Cabinet Decision No. (10) of 2019 Concerning the Implementing Regulation of Decree Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations
IA-BOD-RES 10/2019 Effective from 10/2/2019The Cabinet,
- Pursuant to the perusal of the Constitution;
- Federal Law No. (1) of 1972 concerning the Competencies of Ministries and Powers of the Ministers and its amendments;
Based on the proposal of the Minister of Finance and the approval of the Cabinet,
Has issued the following:
Chapter 1 Definitions
Article (1)
In application of the provisions of the present Decision, the following terms and expressions shall have the meanings assigned to them unless the context requires otherwise:
State: United Arab Emirates
Minister: Minister of Finance
Central Bank: Central Bank of United Arab Emirates
Governor: Governor of the Central Bank
Committee: National Committee for Anti- Money Laundering and Combating the Financing of Terrorism and Illegal Organisations.
FIU: Financial Intelligence Unit
Supervisory Authority: Federal and local authorities, which are entrusted by legislation to supervise Financial Institutions, Designated Non-Financial Businesses and Professions and Non-Profit Organisations or the competent authority in charge of approving the pursuit of an activity or a profession in case a supervisory authority is not assigned by legislations.
Law Enforcement Authorities: Federal and local authorities which are entrusted under applicable legislation to combat, search, investigate and collect evidences on the crimes including ML/FT and financing illegal organisations crimes.
Competent Authorities: The competent government authorities entrusted with the implementation of any provision of the Decretal-Law in the State.
Predicate Offence: Any act constituting an felony or misdemeanour under the applicable laws of the State whether this act is committed inside or outside the State when such act is punishable in both countries.
Money Laundering: Any of the acts mentioned in Clause (1) of Article (2) of the Decretal-Law.
Financing of Terrorism: Any of the acts mentioned in Articles (29) and (30) of Federal Law no. (7) of 2014 on combating terrorism offences.
Illegal Organisations: Organisations whose establishment is criminalised or which pursue a criminalised activity.
Financing of Illegal Organisations: Any physical or legal action aiming at providing funding to an illegal organisation, or any of its activities or members.
Crime: Money laundering crime and related Predicate Offences, or Financing of Terrorism or Illegal Organisations.
Funds: Assets in whatever form, whether tangible, intangible, movable or immovable including national currency, foreign currencies, documents or notes evidencing the ownership of those assets or associated rights in any form including electronic or digital forms or any interests, profits or income originating or earned from these assets.
Proceeds: Funds generated directly or indirectly from the commitment of any felony or misdemeanour including profits, privileges, and economic interests, or any similar funds converted wholly or partly into other funds.
Means: Any means used or intended to be used for the commission of an offence or felony.
Suspicious Transactions: Transactions related to funds for which there are reasonable grounds to suspect that they are earned from any felony or misdemeanour related to the financing of terrorism or of illegal organisations, whether committed or attempted.
Freezing or Seizure: Temporary restriction over the moving, conversion, transfer, replacement or disposition of funds in any form, by an order issued by a Competent Authority.
Confiscation: Permanent expropriation of private funds or proceeds or instrumentalities by an injunction issued by a competent court.
Financial Institutions: Anyone who conducts one or several of the financial activities or operations of /or on behalf of a Customer.
Intermediary Financial Institution: The Financial Institution that receives and sends wire transfer between the Ordering Financial Institution and the Beneficiary Financial institution or another Intermediary Financial Institution.
Beneficiary Financial Institution: The Financial Institution that receives a wire transfer from an Ordering Financial Institution directly or indirectly via an Intermediary Financial Institution and makes funds available to the beneficiary.
Financial Transactions or Activities: Any activity or transaction defined in Article (2) of the present Decision.
Designated Nonfinancial Businesses and Professions (DNFBPs): Anyone who conducts one or several of the commercial or professional activities defined in Article (3) of the present Decision.
Non-Profit Organisations (NPOs): Any organised group, of a continuing nature set for a temporary or permanent time period, comprising natural or legal persons or not for profit legal arrangements for the purpose of collecting, receiving or disbursing funds for charitable, religious, cultural, educational, social, communal or any other charitable activities.
Legal Arrangement: A relationship established by means of a contract between two or more parties which does not result in the creation of a legal personality such as trusts or other similar arrangements.
Trust : A legal relationship in which a settlor places funds under the control of a trustee for the interest of a beneficiary or for a specified purpose. These assets constitute funds that are independent of the trustee's own estate, and the rights to the trust assets remain in the name of the settlor or in the name of another person on behalf of the settlor.
Settlor: A natural or legal person who transfers the control of his funds to a Trustee under a document.
Trustee: A natural or legal person who has the rights and powers conferred to him by the Settlor or the Trust, under which he administers, uses, and acts with the funds of the Settlor in accordance with the conditions imposed on him by either the Settlor or the Trust.
Customer: Anyone who performs or attempts to perform any of the acts defined in Articles (2) and (3) of the present Decision with any Financial Institution or Designated Non-Financial Business or Profession.
Transaction: All disposal or use of Funds or proceeds including for example: deposit, withdrawal, conversion, sale, purchase, lending, swap, mortgage, and donation.
Beneficial Owner: The natural person who owns or exercises effective ultimate control, directly or indirectly, over a Customer or the natural person on whose behalf a Transaction is being conducted or, the natural person who exercises effective ultimate control over a legal person or Legal Arrangement.
Business Relationship: Any ongoing commercial or financial relationship established between financial institutions, designated non-financial businesses and professions, and their Customers in relation to activities or services provided by them.
Correspondent Banking Relationship: Relationship between a correspondent financial institution and a respondent one through a current account or any other type of account(s) or through a service related to such an account and includes a corresponding relationship established for the purpose of securities transactions or transfer of funds.
Intermediary Account: Corresponding account used directly by a third party to conduct a transaction on its own behalf.
Financial Group: A group of financial institutions that consists of holding companies or other legal persons exercising the control over the rest of the group and coordinating functions for the application of supervision on the group, branch, and subsidiary level, in accordance with the international core principles for financial supervision, and AML/CFT policies and procedures.
Core Principles for Financial Supervision: Basel Committee on Banking Supervision (BCBS) Principles 1-3, 5-9, 11-15, 26, and 29; International Association of Insurance Supervisors (IAIS) Principles 1, 3-11, 18, 21-23, and 25; and International Organisation of Securities Commission (IOSCO) Principles 24, 28, 29 and 31; and Responsibilities A, B, C and D.
Wire Transfer: Financial transaction conducted by a financial institution or through an intermediary institution on behalf of a transferor whose funds are received by a beneficiary in another financial institution, whether or not the transferor and the beneficiary are the same person.
Shell Bank: Bank that has no physical presence in the country in which it is incorporated and licensed, and is unaffiliated with a regulated financial group that is subject to effective consolidated supervision.
Registrar: The entity in charge of supervising the register of commercial names for all types of establishments registered in the State.
Customer Due Diligence (CDD): Process of identifying or verifying the information of a Customer or Beneficial Owner, whether a natural or legal person or a legal arrangement, and the nature of its activity and the purpose of the business relationship and the ownership structure and control over it for the purposes of the Decretal-Law and this Decision.
