’ shall mean the monetary or supervisory authority in the country where the applicant is incorporated, or in the country in which the applicant maintains a Head Office to conduct the business.
	g)	‘Applicant’ shall mean the Head Office of the foreign bank or any other foreign financial institution which wishes to open a representative office in the country.
1.2	The terminology mentioned in Union Law No. (10) of 1980 shall carry the same meanings referred to in that Law, whenever used in this resolution.

Article (2) Obtaining a Licence - An Imperative

2.1	No person is allowed to conduct the business of representative offices mentioned in Article (6) of this resolution, unless licensed to do so in writing by the Governor in accordance with a decision from the Board of Directors.
2.2	If the Central Bank finds out that a person is conducting the business of a representative office without a valid licence, the Central Bank may investigate the matter in the appropriate means and take the necessary legal action.

Article (3) Conditions for Obtaining a Licence

3.1	No licence shall be granted unless the following conditions are met by the applicant:
	a)	The applicant should be a bank or another financial establishment incorporated outside the country, and authorized by the relevant authority and is directly subject to the supervision and examination of that authority in the country of origin and/or the head office as per the laws of that country; the licence should as well be a valid one.
	b)	The applicant should have completed a period of no less than ten (10) continuous years of conducting the business in the country of origin or the head office. This period cannot be reduced without a decision by the Board of Directors.
	c)	The bank applicant’s paid-up capital and reserves should not be less than AED 183.7 Mn. The Board of Directors shall decide on the capital of any other financial establishment in view of the size of its business and the kind of its activity.
	d)	The relevant authority, to whose supervision the applicant is subject to, should exercise the required control on the banking and/or financial system in the country of incorporation of the applicant. Furthermore, this authority should issue an approval or no-objection letter to opening a representative office in the country. However, in cases where the relevant authority does not issue such letter, it should state this clearly in its official documents, or confirm it in writing.
	e)	The applicant should undertake to fully comply with the relevant provisions of laws, regulations and instructions issued in the country, particularly those issued by the Central Bank. The applicant should also undertake to submit the records and documents of the representative to the Central Bank for examination. The applicant should conduct his business as per the licence granted to him and in a proper manner.
	f)	The person assigned to manage the representative office should be characterized by good conduct and behaviour. He should as well be properly qualified, theoretically and practically, in the areas of banking and financial business, as determined by the Central Bank.
3.2	In deciding on granting or denying the licence, the Central Bank shall take into consideration any matters related to the financial position of any other company within the group of the applicant.

Article (4) Submitting a Licence Application

4.1	Foreign banks or other foreign financial establishments, wishing to obtain a licence to open a representative office in the country, should submit an application to the Central Bank, using the form prepared by the Central Bank from time to time.
4.2	The applicant should attach the following documents:
	a)	The Articles and Memorandum of Association which identify the nature and scope of business to be conducted;
	b)	The names of principal shareholders and ownership percentage of each;
	c)	A statement identifying the kind of business intended to be conducted through the potential office, as well as the purposes to be achieved by that office;
	d)	Name and address of the relevant monetary or supervisory authority to whom the applicant is subject to.
	e)	A copy of the audited annual accounts for the last 3 years.
	f)	A list of the names of any other companies or establishments owned by the applicant, or in which he is a principal shareholder identifying the percentage of his ownership.
4.3	The Central Bank reserves the right to request any other additional information, statements or documents deemed necessary for the purposes of deciding on an application.

Article (5) Notification of Approval or Denial

The Central Bank shall notify the applicant in writing of its approval or denial of an application during a period not exceeding 6 months from the date of fulfilling the licence requirements as per the provisions of this resolution.

Article (6) Representative Office Activities

The representative office is allowed to engage in the following activities:
a)	Representing the licensed financial establishment in conducting business inside the country, including contacts with relevant parties as well as promoting its services in the local market.
b)	Providing its Head Office with information regarding the economic developments in the country.
c)	Providing its customers with information regarding the local market.
d)	Providing information to any local party which intends to develop its activities in countries where the licensed financial establishment operates.
e)	Providing customers with banking, financial and investment consultation services.

Article (7) Prohibitions

A representative office operating in the country is prohibited from conducting any business activities other than those mentioned in Article (6) above, particularly the following:
a)	Accepting deposits in any form whatsoever;
b)	Opening accounts of any kind to clients;
c)	Extending loans or advances to any party whatsoever;
d)	Performing and/or participating in any other normal banking operations, such as issuing Letters of Guarantee, opening Letters of Credit, etc.
e)	Dealing in foreign currencies, securities and metals.

