3. Screening Operations
Under Article 21.2 of Cabinet Decision 74, LFIs must regularly screen their databases and transactions against names on the UN Consolidated List and the Local Terrorist List, and also immediately when notified of any changes to any of such lists, provided that such screening includes the following:
- Searching their customer databases - Search for the names of parties to any transactions. - Search for the names of potential customers. - Search for the names of beneficial owners. - Search for names of persons and organizations with which they have a direct or indirect relationship. - Continuously search their customer database before conducting any transaction, or entering into a serious business relationship with any person, to ensure that their name is not listed on the UN Consolidated List or the Local Terrorist List.
3.1. Sanctions Evasion
Illicit actors targeted by sanctions are likely to utilize a range of tactics to evade the prohibitions, which can be difficult to identify. LFIs should remain vigilant in order to identify attempts to evade, avoid, or circumvent sanctioned activities. Frequent tactics employed for sanctions evasion include renaming, using intermediaries, creating front companies, and using alternative financial networks. LFIs should monitor not only for sanctions violations but also for red flags of potential evasion risks. LFIs also a need to remain vigilant for new methods of evading sanctions. Customer Due Diligence (“CDD”) and Enhanced Due Diligence (“EDD”) play a critical role, in combination with sanctions screening, to identify and prevent more complicated forms of sanctions evasion.
LFIs should also prohibit activity that aims to evade or circumvent sanctions prohibitions. Accordingly, LFIs must not engage in activities that could be part of a sanctions evasion scheme, including but not limited to:
• Tipping off customers or counterparties; • Omitting, withholding, altering, misstating, or removing any information about customers or transactions; • Accepting incomplete (when the customer deliberately does not provide an identifier to obscure being matched with the sanctions lists, such as a date of birth or address) or false information (when the customer provides a false identifier that would not match with the sanctions lists listed details, such as a wrong date of birth); • Providing false or incomplete information to counterparties or sanctions-imposing authorities; or • Any other activities that would cause a conflict with or failure to comply with this Guidance.
For more details and information, please refer to the Executive Office’s “Typologies on the circumvention of Targeted Sanctions against Terrorism and the Proliferation of Weapons of Mass Destruction” (circulated by CBUAE Notice No. 2893 dated 02/06/2021).
3.2. Maintenance of UN Consolidated List and Local Terrorist List
LFIs should rely on the official website of the UNSC for the most updated UN Consolidated List:
https://www.un.org/securitycouncil/content/un-sc-consolidated-list
LFIs should rely on the official website of the Executive Office to obtain the most recent publication of the Local Terrorist List issued by the UAE Cabinet:
https://www.uaeiec.gov.ae/en-us/ https://www.uaeiec.gov.ae/ar-ae/
In addition, under Article 21 of Cabinet Decision 74, LFIs must register on the Executive Office’s website in order to receive automated email notifications with updated and timely information about the Listing and de-Listing of individuals or entities in the Local Terrorist List and in the UN Consolidated List.
When LFIs utilize external vendors’ lists for their Sanctions List and Local Lists, it is the LFI’s responsibility to undertake due diligence on these vendors and ensure that the vendors’ lists contain all names listed by the UN Consolidated List and UAE Local Terrorist List.
3.3. Customer Screening
Screening processes should be conducted at various stages of the customer lifecycle to include:
• Periodic name screening: A change to either the customer identifying information or UN Consolidated List /Local Terrorist List should trigger an automatic rescreening. • Ad hoc name screening: Such screening is triggered by a specific business need or in order to comply with a request by a competent authority, or in the case of feedback from a downstream financial institution. • Re-screening: A specific scenario in the transaction monitoring system identifies a high-risk jurisdiction in updated customer information.
3.4. Name Screening
In addition to the regular screening utilizing the UN Consolidated List and Local Terrorist List indicated above, LFIs should maintain the following sanctions compliance procedures to prevent and detect sanctions breaches:
1. Ownership/Control Rule: Individuals or legal entities that are directly or indirectly owned or controlled mainly or fully by one or more Listed Person are subject to the same prohibitions as the Listed Person, even if such individuals or legal entities are not specifically named by the competent authority on the respective UN Consolidated List or Local Terrorist List.
The criterion to be taken into account when assessing whether an individual or legal entity is mainly owned by a Listed Person is the possession of more than 50% of the proprietary rights of an entity or having majority interest in it. If this criterion is satisfied, it is considered that the individual or legal entity is owned by a Listed Person.