Controlled Delivery: The process by which a competent authority allows the entering or transferring of illegal or suspicious funds or crime revenues to and from the UAE for the purpose of investigating a crime or identifying the identity of its perpetrators.
Undercover Operation: The process of search and investigation conducted by one of the judicial impoundment officers by impersonating or playing a disguised or false role in order to obtain evidence or information related to the Crime.
High Risk Customer: A Customer who represents a risk either in person, activity, business relationship, nature of geographical area, such as a Customer from a high-risk country or non-resident in a country in which he does not hold an identity card, or a costumer having a complex structure, performing complex operations or having unclear economic objective, or who conducts cash-intensive operations, or operations with an unknown third party, or operations without directly confronting any other high risk operations identified by financial institutions, or designated non-financial businesses and professions, or the Supervisory Authority.
Politically Exposed Persons (PEPs): Natural persons who are or have been entrusted with prominent public functions in the State or any other foreign country such as Heads of States or Governments, senior politicians, senior government officials, judicial or military officials, senior executive managers of state-owned corporations, and senior officials of political parties and persons who are, or have previously been, entrusted with the management of an international organisation or any prominent function within such an organisation; and the definition also includes the following:
- Direct family members (Of the PEP, who are spouses, children, spouses of children, parents).
- Associates known to be close to the PEP, which include:
- Individuals having joint ownership rights in a legal person or arrangement or any other close business relationship with the PEP.
- Individuals having individual ownership rights in a legal person or arrangement established in favour of the PEP.
- Individuals having joint ownership rights in a legal person or arrangement or any other close business relationship with the PEP.
Decretal- Law: Federal Decretal-Law No. (20) of 2018 on Anti- Money Laundering and Combating the Financing of Terrorism and Illegal Organisations.
- Direct family members (Of the PEP, who are spouses, children, spouses of children, parents).
Chapter 2 Financial Institutions, DNFBPs, and Non-Profit Organisations
Part 1 Financial Institutions and DNFBPs
Section 1
Article (2) Activities and Transactions of Financial Institutions and DNFBPs
The following are considered financial activities and transactions:
- Receiving deposits and other funds that can be paid by the public, including deposits in accordance with Islamic Sharia
- Providing private banking services
- Providing credit facilities of all types
- Providing credit facilities of all types, including credit facilities in accordance with Islamic Sharia
- Providing cash brokerage services
- Financial transactions in securities, finance and financial leasing
- Providing currency exchange and money transfer services
- Issuing and managing means of payment, guarantees or obligations
- Providing stored value services, electronic payments for retail and digital cash.
- Providing virtual banking services
- Trading, investing, operating or managing funds, option contracts, future contracts, exchange rate and interest rate transactions, other derivatives or negotiable financial instruments
- Participating in issuing securities and providing financial services related to these issues
- Managing funds and portfolios of all kinds
- Saving funds
- Preparing or marketing financial activities
- Insurance transactions, in accordance with Federal Law No. (6) of 2007 concerning the Establishment of the Insurance Authority and the Organisation of its Operations
- Any other activity or financial transaction determined by the Supervisory Authority
- Receiving deposits and other funds that can be paid by the public, including deposits in accordance with Islamic Sharia
Article (3)
Anyone who is engaged in the following trade or business activities shall be considered a DNFBP:
- Brokers and real estate agents when they conclude operations for the benefit of their Customers with respect to the purchase and sale of real estate
- Dealers in precious metals and precious stones in carrying out any single monetary transaction or several transactions that appear to be interrelated or equal to more than AED 55,000.
- Lawyers, notaries, and other independent legal professionals and independent accountants, when preparing, conducting or executing financial transactions for their Customers in respect of the following activities:
- Purchase and sale of real estate.
- Management of funds owned by the Customer.
- Management of bank accounts, saving accounts or securities accounts.
- Organising contributions for the establishment, operation or management of companies.
- Creating, operating or managing legal persons or Legal Arrangements.
- Selling and buying commercial entities.
- Purchase and sale of real estate.
- Providers of corporate services and trusts upon performing or executing a transaction on the behalf of their Customers in respect of the following activities:
- Acting as an agent in the creation or establishment of legal persons;
- Working as or equipping another person to serve as director or secretary of a company, as a partner or in a similar position in a legal person.
- Providing a registered office, work address, residence, correspondence address or administrative address of a legal person or Legal Arrangement.
- Performing work or equipping another person to act as a trustee for a direct Trust or to perform a similar function in favour of another form of Legal Arrangement.
- Working or equipping another person to act as a nominal shareholder in favour of another person.
- Acting as an agent in the creation or establishment of legal persons;
- Other professions and activities which shall be determined by a decision of the Minister
- Brokers and real estate agents when they conclude operations for the benefit of their Customers with respect to the purchase and sale of real estate
Section 2 Identification and Mitigation of Risks
Article (4)
- Financial institutions and DNFBPs are required to identify, assess, and understand their crime risks in concert with their business nature and size, and comply with the following:
- Considering all the relevant risk factors such as customers, countries or geographic areas; and products, services, transactions and delivery channels, before determining the level of overall risk and the appropriate level of mitigation to be applied.
- Documenting risk assessment operations, keeping them up to date on on-going bases and making them available upon request.
- Considering all the relevant risk factors such as customers, countries or geographic areas; and products, services, transactions and delivery channels, before determining the level of overall risk and the appropriate level of mitigation to be applied.
- Financial Institutions and DNFBPs shall commit to take steps to mitigate the identified risks mentioned as per Clause (1) herein, taking into consideration the results of the National Risk Assessment, by the following:
- Developing internal policies, controls and procedures that are commensurate with the nature and size of their business and are approved by senior management, to enable them to manage the risks that have been identified, and if necessary, to monitor the implementation of such policies, controls and procedures and enhance them as per Article (20) of the present Decision.
- Applying CDD measures to enhance high risks management once identified. Examples include:
- Obtaining more information and investigating this information such as information relating to the Customer and Beneficial Owner identity, or information relating to the purpose of the business relationship or reasons of the transaction.
- Updating the CDD information of the Customer and Beneficial Owner more systematically.
- Taking reasonable measures to identify the source of the funds of the Customer and Beneficial Owner.
- Increasing the degree and level of ongoing business relationship monitoring and examination of transactions in order to identify whether they appear unusual or suspicious.
- Obtaining the approval of senior management to commence the business relationship with the Customer.
- Obtaining more information and investigating this information such as information relating to the Customer and Beneficial Owner identity, or information relating to the purpose of the business relationship or reasons of the transaction.
- Developing internal policies, controls and procedures that are commensurate with the nature and size of their business and are approved by senior management, to enable them to manage the risks that have been identified, and if necessary, to monitor the implementation of such policies, controls and procedures and enhance them as per Article (20) of the present Decision.
- In case the requirements stipulated in Clauses (1 and 2) above are met, the Financial Institutions and DNFBPs shall be permitted to apply simplified CDD measures to manage and limit the identified low risks, unless there is suspicion of a committed Crime. The simplified CDD measures should be commensurate with the low risk factors. These include the following, as examples:
- Verifying the identity of the Customer and Beneficial Owner after establishing the business relationship.