Article (8) Dealing with Resident Banks
The representative office may open accounts in its name with banks operating in the country. Such accounts, however, should be used solely for the payment of its administrative expenses.

Article (9) Continuous Commitments

The licensed financial establishment must strictly adhere to the following:
a)	Indicating clearly the expression ‘representative office’, alongside the commercial name under which it conducts its business in the country of origin or the Head Office, in its address as well as in all advertisements and official papers used by the office.
b)	Managing its business by persons against whom the Central Bank has no objection.
c)	Conducting the business activities mentioned in Article (6) above at independent and appropriate premises, approved by the Central Bank, and refraining from conducting any other business of any kind at the same premises; relocation of premises or its closure is not allowed without prior approval from the Central Bank.
e)	Not merging, unifying or consolidating with any other financial establishment or other entity in the country without prior approval from the Central Bank.
f)	Notifying the Central Bank immediately of any principal changes related to the status of the licensed financial establishment.
g)	Providing the Central Bank with any statements, information or statistics it may request at any time and for any period.
h)	Obtaining the relevant licenses from the concerned local authorities before commencing its business. This should be done within (6) months from the date of issuance of the licence from the Central Bank as per the provisions of this resolution.
i)	The licence of the local authorities should be restricted to conducting the business of representative offices only; the representative office should provide the Central Bank with copies of the licence as soon as it is received from the concerned authorities.
j)	Complying with all prevailing laws in the country, including civil laws, commercial companies’ law and criminal laws. It should as well comply with the ethical standards which governs its business as per the provisions of this resolution.

Article (10) Name of Representative Office

10.1	The Central Bank shall have the right to object to the name under which the licensed representative office operates, if the licensed financial establishment underwent fundamental changes in its Articles of Association and in the nature of its business; the Central Bank may as well object to the name as a result of new information indicating that the used name is causing ambiguity, misguidance or confusion among the public. In this event, the Central Bank shall have the right to notify the concerned financial establishment in writing of its disapproval of the name that the said establishment uses.
10.2	Any licensed financial establishment operating in the country is prohibited from using a name that has been objected to by the Central Bank to conduct its business in the country.
10.3	The commercial name mentioned in the licence under which the representative office of a licensed financial establishment operates cannot be changed without the prior approval, in writing, of the Central Bank.

Article (11) Suspension of Licence

Every financial establishment operating in the country and which intends to suspend its operation should notify the Central Bank beforehand. Such notification should be no less than 2 months in advance; the Central Bank may approve to reduce the notification period.

Article (12) Scope of Licence

12.1	The licence issued by the Central Bank shall be valid for 2 years from the date of its issuance.
12.2	The licence shall include the terms deemed necessary by the Central Bank for the operation of the business.

Article (13) Canceling, Restricting or Changing a Licence

13.1	The Central Bank, through a decision of its Board, may at any time cancel, restrict, change or withdraw any imposed terms, after receiving the comments of the concerned financial establishment with regard to the reasons for cancellation, restriction, alteration, withdrawal or imposition.
13.2	The granted licence of the representative office may be canceled due to a request by the licensed financial establishment, after fulfilling the conditions specified by the Central Bank for this purpose.
13.3	The Central Bank, through a decision by its Board, may cancel a licence in the following cases:
	a)	If the Central Bank finds any violation in any of the continuous obligations mentioned in Article (9) above, or in any of the terms of the licence.
	b)	If the licensed financial establishment violates the provision of this resolution, or the provisions of Union Law No. (10) of 1980, or any other instructions or circulars issued by the Central Bank; or if the licence terms are not met or are found difficult to be met.
	c)	If the Central Bank is provided with false, misleading or inaccurate information by or on behalf of the licensed financial establishment.
	d)	If a bankruptcy order or a sentence to declare bankruptcy against the licensed financial establishment is issued; or if the interest of its current or potential clients is liable to risk.
	e)	If an order of liquidation is issued by the concerned judicial authority in the country of origin against the licensed financial establishment or any of its principal owners; or if a court receiver, supervisor or any other similar officer is appointed on its business in that country.
	f)	If the representative office does not commence to operate its business within one year of date of issuance of licence, unless such period is extended through a decision by the Board of Directors.
	g)	If the representative office suspends its operations for 3 consecutive months.
	h)	If the relevant authority or concerned local authorities withdraw the licences granted by these authorities to the licensed financial establishment.
13.4	In the event of canceling the licence, it shall be withdrawn through a decision/written request. Such decision shall be published in a circulating daily newspaper, and necessary action shall be taken to enforce the decision.

