Skip to main content
  • 6.2 Protection of Consumer Assets, Information and Data Against Fraud, Misappropriation and Misuse

    • 6.2.1 Protection of Assets

      1. 6.2.1.1Licensed Financial Institutions must ensure that they have clearly assigned responsibility and accountability for security of assets to Senior Management who must ensure internal control structures are in place and monitored including:
        1. a.The proper segregation of duties, roles and responsibilities of management and Staff within the Licensed Financial Institution;
        2. b.Operational risk mitigation;
        3. c.Application of logistical access security;
        4. d.Access rights and security on electronic Data and to assets;
        5. e.Physical security of the Consumer assets and records; and
        6. f.Completeness of documentation relating to business processes, policies, controls, and technical requirements in accordance with UAE’s anti-money laundering and terrorism financing guidelines.
      2. 6.2.1.2Licensed Financial Institutions must implement stringent safeguards and verifications in order to protect unclaimed assets including the assets in the form of Stored Value Facilities, digital money, and dormant accounts and to ensure effective monitoring and reporting of any attempts to access them.
      3. 6.2.1.3Collateral provided by the Consumer / guarantor must be properly secured and protected by the Licensed Financial Institution. The Licensed Financial Institution must act honestly, fairly and professionally and take into account the best interests of Consumer, while managing the collateralized assets.
      4. 6.2.1.4Unclaimed Funds: Exchange Houses must ensure that unclaimed funds are assessed, documented, monitored and disclosed on a monthly basis as prescribed by the Central Bank.
      5. 6.2.1.5Licensed Financial Institutions must have a robust internal risk based policy to update Consumers’ KYC documents, including expired identification documentation. Where Consumers have failed to respond to the Licensed Financial Institution’s written notices requesting the Consumer to provide required identification details to update the Licensed Financial Institution’s records, banks must after a notice period of 90 calendar days or after such period as may be prescribed by the Central Bank, temporarily block Debit & Credit Cards for all types of transactions, including ATM withdrawals. However, all other operations in the accounts of the Consumers are permitted through the branch. Licensed Financial Institutions must not levy any charges on such temporary blockage of the Consumers’ use of their cards.
      6. 6.2.1.6Licensed Financial Institutions must undertake Consumer education initiatives and undertake fraud awareness campaigns every year and more frequently if there is evidence of heightened fraudulent activity.
      7. 6.2.1.7Licensed Financial Institutions have an ongoing duty to educate and advise Consumers in Writing as to the security precautions that need to be taken to access their financial services including:
        1. a.Avoidance of using simple passwords or numbers associated with personal dates;
        2. b.The financial liability on the Consumers if they provide their password or personal identification number (PIN) to anyone or leave them written down and accessible to others to observe;
        3. c.Advising Consumers on how they should and can change passwords and PINs periodically;
        4. d.Cautiously entering the PIN at an ATM or POS Terminal to ensure they are not being observed; and
        5. e.Protecting access to their cheque book.
      8. 6.2.1.8Payment instruments/terminals (such as ATMs) and online banking channels must be progressively upgraded with the latest technology, particularly to prevent the use of counterfeit cards, and inspected regularly in accordance with the Central Bank’s guideline on preventing ATM Card frauds.
      9. 6.2.1.9Licensed Financial Institutions must ensure ATMs are secure. They must:
        1. a.Install and maintain pin pad shields to prevent the recording of Consumer PINs while using ATMs or POS terminals;
        2. b.Install Anti-Skimming devices to prevent the magnetic stripe being read. Operators must immediately withdraw from service any ATM that has been compromised;
        3. c.Install sensors to detect the presence of skimming devices and to send alerts to the operator and/or shutdown the ATM;
        4. d.Ensure digital security cameras are within the ATM;
        5. e.Apply any other advances in security as deemed necessary to protect Consumers; and
        6. f.Monitor and investigate reported ATM issues from Consumers.
      10. 6.2.1.10Licensed Financial Institutions must conduct periodic maintenance of all ATMs including verification of its proper functionality and ensuring security has not been breached (e.g. illegal keypad replicators and cameras). A record of the verifications on each machine must be maintained for a period of one year and made available for inspection by the Central Bank.
      11. 6.2.1.11Licensed Financial Institutions may be liable for any direct losses incurred as a result of any breaches of the Licensed Financial Institutions’ security controls.
      12. 6.2.1.12Licensed Financial Institutions must effectively perform and document their due diligence measures when verifying the background and competence of any Third Party that will represent the Licensed Financial Institution and/or have access to or possession of the Consumer’s assets, information and Data.
      13. 6.2.1.13Licensed Financial Institutions must ensure their Authorized Agents have equivalent level of fraud control, coordination and monitoring for all activities performed by their Staff on behalf of the Licensed Financial Institution.
      14. 6.2.1.14Licensed Financial Institutions must perform due diligence before hiring Staff and ensure verification of all fit and proper requirements are fully commensurate with responsibilities and functions of the positions.
      15. 6.2.1.15Licensed Financial Institutions must provide adequate and up to date Staff training on its control framework to ensure Consumers’ assets are securely handled.
    • 6.2.2 Fraud Detection

      1. 6.2.2.1Licensed Financial Institutions must have adequate systems and processes in place to monitor and respond to external fraud activities commensurate with the type of risk associated with the Financial Product or Service and the frequency of Consumer transactions.
      2. 6.2.2.2Licensed Financial Institutions must inform the Consumer of the procedures for reporting cases of theft, loss and fraud.
      3. 6.2.2.3Licensed Financial Institutions must monitor and document trends on the number and type of incidents for fraud, attempted frauds and Consumer Complaints in order to determine if there is any evidence of weakness in the security and detection measures. Licensed Financial Institutions must report significant fraud events immediately to the Central Bank in a manner as it may be prescribed.
    • 6.2.3 Fraud Investigation and Reporting

      1. 6.2.3.1Licensed Financial Institutions must have a fraud reporting function to investigate Financial Crime Compliance.
      2. 6.2.3.2When a specific pattern of frauds or deception is identified, a Licensed Financial Institution shall issue timely notifications to Consumers to promote awareness and preventative measures. The Licensed Financial Institution’s notice must provide a contact method for Consumers to report fraud incidents or make inquiries.
      3. 6.2.3.3Licensed Financial Institutions must report all Consumer Complaints arising from external, internal and attempted frauds, as well as any apparent vulnerabilities in the security and online systems to the Central Bank on a quarterly basis.
      4. 6.2.3.4Licensed Financial Institutions must file a summary annual report by January 31st to the Central Bank on the trends and significant incidents of fraud and attempted frauds including a description of the preventative measures taken.