- Updating the Customer’s data based on less frequent intervals.
- Reducing the rate of ongoing monitoring and transaction checks.
- Concluding the purpose and nature of the business relationship based on the type of transactions or the business relationship that has been established, without the need to gather information or performing specific procedure.
- Verifying the identity of the Customer and Beneficial Owner after establishing the business relationship.
- Financial institutions and DNFBPs are required to identify, assess, and understand their crime risks in concert with their business nature and size, and comply with the following:
Section 3 Customer Due Diligence (CDD)
Article (5)
- Financial Institutions and DNFBPs are required to undertake CDD measures to verify the identity of the Customer and the Beneficial Owner before or during the establishment of the business relationship or opening an account, or before executing a transaction for a Customer with whom there is no business relationship. And in the cases where there is a low crime risk, it is permitted to complete verification of Customer identity after establishment of the business relationship, under the following conditions:
- The verification will be conducted in a timely manner as of the commencement of business relationship or the implementation of the transaction.
- The delay is necessary in order not to obstruct the natural course of business.
- The implementation of appropriate and effective measures to control the risks of the Crime.
- The verification will be conducted in a timely manner as of the commencement of business relationship or the implementation of the transaction.
- Financial Institutions and DNFBPs are required to take measures to manage the risks in regards to the circumstances where Customers are able to benefit from the business relationship prior to completion of the verification process.
- Financial Institutions and DNFBPs are required to undertake CDD measures to verify the identity of the Customer and the Beneficial Owner before or during the establishment of the business relationship or opening an account, or before executing a transaction for a Customer with whom there is no business relationship. And in the cases where there is a low crime risk, it is permitted to complete verification of Customer identity after establishment of the business relationship, under the following conditions:
Article (6)
Financial Institutions and DNFBPs should, as the case may be, undertake CDD measures in the following cases:
- Establishing the business relationship;
- Carrying out occasional transactions in favour of a Customer for amounts equal to or exceeding AED 55,000, whether the transaction is carried out in a single transaction or in several transactions that appear to be linked;
- Carrying out occasional transactions in the form of Wire Transfers for amounts equal to or exceeding AED 3,500.
- Where there is a suspicion of the Crime.
- Where there are doubts about the veracity or adequacy of previously obtained Customer's identification data.
- Establishing the business relationship;
Article (7)
Financial Institutions and DNFBPs should undertake CDD measures and ongoing supervision of business relationships, including:
- Audit transactions that are carried out throughout the period of the business relationship, to ensure that the transactions conducted are consistent with the information they have about Customer, their type of activity and the risks they pose, including - where necessary - the source of funds
- Ensure that the documents, data or information obtained under CDD Measures are up-to-date and appropriate by reviewing the records, particularly those of high-risk customer categories
- Audit transactions that are carried out throughout the period of the business relationship, to ensure that the transactions conducted are consistent with the information they have about Customer, their type of activity and the risks they pose, including - where necessary - the source of funds
Article (8)
- Financial Institutions and DNFBPs should identify the Customer’s identity, whether the Customer is permanent or walk-in, and whether the Customer is a natural or legal person or legal arrangement, and verify the Customer’s identity and the identity of the Beneficial Owner. This should be done using documents, data or information from a reliable and independent source or any other source to verify the identity verification as follows:
- For Natural Persons:
The name, as in the identification card or travel document, nationality, address, place of birth, name and address of employer, attaching a copy of the original and valid identification card or travel document, and obtain approval from the senior management, if the Customer or the Beneficial Owner is a PEP.
- For Legal Persons and Legal Arrangements:
- The name, Legal Form and Memorandum of Association
- Headquarter office address or the principal place of business; if the legal person or arrangement is a foreigner, it must mention the name and address of its legal representative in the State and submit the necessary documents as a proof.
- Articles of Association or any similar documents, attested by the competent authority within the State.
- Names of relevant persons holding senior management positions in the legal person or legal arrangement.
- The name, Legal Form and Memorandum of Association
- For Natural Persons:
- Financial institutions and DNFBP’s are required to verify that any person purporting to act on behalf of the Customer is so authorised, and verify the identity of that person as prescribed in Clause (1), of this Article.
- Financial institutions and DNFBP’s are required to understand the intended purpose and nature of the business relationship, and obtain, when necessary, information related to this purpose.
- Financial institutions and DNFBP’s are required to understand the nature of the Customer’s business as well as the Customer’s ownership and control structure.
- Financial Institutions and DNFBPs should identify the Customer’s identity, whether the Customer is permanent or walk-in, and whether the Customer is a natural or legal person or legal arrangement, and verify the Customer’s identity and the identity of the Beneficial Owner. This should be done using documents, data or information from a reliable and independent source or any other source to verify the identity verification as follows:
Article (9)
Financial Institutions and DNFBP’s are required to take reasonable measures to verify the identity of the Beneficial Owners of legal persons and Legal Arrangements, by using information, data, or statistics acquired from a reliable source, by the following:
1. For Customers that are legal persons:
(a) Obtaining and verifying the identity of the natural person, who by himself or jointly with another person, has a controlling ownership interest in the legal person of 25% or more, and in case of failing or having doubt about the information acquired, the identity shall be verified by any other means.
(b) In the event of failing to verify the identity of the natural person exercising control as per paragraph (a) of this Clause, or the person(s) with the controlling ownership interest is not the Beneficial Owner, the identity shall be verified for the relevant natural person(s) holding the position of senior management officer, whether one or more persons.
2. For Customers that are Legal Arrangements:
Verifying the identity of the Settlor, the Trustee(s), or anyone holding a similar position, the identity of the beneficiaries or class of beneficiaries, the identity of any other natural person exercising ultimate effective control over the legal arrangement, and obtaining sufficient information regarding the Beneficial Owner to enable the verification of his/her identity at the time of payment, or at the time he/she intends to exercise his/her legally acquired rights.
Article (10)
Financial Institutions and DNFBPs shall be exempted from identifying and verifying the identity of any shareholder, partner, or the Beneficial Owner, if such information is obtainable from reliable sources where the Customer or the owner holding the controlling interest are as follow:
- A company listed on a regulated stock exchange subject to disclosure requirements through any means that require adequate transparency requirements for the Beneficial Owner.
- A subsidiary whose majority shares or stocks are held by the shareholders of a holding company.
- A company listed on a regulated stock exchange subject to disclosure requirements through any means that require adequate transparency requirements for the Beneficial Owner.
Article (11)
- In addition to the CDD measures required for the Customer and the Beneficial Owner, Financial Institutions shall be required to conduct CDD measures and ongoing monitoring of the beneficiary of life insurance policies and funds generating transactions, including life insurance products relating to investments and family Takaful insurance, as soon as the beneficiary is identified or designated as follows:
- For the beneficiary identified by name, the name of the person, whether a natural person a legal person or a legal arrangement, shall be obtained.