The criteria to be taken into account when assessing whether an individual or legal entity or arrangement is mainly controlled by a Listed Person, alone or pursuant to an agreement with another shareholder or other third party, include the following:
• Having the right to appoint or remove a majority of the members of the administrative or management body of such a legal person, entity, group or arrangement;
• Having appointed solely as a result of the exercise of one's voting rights a majority of the members of the administrative or management body of a legal person, entity, group or arrangement who have held office during the present and previous financial year;
• Controlling alone, pursuant to an agreement with other shareholders in or members of a legal person, group or entity, a majority of shareholders' or members' voting rights in that legal person, entity, group or arrangement;
• Having the right to exercise a dominant influence over a legal person, group or entity, pursuant to an agreement entered into with that legal person, entity, group or arrangement, or to a provision in its Memorandum or Articles of Association, where the law governing that legal person, entity, group or arrangement permits its being subject to such agreement or provision;
• Having the power to exercise the right to exercise a dominant influence referred to in the previous point, without being the holder of that right;
• Having the right to use all or part of the assets of that legal person, entity, group or arrangement;
• Managing the business of that legal person, entity, group or arrangement on a unified basis, while publishing consolidated accounts; or
• Sharing jointly and severally the financial liabilities of legal person, entity, group or arrangement, or guaranteeing them.
2. Fuzzy Matching: An algorithm-based technique to match one data point, where the contents of the information being screened is not identical, but its spelling, pattern or sound is a close match to the contents contained on a list used for screening.
3. Weak or Low-quality Aliases: Relatively broad or generic alias may generate a large volume of false hits when such names are run through a computer-based screening system. LFIs should perform their own assessments on whether to screen for weak aliases based on their understanding of their own risk profile.
3.5. Verification of False Positives
Because many names may be common, various potential matches may be found. A potential match is when there is any match between data in the sanctions lists with any information in the LFI’s databases. However, it does not necessarily mean that the individual or entity the LFI is dealing with is subject to sanctions. When identifying the potential match, LFIs should suspend any transaction until they are satisfied it is not a Listed Person.
LFIs should compare potential matches with the UN Consolidated List and the Local Terrorist List in order to confirm whether they are true matches and to eliminate “false positives.” LFIs should compare information that is known about the party in question, such as date of birth and address, with other information provided in the designation order. Furthermore, LFIs should undertake efforts to obtain additional information and identification documents, which may have previously not been obtained from the customer or a counterparty to ascertain whether the customer is the actual designated person in the case of similar or common names. If the LFI establishes that the match is a false positive, then the LFI does not need to freezing or apply Other Measures related to sanctions. Therefore, the LFI may allow the transaction or relationship to continue its normal course, provided that the transaction or relationship is not suspicious and does not trigger any other concerns. LFIs are required to maintain evidence of the false positive verification process in their records and make them available to the competent authorities immediately upon request.
LFIs may create a “white list” (or a “good customer list”) of names of customers that have been flagged as potential matches to the UN Consolidated List and the Local Terrorist List but subsequently cleared through thorough due diligence by the LFI. Those “white lists” may be used to improve the process related to screening by leveraging the results of past due diligences and reducing the number of false positives. While an LFI should not overly rely on such a list and must diligently and continuously screen customers and transactions in case they are implicated in updated UN Consolidated List and Local Terrorist List, the use of such a “white list” may assist the LFI in expediting the dispositioning in case of repeated false positive matches. LFIs should have documented procedures to managing and periodically reviewing and updating those “white lists”.
For more details and information, please refer to Annex 2 for related Lessons learned from CBUAE Supervision.
3.6. Payments Screening
LFIs should also screen information regarding counterparties of all incoming and outgoing transfers in order to identify any potential match to Listed Persons. The information to be screened includes:
• The parties involved in a transaction, including the sender and the receiver; • Third parties and intermediaries; • Bank Names, Bank Identifier Code ("BIC”) and other routing codes; • Free text fields; • International Securities Identification Number (“ISINs”) or other risk relevant product identifiers (there are multiple fields in the identifier information section for sanctions lists. An ISIN number can be screened as an identifier number similar to a date of birth/passport number, and towns/regions can be screened as jurisdictions operating in); • Geography, including addresses, countries, cities, towns, regions.
3.7. Confirmed match
Under Articles 15 and 21 of Cabinet Decision 74, when a match is found through the screening process, LFIs must immediately, without delay and without prior notice, freeze all Funds. Without delay, as defined by Article 1 of Cabinet Decision 74, means within 24 hours of the Listing decision being issued by the UNSC, the Sanctions Committee or the UAE Cabinet, as the case may be.
For more details and information, please refer to the Executive Office’s Guidance on Targeted Financial Sanctions for FIs and DNFBPs.