Article (14) Supervision

The Central Bank shall have the right to examine the activities of the representative office whenever deemed necessary to ensure the soundness of the application of the provisions of this resolution.

Article (15) Amendments
The Board of Directors has the right to make any amendments, deemed necessary, to the provisions of this resolution from time to time.

Article (16) Scope of Application and Expiry Date

16.1	This resolution shall apply to all representative offices operating in the country and licensed as per this resolution; or those offices licensed in accordance with the Board of Directors’ decision No. 97/4/1987 issued on 15/12/1987, on condition that they adjust their status to the provisions of this resolution with a maximum period of 6 months from the date of its enforcement.
16.2	Representative offices which obtained their licences before the issuance of this resolution are exempted form the provisions of Article 3 (c) above regarding paid-up capital and reserves.
16.3	The Board’s resolution No. 97/4/1987 shall hereby be canceled, and replaced by this resolution which comes into effect from the date of its issuance.

Article (17) Interpretation of Resolution
The Governor is the sole interpreter of the provisions of this resolution, and His interpretation shall be final.

Article (18) Publication of Resolution

The contents of this resolution shall be notified to the concerned authorities to ensure the application of its provisions, and shall be published, in both Arabic and English, in the Official Gazette.
Mohamed Eid Al Meraikhi
Chairman
Issued in Abu Dhabi on 14/4/1996

Crowdfunding
LOAN-BASED CROWDFUNDING ACTIVITIES REGULATION

Stored-Value Facilities
Stored Value Facilities (SVF) Regulation

Retail Payment Systems
Retail Payment Systems Regulation

Large Value Payment Systems
Large Value Payment Systems Regulation

Payment Services
Retail Payment Services and Card Schemes Regulation

Sandbox

Sandbox Conditions Regulation
C 6/2023 Effective from 15/4/2024

1. Introduction

1-1	One of the Central Bank’s objectives, as mandated by the Central Bank Law is to organise Licensed Financial Activities, establish the foundations for carrying them on, and determine the standards required for developing and promoting prudential practices in accordance with the provisions of the Central Bank Law.
1-2	A regulatory sandbox is a supervisory tool which enables its Participants to test innovative business models, products and services in relation to financial services within a defined space and duration and subject to appropriate regulatory oversight and supervision, to ensure the best outcomes for all stakeholders (the “Regulatory Sandbox”).
1-3	The Sandbox Conditions Regulation lays down the Conditions established by the Central Bank for exempting from the requirement to obtain a Licence all persons who wish to test innovative business models, products and services in relation to Licensed Financial Activities. Such testing will be conducted within a defined space and duration and is subject to appropriate supervision by the Central Bank throughout the testing period, to ensure the best outcomes for all stakeholders. The purpose of these Conditions is to enable a Participant to understand how best to structure its business in a regulatory compliant manner, whilst also enabling the Central Bank to understand the impact of such Participant’s activities on the pursuance of the Central Bank’s objectives, via exercising supervisory tools such as monitoring and oversight.
1-4	The performance of Licensed Financial Activities requires a person to apply to the Central Bank for a Licence to operate as a Licensed Financial Institution. The Conditions provide an alternative route to undertake Licenced Financial Activities on a time-limited basis and subject to the requirements specified herein and any other requirements established by the Central Bank. The Central Bank relies upon its powers in Article (64)(4) of the Central Bank Law to exempt certain activities and practices from the requirement to seek a Licence to carry on or promote Licensed Financial Activities.
1-5	The Conditions are issued pursuant to the powers vested in the Central Bank according to Article (67) of the Central Bank Law.
1-6	In order to ensure appropriate regulation and supervision, the Central Bank will mandate that any successful Applicant to the Regulatory Sandbox meets minimum eligibility criteria and complies with ongoing regulatory and supervisory obligations, and any additional criteria and obligations, as the Central Bank determines, in its sole discretion. Throughout the duration of their participation in the Regulatory Sandbox, Participants will be required to engage with the Central Bank via an assigned case supervisor. This will enable both Participants and the Central Bank to understand the key areas of regulatory impact on the proposed business. At, or towards the end of the duration of the Regulatory Sandbox, Participants will either be subject to a streamlined procedure to obtain a Licence, with assistance from the Central Bank to determine the required enhancements, if any, to their governance, structure, operations, systems and controls, amongst other things; or otherwise be asked to cease all or part of their business depending on the Central Bank’s determination of the business’s impact on the Central Bank’s objectives. Notwithstanding the foregoing, the Central Bank may require any Participant to cease all or part of its business in the Regulatory Sandbox, at any point during its participation in the Regulatory Sandbox.