- For a beneficiary designated by characteristics or by class– such as a family relation like parent or child, or by other means such as will or estate – it shall be required to obtain sufficient information concerning the beneficiary to ensure that the Financial Institution will be able to establish the identity of the beneficiary at the time of the pay-out.
- For the beneficiary identified by name, the name of the person, whether a natural person a legal person or a legal arrangement, shall be obtained.
- In all cases – the Financial Institutions should verify the identity of the beneficiary at the time of the payout as per the insurance policy or prior to exercising any rights related to the policy. If the Financial Institution identifies the beneficiary of the insurance policy to be a high-risk legal person or arrangement, then it should conduct enhanced CDD measures to identify the Beneficial Owner of that beneficiary, legal person, or legal arrangement.
- In addition to the CDD measures required for the Customer and the Beneficial Owner, Financial Institutions shall be required to conduct CDD measures and ongoing monitoring of the beneficiary of life insurance policies and funds generating transactions, including life insurance products relating to investments and family Takaful insurance, as soon as the beneficiary is identified or designated as follows:
Article (12)
Financial Institutions and DNFBPs should apply CDD measures to Customers and the ongoing business relationship on the effective date of the present Decision, within such times as deemed appropriate based on relative importance and risk priority. It should also ensure the sufficiency of data acquired, in case CDD measures were applied before the effective date of the present Decision.
Article (13)
- Financial Institutions and DNFBPs shall be prohibited from establishing or maintaining a business relationship or executing any transaction should they be unable to undertake CDD measures towards the Customer and should consider reporting a suspicious transaction to the FIU.
- Even if they suspect the commission of a Crime, financial institutions and DNFBPs should not apply CDD measures if they have reasonable grounds to believe that undertaking such measures would tip-off the Customer and they should report a Suspicious Transaction to the FIU along with the reasons having prevented them from undertaking such measures.
- Financial Institutions and DNFBPs shall be prohibited from establishing or maintaining a business relationship or executing any transaction should they be unable to undertake CDD measures towards the Customer and should consider reporting a suspicious transaction to the FIU.
Article (14)
Financial Institutions and DNFBP’s shall commit to the following:
- Not to deal in any way with Shell Banks, whether to open bank accounts in their names, or to accept funds or deposits from them.
- Not to create or keep records of bank accounts using pseudonyms, fictitious names or numbered accounts without the account holder’s name.
- Not to deal in any way with Shell Banks, whether to open bank accounts in their names, or to accept funds or deposits from them.
Section 4 Politically Exposed Persons (PEPs)
Article (15)
- In addition to undertaking CDD measures required under Section 3, Part 1 of this Chapter, Financial Institutions and DNFBPs shall be required to carry out the following:
First: For Foreign PEPs:
- Put in place suitable risk management systems to determine whether a Customer or the Beneficial Owner is considered a PEP.
- Obtain senior management approval before establishing a business relationship, or continuing an existing one, with a PEP.
- Take reasonable measures to establish the source of funds of Customers and Beneficial Owners identified as PEPs.
- Conduct enhanced ongoing monitoring over such relationship.
Second: For Domestic PEPs and individuals previously entrusted with prominent functions at international organisations:
- Take sufficient measures to identify whether the Customer or the Beneficial Owner is considered one of those persons.
- Take the measures identified in Clauses (b), (c), and (d) under the first paragraph of this Article, when there is a high-risk business relationship accompanying such persons.
- Put in place suitable risk management systems to determine whether a Customer or the Beneficial Owner is considered a PEP.
- Financial Institutions shall be required to take reasonable measures to determine the beneficiary or Beneficial Owner of life insurance policies and family takaful insurance. If identified as a PEP, Financial institutions shall inform senior management before the pay-out of those policies, or prior to the exercise of any rights related to them, in addition to thoroughly examining the overall business relationship, and consider reporting to the Unit a suspicious transaction report.
- In addition to undertaking CDD measures required under Section 3, Part 1 of this Chapter, Financial Institutions and DNFBPs shall be required to carry out the following:
Section 5 Suspicious Transaction Reports (STRs)
Article (16)
Financial Institutions and DNFBPs shall put in place indicators that can be used to identify the suspicion on the occurrence of the Crime in order to report STRs, and shall update these indicators on an ongoing basis, as required, in accordance with the development and diversity of the methods used for committing such crimes, whilst complying with what the Supervisory Authorities or FIU may issue instructions in this regard.
Article (17)
- If Financial Institutions and DNFBPs have reasonable grounds to suspect that a Transaction, attempted Transaction, or funds constitute crime proceeds in whole or in part, or are related to the Crime or intended to be used in such activity, regardless of the amount, they shall adhere to the following without invoking bank secrecy or professional or contractual secrecy:
- Directly report STRs to the FIU without any delay, via the electronic system of the FIU or by any other means approved by the FIU
- Respond to all additional information requested by the FIU.
- Directly report STRs to the FIU without any delay, via the electronic system of the FIU or by any other means approved by the FIU
- Lawyers, notary publics, other legal stakeholders and independent legal auditors shall be exempt from Clause (1) of this Article, if obtaining this information regarding such Transactions relates to the assessment of their Customers’ legal position, or defending or representing them before judiciary authorities or in arbitration or mediation, or providing legal opinion with regards to legal proceedings, including providing consultation concerning the initiation or avoidance of such proceedings, whether the information was obtained before or during the legal proceedings, or after their completion, or in other circumstances where such Customers are subject to professional secrecy.
- Financial Institutions and DNFBPs, their board members, employees and authorised representatives shall not be legally liable for any administrative, civil or criminal liability for reporting when reporting to the Unit or providing information in good faith.
- If Financial Institutions and DNFBPs have reasonable grounds to suspect that a Transaction, attempted Transaction, or funds constitute crime proceeds in whole or in part, or are related to the Crime or intended to be used in such activity, regardless of the amount, they shall adhere to the following without invoking bank secrecy or professional or contractual secrecy:
Article (18)
- Financial Institutions and DNFBPs, their managers, officials or staff, shall not disclose, directly or indirectly, to the Customer or any other person(s) that they have reported, or are intending to report a Suspicious Transaction, nor shall they disclose the information or data contained therein, or that an investigation is being conducted in that regard.
- When lawyers, notaries, other independent legal professionals, and legal independent auditors attempt to discourage their Customers from committing a violation, they shall not be considered to have made a disclosure.
- Financial Institutions and DNFBPs, their managers, officials or staff, shall not disclose, directly or indirectly, to the Customer or any other person(s) that they have reported, or are intending to report a Suspicious Transaction, nor shall they disclose the information or data contained therein, or that an investigation is being conducted in that regard.
Section 6 Reliance on a Third Party
Article (19)
- Taking into consideration the high-risk countries identified by the Committee, the Financial Institutions and DNFBPs shall be permitted to rely on a third party to undertake the necessary CDD measures towards Customers as per Section 3 of Part 1 of this Chapter, and each of the Financial Institution and the DNFBP shall be responsible for the validity of these CDD measures, and shall do the following:
- Immediately obtain, from third parties, the necessary identification data and other necessary information collected through the CDD measures and ensure that copies of the necessary documents for such measures can be obtained without delay and upon request.
- Ensure that the third party is regulated and supervised, and adheres to the CDD measures towards Customers and record-keeping provisions of the present Decision.
- Immediately obtain, from third parties, the necessary identification data and other necessary information collected through the CDD measures and ensure that copies of the necessary documents for such measures can be obtained without delay and upon request.
- Financial Institutions and DNFBPs, who rely on third parties that are part of the same Financial Group,shall ensure that:
- The Financial Group applies the CDD, PEP, and record-keeping requirements and implements programs for combating the Crime in accordance with Sections 3, 4, 11 of Part 1 of this Chapter and Article (31) of this Decision, and the Financial Group is subject to supervision in that regard.
- The Financial Group sufficiently mitigates any high risks linked to countries through its own policies and controls for combating the Crime.
- The Financial Group applies the CDD, PEP, and record-keeping requirements and implements programs for combating the Crime in accordance with Sections 3, 4, 11 of Part 1 of this Chapter and Article (31) of this Decision, and the Financial Group is subject to supervision in that regard.
- Taking into consideration the high-risk countries identified by the Committee, the Financial Institutions and DNFBPs shall be permitted to rely on a third party to undertake the necessary CDD measures towards Customers as per Section 3 of Part 1 of this Chapter, and each of the Financial Institution and the DNFBP shall be responsible for the validity of these CDD measures, and shall do the following:
Section 7 Internal Supervision and Foreign Branches and Subsidiaries
Article (20)
Financial Institutions and DNFBPs shall have internal policies, procedures and controls for combating the Crime, that should be commensurate with the Crime risks, and with the nature and size of their business, and to continuously update them, and to apply them to all its branches and subsidiaries in which it holds majority interest, including the following:
- CDD measures towards Customers as required in accordance with the Decretal-Law and the present Decision, including procedures for the risk management of business relationships prior to completing the verification process.
- Procedures for the reporting of Suspicious Transactions.
- Appropriate arrangements for compliance management for combating the Crime, including appointing a compliance officer
- Screening procedures to ensure the availability of high competence and compatibility standards when hiring staff
- Preparation of periodic programs and workshops in the field of combatting the Crime to build the capabilities of compliance officers and other competent employees.
- An independent audit function to test the effectiveness and adequacy of internal polices, controls and procedures relating to combating the Crime.
- CDD measures towards Customers as required in accordance with the Decretal-Law and the present Decision, including procedures for the risk management of business relationships prior to completing the verification process.
Section 8 Compliance Officer Tasks
Article (21)
Financial Institutions and DNFBPs shall appoint a compliance officer. The compliance officer shall have the appropriate competencies and experience and under his or her own responsibility, shall perform the following tasks:
- Detect Transactions relating to any Crime.
- Review, scrutinise and study records, receive data concerning Suspicious Transactions, and take decisions to either notify the FIU or maintain the Transaction with the reasons for maintaining while maintaining complete confidentiality.
- Review the internal rules and procedures relating to combating the Crime and their consistency with the Decretal-Law and the present Decision, assess the extent to which the institution is committed to the application of these rules and procedures, propose what is needed to update and develop these rules and procedures, prepare and submit semi-annual reports on these points to senior management, and send a copy of that report to the relevant Supervisory Authority enclosed with senior management remarks and decisions.
- Prepare, execute and document ongoing training and development programs and plans for the institution’s employees on Money Laundering and the Financing of Terrorism and Financing of Illegal Organisations, and the means to combat them.
- Collaborate with the Supervisory Authority and FIU, provide them with all requested data, and allow their authorised employees to view the necessary records and documents that will allow them to perform their duties.
- Detect Transactions relating to any Crime.
Section 9 High-Risk Countries
Article (22)
- Financial Institutions and DNFBPs shall implement enhanced CDD measures based on the level of risk that might arise from business relationships and Transactions with natural or legal persons from high-risk countries.
- Financial Institutions and DNFBPs shall implement CDD measures as defined by the Committee regarding High Risk Countries.
- Financial Institutions and DNFBPs shall implement enhanced CDD measures based on the level of risk that might arise from business relationships and Transactions with natural or legal persons from high-risk countries.
Section 10 Requirements relating to New Technologies
Article (23)
- Financial institutions and DNFBPs shall identify and assess the risks of money laundering and terrorism financing that may arise when developing new products and new professional practices, including means of providing new services and using new or under-development techniques for both new and existing products.
- Financial Institutions and DNFBPs shall assess risks prior to the release of products, practices or techniques, and take appropriate measures to manage and mitigate such risks
- Financial institutions and DNFBPs shall identify and assess the risks of money laundering and terrorism financing that may arise when developing new products and new professional practices, including means of providing new services and using new or under-development techniques for both new and existing products.
Section 11 Record-keeping
Article (24)
- Financial Institutions and DNFBPs shall maintain all records, documents, data and statistics for all financial transactions and local or international commercial and cash transactions for a period of no less than five years from the date of completion of the transaction or termination of the business relationship with the Customer.
- Financial institutions and DNFBPs shall keep all records and documents obtained through CDD measures, ongoing monitoring, account files and business correspondence, and copies of personal identification documents, including STRs and results of any analysis performed , For a period of no less than five years from the date of termination of the business relationship or from the closing date of the account to Customers who maintain accounts with these institutions or after the completion of a casual transaction or from the date of completion of the inspection by the Supervisory authorities, or from the date of issuance of a final judgment of the competent judicial authorities, all depending on the circumstances.
- The records, documents and documents kept shall be organised so as to permit data analysis and tracking of financial transactions.
- Financial Institutions and DNFBPs shall make all Customer information regarding CDD towards Customers, ongoing monitoring and results of their analysis, records, files, documents, correspondence and forms available immediately to the competent authorities upon request.
- Financial Institutions and DNFBPs shall maintain all records, documents, data and statistics for all financial transactions and local or international commercial and cash transactions for a period of no less than five years from the date of completion of the transaction or termination of the business relationship with the Customer.
Part 2 Requirements for Financial Institutions
Section 1 Correspondent Banking Relationship
Article (25)
- Before entering into correspondent banking or any other similar relationship, financial institutions shall take the following measures:
- Refrain from entering into or maintaining a correspondent banking relationship with Shell Banks or with an institution that allows their accounts to be used by Shell Banks.
- Collect sufficient information about any receiving correspondent banking institution for the purpose of identifying and achieving a full understanding of the nature of its work, and to make available, through publicly available information, its reputation and level of control, including whether it has been investigated.
- Evaluate anti-crime controls applied by the receiving institution.
- Obtain approval from senior management before establishing new correspondent banking relationships.
- Understand the responsibilities of each institution in the field of combatting Crime.
- Refrain from entering into or maintaining a correspondent banking relationship with Shell Banks or with an institution that allows their accounts to be used by Shell Banks.
- With respect to intermediate payment accounts, the financial institution should be required to ensure that the receiving institution has taken CDD measures towards Customers who have direct access to those accounts and that it is able to provide CDD information to the relevant Customers upon request of the correspondent institution.