2. Objective

2-1	The Central Bank aims to create an environment that fosters innovation within a suitable regulatory and supervisory framework, in the development of Licensed Financial Activities. On this basis, the Central Bank aims to apply appropriate regulatory standards for entities conducting Licensed Financial Activities, to protect Consumers of such entities, amongst other objectives. To achieve this objective, the Central Bank will implement channels of engagement with Participants.
2-2	The Regulatory Sandbox acts as an environment that attracts innovators to test innovative products, services, solutions and business models in a controlled space. This is achieved by adopting an approach of ensuring that regulatory requirements are applied to such Participants in a proportionate manner, while at the same time, ensuring that appropriate Consumer protection safeguards are in place.
2-3	The Central Bank envisages that Applicants may include operators (including start-ups and established businesses) and technology businesses that are looking to deliver innovation in the financial services sector.
2-4	The Conditions provide clarity on the criteria for entry into, and rules for participation within the Regulatory Sandbox. The Regulatory Sandbox is intended for entities offering innovative products, services, or solutions which are regulated under the Central Bank’s regulatory regime.

3. Definitions

3-1	For the purposes of this Regulation, words and expressions shall have the usual meaning assigned to them, unless the context otherwise requires, as mentioned below and/or it is defined in other laws and Regulations:
3-2	Applicant: the person making an application to enter the Regulatory Sandbox in accordance with the terms of the Conditions.
3-3	Banks: any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily carry on the activity of taking deposits, and any other Licensed Financial Activities.
3-4	Board of Directors: the Board of Directors of the Central Bank.
3-5	Central Bank: the Central Bank of the United Arab Emirates.
3-6	Central Bank Law: the Decretal Federal Law No. 14 of 2018 Regarding the Central Bank & Organisation of Financial Institutions and Activities, as amended.
3-7	Conditions: the Sandbox Conditions Regulation issued by the Central Bank.
3-8	Consumer: a customer, being any natural person or juridical person who obtains or may prospectively obtain services by Participants, with or without charge, to satisfy his/her personal need or others’ needs.
3-9	Consumer Protection Regulation: the Consumer Protection Regulation issued by the Central Bank under Circular No. 8/2020, as amended.
3-10	Exemption Right: the right of the Board of Directors to exempt any activities or practices, or exempt natural or juridical persons, either generally or in particular from the prohibition to carry on or promote Licensed Financial Activities.
3-11	Licence: authorisation issued by the Central Bank to conduct Licensed Financial Activities.
3-12	Licensed Financial Activities: the financial activities subject to Central Bank licensing and supervision, which are specified in Article (65) of the Central Bank Law.
3-13	Licensed Financial Institution: Banks and Other Financial Institutions licensed in accordance with the provisions of the Central Bank Law, to carry on a Licensed Financial Activity or more, including those which carry on the whole or a part of their business in compliance with the provisions of Islamic Shari’ah, and are either incorporated inside the State or in other jurisdictions, or have branches, subsidiaries or Representative Offices inside the State.
3-14	Other Financial Institutions: any juridical person, other than Banks, licensed, in accordance with the provisions of the Central Bank Law, to carry on a financial activity or more, of the Licensed Financial Activities.
3-15	Participant: a person whose application to enter the Regulatory Sandbox has been accepted in full by the Central Bank.
3-16	Regulations: any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
3-17	The State: The United Arab Emirates.

4. Overview

4-1	These Conditions set out the criteria and requirements concerning:
		(a)	eligibility, including the scope of permitted activities for entry into the Regulatory Sandbox, which should be met on a continuous basis throughout the duration of participation in the Regulatory Sandbox;
		(b)	the application process for entry into the Regulatory Sandbox;
		(c)	the minimum safeguards that Participants should satisfy whilst in the Regulatory Sandbox, which may be augmented by the Central Bank on a case-by-case basis; and
		(d)	the exit routes and requirements on exit from the Regulatory Sandbox.
4-2	These Conditions clarify the role and powers of the Central Bank in relation to Participants in the Regulatory Sandbox.