- Before entering into correspondent banking or any other similar relationship, financial institutions shall take the following measures:
Section 2 Money or Value Transfer Services
Article (26)
- Providers of money or value transfer services shall be licensed by or registered with the competent Supervisory Authority. The Supervisory Authority shall take the necessary measures to punish those who provide such services without a licence or registration in accordance with their effective legislation and to ensure compliance of licensed or registered providers with the Crime combating controls.
- Providers of money or value transfer services shall keep an up-to-date list of their agents and make them available to the relevant authorities within the country in which the money or value transfer services providers and their agents operate, and shall engage their agents in combatting the Crime control programs and monitor them for compliance with these programs.
- Providers of money or value transfer services shall be licensed by or registered with the competent Supervisory Authority. The Supervisory Authority shall take the necessary measures to punish those who provide such services without a licence or registration in accordance with their effective legislation and to ensure compliance of licensed or registered providers with the Crime combating controls.
Section 3 Wire Transfers
Article (27)
- Financial institutions shall ensure that all international wire transfers equal to or exceeding AED (3,500) are always accompanied by the following data:
- The name of the originator, his or her identity number or travel document, date and place of birth, address and account number. In the absence of an account, the transfer must include a unique transaction reference number which allows the process to be tracked.
- The name of the beneficiary and his account number used to make the transfers. In the absence of the account, the transfer must include a unique transaction reference number which allows the process to be tracked.
- The name of the originator, his or her identity number or travel document, date and place of birth, address and account number. In the absence of an account, the transfer must include a unique transaction reference number which allows the process to be tracked.
- In the event that several individual cross-border wire transfers from a single originator are bundled in a batch file for transmission to beneficiaries, the batch file shall contain required and accurate originator information, and full beneficiary information, that is fully traceable within the beneficiary country; and the financial institution shall be required to include the originator’s account number or unique transaction reference number.
- Financial institutions shall ensure that all cross-border wire transfers less than AED 3,500 are always accompanied by the data in Clause (1) of this Article, without the need to verify the accuracy of the data referred to, unless there are suspicions about committing the Crime.
- For domestic wire transfers, the ordering financial institution shall ensure that the information accompanying the wire transfer includes originator information as indicated in Clause (1) of this Article, unless this information can be made available to the beneficiary financial institution and competent authorities by other means.
- Where the information accompanying the domestic wire transfer can be made available to the beneficiary financial institution and competent authorities by other means, the ordering financial institution shall be only required to include the account number or a unique transaction reference number, provided that this number or identifier will permit the transaction to be traced back to the originator or the beneficiary. The ordering financial institution shall make the information available within three business days of receiving the request either from the beneficiary financial institution or from competent authorities.
- Financial institutions shall not carry out wire transfers if they fail to comply with the conditions set out in this article.
- Ordering financial institutions shall keep all information about the originator and the beneficiary collected in accordance with the provisions of Article (24) of this Decision.
- Financial institutions shall ensure that all international wire transfers equal to or exceeding AED (3,500) are always accompanied by the following data:
Article (28)
- An intermediary financial institution shall ensure that all originator and beneficiary information that accompanies a wire transfer is retained with it for cross-border wire transfers.
- Where technical limitations prevent the required originator or beneficiary information accompanying a cross-border wire transfer from remaining with a related domestic wire transfer, the Intermediary Financial Institution shall keep a record of all the information received from the ordering financial institution or another cross-border Intermediary Financial Institution, in accordance with the provisions of Article (24) of the present Decision.
- Intermediary Financial Institutions shall take reasonable measures, which are consistent with straight-through processing, to identify cross-border wire transfers that lack required originator information or required beneficiary information and shall have risk-based policies and procedures for determining when to execute, reject, or suspend a wire transfer; and the appropriate follow-up action.
- An intermediary financial institution shall ensure that all originator and beneficiary information that accompanies a wire transfer is retained with it for cross-border wire transfers.
Article (29)
- Beneficiary Financial Institutions shall take reasonable measures, to identify cross-border wire transfers that lack required originator information or required beneficiary information, which may include real-time monitoring where feasible or post-event monitoring.
- For cross-border wire transfers of AED 3,500 or more, a Beneficiary Financial Institution shall verify the identity of the beneficiary, if the identity has not been previously verified.
- Beneficiary Financial Institutions shall have risk-based policies and procedures determining when to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information; and for determining the appropriate follow-up action.
- Beneficiary Financial Institutions shall maintain records of all required originator and required beneficiary information collected, in accordance with the provisions of Article (24) of this Decision.
- Beneficiary Financial Institutions shall take reasonable measures, to identify cross-border wire transfers that lack required originator information or required beneficiary information, which may include real-time monitoring where feasible or post-event monitoring.
Article (30)
- Providers of Money or Value Transfer Services shall comply with all of the relevant requirements of Articles (27), (28), and (29) of this Decision, whether they operate directly or through their agents.
- In the case of a provider of money or value transfer services that controls both the ordering and the beneficiary side of a cross-border wire transfer, the provider of money or value transfer services shall:
- Take into account all information from both the ordering and beneficiary sides in order to determine whether an STR is to be filed; and
- If it is decided to file STR regarding the Transaction, the STR shall be sent to the Financial Intelligence Unit in the relevant country, attaching all relevant transaction information.
- Take into account all information from both the ordering and beneficiary sides in order to determine whether an STR is to be filed; and
- Providers of Money or Value Transfer Services shall comply with all of the relevant requirements of Articles (27), (28), and (29) of this Decision, whether they operate directly or through their agents.
Section 4 Financial Group
Article (31)
Financial Groups shall implement group-wide programs with respect to combating the Crime. Such programs shall be applicable and appropriate to all its branches and majority-owned subsidiaries. In addition to the measures mentioned in Article (20) of this Decision, these programs should also include the following:
- Policies and procedures for the exchange of information required for the purposes of CDD and risk management of the Crime;
- The provision of Customer information, accounts, and Transactions from the branches and subsidiaries to the compliance officers at a Financial Group level, whenever necessary for the purpose of combating the Crime.
- Provision of adequate safeguards on the confidentiality and use of the information exchanged.
- Policies and procedures for the exchange of information required for the purposes of CDD and risk management of the Crime;
Article (32)
- Financial Institutions should ensure that their foreign branches and majority-owned subsidiaries apply Crime-combating measures that are consistent with the requirements of the Decretal-Law and the present Decision when the minimum Crime-combating requirements of the other country are less strict than those applied in the State, to the extent permitted by that other country’s laws and regulations.
- If the other country does not permit the appropriate implementation of measures for combating the Crime that are consistent with the requirements of the Decretal-Law and the present Decision, then Financial Institutions shall take additional measures to manage AML/CFT risks related to their operations abroad and reduce them appropriately, inform the other country of the matter, and abide by the instructions received from the Country in this regard.
- Financial Institutions should ensure that their foreign branches and majority-owned subsidiaries apply Crime-combating measures that are consistent with the requirements of the Decretal-Law and the present Decision when the minimum Crime-combating requirements of the other country are less strict than those applied in the State, to the extent permitted by that other country’s laws and regulations.
Part 3 Requirements of Non-Profitable Organisations
Article (33)
Non-Profit Organisations, in collaboration with the competent Supervisory Authority, shall commit to the following:
- Apply best practices adopted by the competent Supervisory Authority to mitigate their vulnerabilities so that they can protect themselves from being abused for Financing of Terrorism and of Illegal Organisations.
- Put in place clear policies to promote transparency, integrity, and public confidence in its own administration.
- Conduct Transactions through official financial channels, taking into consideration the different capabilities of financial sectors in other countries.
- Apply best practices adopted by the competent Supervisory Authority to mitigate their vulnerabilities so that they can protect themselves from being abused for Financing of Terrorism and of Illegal Organisations.
Chapter 3 Transparency and Beneficial Owner
Part 1 Requirements of Company Registrar and Companies
Article (34)
- The Registrar shall provide information regarding legal persons in the State and make it available to the public as follows:
- The types, different forms and basic features of legal persons
- The processes for the creation of those legal persons
- The processes for obtaining its basic information as stipulated in paragraph (b), Clause (1), of Article (8) of this Decision
- The processes for obtaining information about the Beneficial Owner.
- The types, different forms and basic features of legal persons
- The Registrar shall undertake to maintain and keep the up-to-date basic information defined in paragraph (b), Clause (1), of Article (8) of this Decision, ensure its accuracy and make it available to the public
- Upon registering companies, the Registrar shall commit to receive the data of the Beneficial Owner of the company as stipulated in Clause (Error! Reference source not found.) of Article (9) of this Decision and make sure it remains up to date accurate, and available to the Competent Authorities.
- The Registrar shall provide information regarding legal persons in the State and make it available to the public as follows:
Article (35)
- Companies shall be required to maintain the information set out in paragraph (b), Clause (1) of Article (8) of this Decision and a register of all their shareholders containing the number of shares held by each shareholder and categories of shares, if any, including the voting rights and providing this register to the Registrar after ensuring its accuracy.
- Companies shall undertake to maintain and make available the data mentioned in Clause (Error! Reference source not found.) of Article (9) of this Decision to the Registrar at all times and upon request, update such data within 15 business days upon its amendment or change and ensure to keep this information up-to-date and accurate on an ongoing basis and assist the Registrar in documenting such information if so required.
- Companies shall have one or more natural persons residents of the State and authorised to disclose to the Registrar all information contained in Clauses (1) and (2) of this Article
- Any company established or registered in the State shall be prohibited from issuing share warrants to bearer.
- Companies that permit the issuance of nominee shares in the name of individuals or members of the board of directors shall be required to disclose those shares and the identities of the members of the board of directors to the Registry for the purpose of registering them.
- Companies shall be required to maintain the information set out in paragraph (b), Clause (1) of Article (8) of this Decision and a register of all their shareholders containing the number of shares held by each shareholder and categories of shares, if any, including the voting rights and providing this register to the Registrar after ensuring its accuracy.
Article (36)
The Registrar and the companies, or the administrators or liquidators or any other stakeholder involved in the dissolution of the company, shall maintain records and all information as mentioned in Article (34) and Article (35) for at least five years from the date in which the company is dissolved or otherwise ceased to exist.
Part 2 Requirements of Legal Arrangements
Article (37)
- The Trustees in Legal arrangements are required to information about the Beneficial Owner as prescribed in Clause (Error! Reference source not found.) of Article (9) of this Decision.
- The Trustees in Legal Arrangements are required to maintain basic information relating to intermediaries, who are subject to supervision, and service providers, including consultants, investors, directors, accountants and tax advisors.
- The information mentioned in Clauses (1) and (2) of this Article shall be maintained accurately and updated within 15 days if it is amended or changed and legal arrangement representatives shall be required to maintain this information for at least five years from the date of the end of their involvement with the legal arrangement.
- The Competent Authorities, and in particular Law Enforcement Authorities, shall request and obtain information held by trustees, Financial Institutions, or DNFBPs, without delay, relating to the following:
- The Beneficial Ownership of legal arrangements
- The residence of the Trustee
- The funds that are held or managed by the Financial Institution or DNFBP in relation to any trustees with which they have a Business Relationship, or for which they undertake an occasional Transaction.
- The Beneficial Ownership of legal arrangements
- The Trustees in Legal arrangements are required to information about the Beneficial Owner as prescribed in Clause (Error! Reference source not found.) of Article (9) of this Decision.
Part 3 Prohibition of Invocation of Banking, Professional or Contractual Secrecy
Article (38)
It is prohibited to invoke banking, professional or contractual secrecy as a pretext to prevent application of the provisions of the Decretal-Law and this Decision in the following cases:
- Exchange of information among Financial Institutions whenever it is related to Correspondent Banking or Wire Transfers and the reliance on regulated third party relationships in accordance with Articles (19), (25), and (27) to (30) of this Decision.
- Exchange of information among Competent Authorities at the domestic or international level in relation to the combating of the Crime.
- Exchange of information among Financial Institutions whenever it is related to Correspondent Banking or Wire Transfers and the reliance on regulated third party relationships in accordance with Articles (19), (25), and (27) to (30) of this Decision.
Part 4 Confidentiality of information
Article (39)
- Any person who obtains information related to a suspicious transaction or any of the crimes stipulated in the Decretal-Law shall be bound by its confidentiality and not disclosed except to the extent necessary for its use in investigations, prosecutions or cases in violation of the provisions of the Decretal-Law and this Decision.
- In all cases, it is not permissible to contact the Customer directly or indirectly to notify him of the actions taken, except at the written request of the competent Supervisory Authority.
- Any person who obtains information related to a suspicious transaction or any of the crimes stipulated in the Decretal-Law shall be bound by its confidentiality and not disclosed except to the extent necessary for its use in investigations, prosecutions or cases in violation of the provisions of the Decretal-Law and this Decision.
Chapter 4 Financial Intelligence Unit
Section 1 Independence of the FIU
Article (40)
- The FIU shall be operationally independent in order to carry out its functions effectively, and the Central Bank shall provide it with the required technical, financial and human resources.
- The main headquarter for the FIU shall be the capital of the State and it may open branches within the Central Bank’s branches in the Emirates of the State.
- The FIU shall operate as national centre to receive STR’s and other information related to the Crime.
- The FIU shall be operationally independent in order to carry out its functions effectively, and the Central Bank shall provide it with the required technical, financial and human resources.
Section 2 Powers of the FIU
Article (41)
The FIU shall have the following powers:
- Putting in place the FIU’s departments and internal regulations for approval by the Central Bank’s Board of Directors. The internal regulations shall include procedures to ensure the competency and integrity of its employees and the awareness of their responsibilities in dealing with confidential information.
- Establishing a database or special register to hold any information it has available and securing this information by establishing rules that govern information security and confidentiality, including procedures for processing, storing, disseminating and setting procedures to ensure limited access to the FIU’s facilities, information and technical systems and to the review or disclosure of information, except by those authorised to do so.
- Providing courses and programs to train and develop the employees working in it and any other authority, be it inside or outside the State.