5. Regulatory Sandbox Framework

5-1	The Regulatory Sandbox is intended for any persons wishing to conduct testing of their business, products or services which constitute Licensed Financial Activities. The Regulatory Sandbox will not be available for Applicants wishing to conduct the following:
		(a)	taking deposits of all types;
		(b)	carrying out insurance activities in the State; and
		(c)	acting as principal in financial products that affect the financial position of the person, including but not limited to foreign exchange, financial derivatives, bonds and sukuk, equities, commodities, and any other financial products, as determined by the Central Bank.
5-2	Licensed Financial Institutions will not be permitted to participate in the Regulatory Sandbox, and any innovative testing falling outside of such entities’ authorised business activities must be discussed with the Central Bank prior to market deployment.
5-3	The Central Bank will work with the Applicant to evaluate the innovative products, services, solutions or business models to identify legal and regulatory obligations, which will be applied throughout the duration when the Participant is in the Regulatory Sandbox. This will be done on a case-by-case basis. The Central Bank reserves the right to impose restrictions on any Regulatory Sandbox Participant’s activities, or impose additional regulatory compliance obligations, at any time during the Participant’s operation within the Regulatory Sandbox.
5-4	In addition to the Conditions, the Central Bank will exercise the full range of its supervisory powers under the Central Bank Law on all Regulatory Sandbox Participants.
5-5	The Central Bank’s decision to apply additional regulatory compliance obligations will take into account the:
		(a)	Participant’s compliance with the requirements set in the ’Safeguards’ section of these Conditions;
		(b)	Participant’s demonstrated ability to identify and assess potential risks and define applicable mitigations; and
		(c)	Participant meeting the defined eligibility criteria on an ongoing basis.

6. Target Applicant(s)

6-1	The following persons are potential Applicants to the Regulatory Sandbox, provided in each case that they serve the UAE financial services market and/or are citizens of the UAE:
		(a)	UAE based start-ups or established UAE based companies in any sector, whether or not they are currently regulated by a regulatory authority different from the Central Bank; or
		(b)	financial free zone companies without prejudice to the applicable legal framework.

7. Eligibility Criteria

7-1	Applicants shall meet the following defined eligibility criteria:
		(a)	The product, service, solution, or business model shall demonstrate the following:
				(i)	it shall relate to financial products and/or services that either may impact on the Central Bank’s objectives or otherwise may be a Licensed Financial Activity;
				(ii)	be innovative, in terms of the technology used in the product, service, solution or business model, or it utilises existing technology in an innovative way;
				(iii)	benefit for Consumers and/or the financial services industry (such as promoting growth, improving efficiency, mitigating risk, providing more options, encouraging social development, etc.);
				(iv)	exhibit a genuine need for testing within the Regulatory Sandbox; and
				(v)	an intention by the Participant to deploy the proposed financial service in the UAE on a broader scale after exiting the Regulatory Sandbox, subject to complying with all regulatory requirements.
		(b)	The Applicant shall demonstrate that it complies with, and will continue to comply on an on-going basis with, the following:
				(i)	appropriate financial soundness requirements as determined by the Central Bank;
				(ii)	readiness to test the innovation in the live market with real Consumers;
				(iii)	willingness for market wide deployment of the innovation, post testing;
				(iv)	possess relevant technical, technological and business knowledge and experience;
				(v)	have a bank account in a UAE based Bank, if required by the Central Bank depending on the nature of the product, service, or solution being tested;
				(vi)	its owners, directors, senior officers and any other key person, as determined by the Central Bank, meet such ‘Fit and Proper’ requirements as determined by the Central Bank relating to integrity, competence, financial solvency and legal capacity; and
				(vii)	written consent must be obtained from the Consumer that states that the Consumer:(i) clearly understands the risks; (ii) has explicitly agreed to participate in the experiment; and (iii) acknowledges that they will not be subject to the Consumer Protection Regulation. The Applicant shall disclose all risks to the Consumer in a clear, fair and not misleading format prior to the Consumer providing its written consent under this paragraph. The risk disclosure shall reference the possible financial risks and all other potential risks that a Consumer could face and shall provide a summary of the regulatory protections the Consumer agrees to forego under the Consumer Protection Regulation.
		(c)	The Applicant must provide the Central Bank with a written commitment to fully comply with these Conditions and other Central Bank requirements on an ongoing basis.
7-2	The following information shall also be provided with the application:
		(a)	defined test scenarios and expected outcomes of the proposed Regulatory Sandbox experiment;
		(b)	a comprehensive operational readiness and testing plan that identifies key milestones, a timeline, and likelihood of achieving target outcomes;
		(c)	defined exit strategy for discontinuation of the product, service, or solution and defined transition strategy for market wide launch of the product, service, or solution;
		(d)	a structured plan for regular reporting that includes a concise and comprehensive format which shall clearly outline the essential metrics and parameters to be utilised, as well as the methodology for analysing such parameters during the testing process;
		(e)	defined client acquisition and communication strategy;
		(f)	a robust wind-down plan;
		(g)	distinctly identified and assessed potential risks for Consumers and the financial market along with appropriate mitigation strategies; and
		(h)	the content of clear disclosures on testing objective(s), expectation(s), compensation and potential risks applicable to all Consumers participating in the Regulatory Sandbox.

8. Application Process

8-1	The application process is comprised of three distinct stages:
		(a)	Preliminary stage;
		(b)	Evaluation stage; and
		(c)	Decision stage.
8-2	Applicants that are satisfied they can meet the eligibility criteria must submit their application to the Central Bank’s Regulatory Sandbox team via online channels provided by the Central Bank. Applications must address each of the criteria in 7 and include the information requested in the application form made available to Applicants by the Central Bank. Admission to the Regulatory Sandbox is solely at the discretion of the Central Bank and is on a case by case basis.
8-3	Preliminary stage: the Central Bank will review the application once received and will endeavour to inform the Applicant of its potential suitability for entry to the Regulatory Sandbox within fifteen (15) working days after the Central Bank receives a complete set of information necessary for the assessment. The notification of potential suitability will not constitute approval of the Applicant’s entry into the Regulatory Sandbox.
8-4	Evaluation stage: the Central Bank will engage with the Applicant to determine whether any adjustments should be made to the Applicant’s application. This may also include the Central Bank determining the extent of safeguards that the Applicant must comply with, for which the Applicant must demonstrate how it will comply. The Applicant will then be invited to resubmit their application, as required. The evaluation stage will last no more than twenty-one (21) working days.
8-5	Decision stage: following completion of the evaluation stage, the Central Bank will have a further fifteen (15) working days following resubmission of the application to make a final decision on whether to approve the Applicant for entry into the Regulatory Sandbox. Where the Applicant is informed that its application has been rejected, the Central Bank will provide reasons. A rejected Applicant may reapply within six (6) months provided they have addressed the original reasons for the rejection.
8-6	An Applicant who is approved must notify its Consumers that the financial services or products it is providing are part of the Central Bank’s Regulatory Sandbox.
8-7	Where a Participant intends to make any change(s) relating to any information provided in its application, it must notify and request approval from the Central Bank at least one (1) month before it intends to make such changes along with a copy of the reasons for making such change(s) and the proposed date from which the change(s) will take place (such date to be at least one month after notification to the Central Bank). The Central Bank will review the proposed change and provide its decision within fourteen (14) working days of the date on which the Participant notifies the Central Bank of the proposed change. The Participant may continue operating within its existing approval during such period whilst the Central Bank makes its determination on the proposed change. The Central Bank may request additional information and documentary evidence that supports the requested change.
8-8	For the purpose of transparency and provision of information to Consumers, relevant information of all approved Regulatory Sandbox applications such as the name of the Participant, and the start and expiry date of the testing (to the extent determined by the Central Bank), shall be published on the Central Bank’s website.

9. Safeguards

9-1	As defined by the Central Bank, the fundamental safeguards to mitigate the inherent risks in innovative financial technologies focus on two key areas: Consumer protection and protection of the financial system.
9-2	The Participant shall have the following minimum safeguards in place:
		(a)	adequate Consumer complaint(s), compensation and dispute resolution mechanisms communicated to the participating Consumer(s);
		(b)	Consumers’ funds and / or assets shall be segregated from the Participant’s funds and entrusted to banks licensed by the Central Bank through an escrow account arrangement;
		(c)	adequate data handling, management and protection mechanism;
		(d)	restrictions on the Consumers that may be served, including the obtaining of express and informed, written Consumer consent as described in 7.1(b)(vii) for any Consumers that are served;
		(e)	ensuring the on-going fitness and propriety of any individuals connected to the Participant identified in 7.1(b)(vi) and
		(f)	necessary measures to prevent money laundering and to counter the financing of terrorism in accordance with all applicable anti-money laundering and counter-terrorist financing legislation and regulations.
9-3	The Central Bank shall review the Participant’s ongoing compliance with these safeguards and any other safeguards it requests of the Participant, both on an ad hoc basis and as part of the reporting obligations agreed with the Participant in 12.

10. Exit Routes

10-1	Participation in the Regulatory Sandbox can terminate in two possible scenarios: expiry of the testing period or discontinuation of testing.
10-2	Expiry of the testing period: the Participant shall submit a report to the Central Bank prior to expiry of the testing period. The contents of the report and the timing for submission of the report will be directed by the Central Bank to the Participant. The Participant will have to ensure that the timing of the report submission will not interfere with its activities while it is in the Regulatory Sandbox. The Central Bank will review the report to evaluate whether the Participant can apply to the Central Bank for a Licence for market wide deployment of its product, service or solution. The Central Bank may expedite the Participant’s request to obtain a Licence subject to the Participant, at a minimum, adhering to the following:
		(a)	comply with all the relevant legal, regulatory and supervisory requirements;
		(b)	fulfil all its obligations to its Consumers; and
		(c)	have a defined transition strategy for market wide deployment.
10-3	In the event that the Central Bank does not deem that the Participant is able to apply for a Licence, the Participant shall cease the activity that formed the basis of its Regulatory Sandbox application and must comply with 10.6.
10-4	Discontinuation of testing: the testing can be discontinued either during the testing phase or after its completion, when one of the following are met:
		(a)	the testing has not achieved its intended purpose, based on, amongst other things, the defined test scenarios, outcomes, and schedules;
		(b)	the risks of the proposed innovative product or service outweighs the benefits, and these risks cannot be mitigated during the testing phase;
		(c)	there is an incidence of breach of any of the requirements imposed by the Central Bank;
		(d)	the Participant decides to exit the Regulatory Sandbox at its own discretion; or
		(e)	the testing period lapses.
10-5	In all circumstances, the Central Bank can require the Participant to cease providing its services and discontinue its business immediately. The Central Bank will discuss the wind-down mechanics with the Participants.
10-6	The Participant must execute the defined exit strategy upon discontinuation of its participation in the Regulatory Sandbox. This includes, but is not limited to, informing the testing termination to Consumers, fulfilling all its obligations to Consumers (e.g., compensation), reporting to the Central Bank on the implementation of the exit strategy (at such intervals and in such manner agreed with the Central Bank), and securely disposing of Consumer information in accordance with the regulatory requirements.

11. Regulatory Sandbox Duration

11-2	The Regulatory Sandbox testing period may run between six (6) to twelve (12) months. This will facilitate adequate insight for the Central Bank with regard to the innovation and its impact on Consumers and the financial market and enable both the Central Bank and the Participant to understand the viability of the innovation.
11-2	Any extension of the testing period shall be determined only on a case-by-case basis. A Participant must submit a request to the Central Bank with the rationale for an extension no later than thirty (30) calendar days before the expiry of the testing period.

12. Testing and Reporting

12-1	The Participant(s) shall periodically report the testing information. This requires the Participant(s) to document information during the Regulatory Sandbox testing phase and maintain detailed records to support regular reviews by the Central Bank.
12-2	The Participant’s chief executive officer or equivalent shall validate all reports produced by the Participant during the testing period.
12-3	The Central Bank will assist and agree with the Participant in defining the frequency and specific details of the interim reports based on the duration, complexity, scale, and risks associated with the test.
12-4	During the testing phase, the Participant shall submit interim reports to the Central Bank on the testing progress. This may include information such as, but not limited to:
		(a)	performance indicators, milestones, other statistics;
		(b)	key issues (e.g. fraud) or operational incident reports;
		(c)	compliance with regulatory safeguards implemented; and
		(d)	actions taken to address key issues.
12-5	During the testing stage, a representative from the Licensing team at the Central Bank will participate as a stakeholder in meetings between the Regulatory Sandbox team and the Participant's team. The Licensing team will also receive all periodic reports submitted by the Participant. The Licensing team’s responsibility will be to assist the Participant in comprehending the general licensing requirements and ensuring that they initiate preparations for their licensing application in a well-organized and timely manner, once agreed. Once the Central Bank issues the specific regulatory requirements, the Participant may proceed to complete their full licensing application. The Central Bank may introduce or revise additional criteria on a case-by-case basis.
12-6	On completion of testing activity, the Participant shall submit a report to the Central Bank in accordance with 10.2.

13. Financial Implications
13-1
Participation in the Regulatory Sandbox is not subject to any regulatory fees.

14. Supervision and Examination
14-1
The Central Bank reserves the right to examine the activities of the Participant at any time to ensure adherence to the law and the Conditions set out in this Regulation.

15. Enforcement and Sanctions
15-1
Violation of any provision of the Conditions set out in this Regulation may subject the Participant to supervisory or other action as deemed appropriate by the Central Bank.

16. Interpretation
16-1
The Regulatory Development Department of the Central Bank shall be the reference for interpretation of these Conditions.

17. Publication and Application
17-1
The Conditions shall be published in the Official Gazette and shall come into effect on the date of publication.

Khaled Mohamed Balama
Governor of the Central Bank of the UAE

Details of Counterfeit Notes & Amount Involved
1	Currency Type	a) AED - Amount ……………………… b) Foreign Currency - Currency name ………….. Amount ……………..
2	Denomination

Version 2 (consolidated as of 05/12/2021)
Version 1 (effective from 03/01/2014)

First Name:	Middle Name:
Family Name:	Alias:
Gender:

Other Regulated Entities

Exchange Houses

Regulations Re Licensing and Monitoring of Exchange Business

Introduction

Objective

Article (1): Definitions

Article (2): Licensing is Compulsory

Article (3): Application for Licence

Article (4): Conditions for Granting of Licence

Article (5): Notice of Granting or Refusing an Application

Article (6): Scope of Licence

Article (7): Revocation, Restriction and Variation of Licence

Article (8): Appointment of an Audit Firm and Publication of the Entity's Audited Accounts

Article (9): Continuing Obligations

Article (10): Supervision and Examination

Article (11): Amendments

Article (12): Application of Regulations

Article (13): Interpretation of Regulations

Article (14): Publication and Effective Date

Additional Provisions

The Standards for the Regulations Regarding Licensing and Monitoring of Exchange Business

Preface

A. Licensing and Continuing Obligations Standards

Chapter 1: Scope of the License and Exchange Business

Introduction

1.1 License to carry out Exchange Business

1.2 Scope of Exchange Business (Permitted Activities of Exchange Business)

Chapter 2: Legal Forms, Capital and Bank Guarantee Requirements

Introduction

2.1 Permitted Legal Forms

2.2 License Categories

2.3 Minimum Paid-up Capital

2.4 Bank Guarantee

2.5 Permitted Shareholding (i.e. Ownership) Structure

2.6 Status of Existing Licensed Persons

2.7 Opening of Additional Branches

Chapter 3: Licensing

Introduction

3.1 Application Process and Documentary Requirements for a License

3.2 Approval Process and Timelines

3.3 Rejecting an Application

3.4 Validity of a License

3.5 Maintain the License

3.6 Revocation or Suspension of License

3.7 Opening of New Branches

3.8 Re-location of Licensed Premises

3.9 Temporary Closure of Licensed Premises

Chapter 4: Continuing Obligations

Introduction

4.1 Total Assets to Paid-up Capital Ratio [Article 9.1 (a) of the Regulations]

4.2 Manager in Charge [Article 9.1 (b) of the Regulations]

4.3 Alterations [Article 9.1 (c) of the Regulations]

4.4 Merger, Amalgamation and Joint Venture Arrangements [Article 9.1 (d) of the Regulations]

4.5 Licensed Premises and Products [Article 9.1 (e) of the Regulations]

4.6 Trade Name [Article 9.1 (f) of the Regulations]

4.7 Official Receipts [Article 9.1 (h) of the Regulations]

4.8 Display of Rates [Article 9.1 (h) of the Regulations]

4.9 SMS Notification [Article 9.1 (j) of the Regulations]

4.10 Encumbered Assets [Article 9.1 (k) of the Regulations]

4.11 Profit Distribution [Article 9.1 (l) of the Regulations]

4.12 Borrowing, Lending or Maintaining Current Accounts [Article 9.1 (m) of the Regulations]

4.13 Remittances Intermediate Account [Articles 9.1 (n) and (o) of the Regulations]

4.14 Renewal of License [Article 9.1 (r) of the Regulations]

4.15 Display of Licenses and List of Permitted Activities

4.16 Display of Working Hours

4.17 Banknotes Import and Export from/to Foreign Institutions

4.18 Liquidity of the Business

4.19 Equity and Minimum Paid-up Capital Requirements

4.20 Authorized Signatories

4.21 Reporting to the Central Bank

4.22 Business Plans and Budgets

4.23 UAE National Employment Programs or Emiratisation

4.24 Opening of Subsidiaries and Offices

4.25 Investigations and Litigation

4.26 Compliance with Laws and Regulations

4.27 Responses to the ‘Search’ or ‘Search and Freeze’ Notices

4.28 AED Settlement via UAEFTS

4.29 Gifts and Entertainments

4.30 Pricing Changes

Chapter 5: Central Bank Examinations