- Preparing studies, research and statistics related to the Crime, and following up on any studies, research or statistics conducted domestically or internationally in this regard.
- Preparing annual reports about its Crime-combatting activities that include specifically general analysis of STRs and notifications received as well as activities and trends of the Crime, and preparing a brief of this report for dissemination purposes.
- Putting in place the FIU’s departments and internal regulations for approval by the Central Bank’s Board of Directors. The internal regulations shall include procedures to ensure the competency and integrity of its employees and the awareness of their responsibilities in dealing with confidential information.
Article (42)
The FIU shall be responsible for carrying out its duties with regards to STRs as follows:
- Receiving STRs relating to the Crime from Financial Institutions and DNFBPs on the FIU’s approved templates, then studying, analysing and storing them in its database.
- Requesting Financial Institutions, DNFBPs, and Competent Authorities to provide any additional information and documents relating to the STRs and information received, and any other information that it might deem necessary to perform its duties, including information relating to customs’ disclosures, in the time and form specified by the FIU
- Analysing available reports and information as follows:
- Operational analysis by using available and obtainable information, to identify specific targets, such as persons, funds, or criminal networks, track activities or specific Transactions, and determine the links between those targets, activities or transactions and potential proceeds of the Crime.
- Strategic analysis by using available and obtainable information, including data provided by Competent Authorities, to identify trends and patterns of the Crime.
- Operational analysis by using available and obtainable information, to identify specific targets, such as persons, funds, or criminal networks, track activities or specific Transactions, and determine the links between those targets, activities or transactions and potential proceeds of the Crime.
- Providing the Financial Institutions and DNFBPs with the analysis results of the information provided in the reports received by the FIU in order to enhance the effectiveness of the measures for combating the Crime and detecting STRs.
- Cooperating and coordinating with the Supervisory Authorities by disseminating the outcomes of its own analysis, specifically with respect to the quality of STRs, to ensure the compliance of Financial Institutions and DNFBPs with the procedures for combating the Crime
- Sending the data relating to the reports, the outcomes of its analyses and any other relevant data to Law Enforcement Authorities, when there are sufficient grounds to suspect its connection to the Crime, to take required actions in that regard.
- Providing to judiciary authorities and Law Enforcement Authorities information related to the Crime and information it can obtain from foreign FIUs, spontaneously or upon request.
- Receiving STRs relating to the Crime from Financial Institutions and DNFBPs on the FIU’s approved templates, then studying, analysing and storing them in its database.
Article (43)
The FIU shall be responsible for carrying out its duties at the international level as follows:
- Exchanging information with its FIU counterparts in other countries on STRs or any other information the FIU has the power to obtain or access, whether directly or indirectly, as per the international agreements to which the State is a party or any memorandums of understanding the FIU has entered into with FIU counterparts to regulate its cooperation with them or on the condition of reciprocity.
- Reporting to its FIU counterparts the outcomes of using the submitted information and analysis conducted based on that information.
- The information specified in Clauses (1) and (2) of this Article may not be used except for Crime-combatting purposes and may not be disclosed to any third party without the FIU’s approval.
- Following up on the developments relating to Money Laundering and Terrorism Financing crimes through the relevant regional and international organisations and bodies and participating in related meetings.
- Following up with the requirements of the Egmont Group, as well as participating and attending its meetings as a member of the group.
- Exchanging information with its FIU counterparts in other countries on STRs or any other information the FIU has the power to obtain or access, whether directly or indirectly, as per the international agreements to which the State is a party or any memorandums of understanding the FIU has entered into with FIU counterparts to regulate its cooperation with them or on the condition of reciprocity.
Chapter 5 Supervisory Authorities
Section 1 Supervisory Authority for Financial Institutions and DNFBPs
Article (44)
The Supervisory Authorities, each in accordance with its specialisations, shall assume the functions of supervision, monitoring and follow-up to ensure compliance with the provisions of the Decretal-Law and this Decision and shall be specialised in the following:
- Conducting a risk assessment for any potential occurrence of the Crime in legal persons, including Financial Institutions and DNFBPs.
- Putting in place the Crime-Combating regulations, instructions and forms for the entities subject to their supervision, when necessary.
- Putting in place the required procedures and controls to assess the compliance of supervised institutions with the provisions of the Decretal-Law and this Decision and any other legislation related to combating the Crime in the State, as well as to request the information relating to such compliance.
- Setting and applying the regulations, controls, standards of merit to anyone who seeks to acquire, control, participate in management or operation, whether directly or indirectly, or to be the beneficiary of Financial Institutions and DNFBPs.
- Conducting onsite and offsite supervision and inspections over Financial Institutions and DNFBPs.
- Determining the frequency of supervision and inspection over Financial Institutions, Financial Groups, and DNFBPs based on the following:
- National Risk Assessment
- Distinctive characteristics of Financial Institutions, Financial Groups and DNFBPs in terms of their diversities, numbers and the degree of discretion provided to them under the risk-based approach.
- Risks of the Crime as well as internal policies, controls and procedures associated with Financial Institutions, Financial Groups, or DNFBPs as identified by the Supervisory Authority’s assessment of each’s risk profile.
- National Risk Assessment
- Undertaking all measures to ensure full compliance of the Financial Institutions and DNFBPs in implementing Security Council Resolutions relating to the prevention and suppression of terrorism and Terrorism Financing, and the prevention and suppression of the proliferation of weapons of mass destruction and its financing, and other related decisions, by conducting onsite visits and on-going monitoring, and imposing appropriate administrative sanctions when there is a violation or shortcoming in implementing the instructions.
- Ensuring that the prescribed measures are adopted by the supervised institutions in accordance with the provisions of the Decretal-Law and this Decision, and that these measures are implemented in their foreign branches and majority-owned subsidiaries to the extent permitted by the laws of the country, where those branches and subsidiaries exist.
- Periodically reviewing the assessment of the Crime risk profile of a Financial Institution and Financial Group (including the risks of non-compliance), and when there are major events or developments in the management and operations of the Financial Institution or Group.
- Ensuring the compliance of Financial Institutions and DNFBPs subject to their supervision in implementing enhanced CDD measures on Customers and ongoing monitoring of the business relationship related to High-Risk Countries.
- Providing Financial Institutions and DNFBPs with guidelines and feedback to enhance the effectiveness of implementation of the Crime-combatting measures.
- Maintaining an up-to-date list of the names and data of compliance officers of the institutions under their Supervision, and notifying the FIU thereof; and requiring those institutions to obtain their prior consent before appointing their compliance officers.
- Conducting programs and outreach campaigns on combating the Crime.
- Issuing decisions of imposing administrative sanctions in accordance with the provisions of the Decretal-Law and the present Decision, and the mechanism for submitting relevant grievance.
- Maintaining statistics about the measures taken and sanctions imposed.
- Conducting a risk assessment for any potential occurrence of the Crime in legal persons, including Financial Institutions and DNFBPs.
Section 2 Supervisory Authority for Non-Profit Organisations
Article (45)
The Competent Supervisory Authority for NPOs shall commit to the following:
- Obtaining, in a timely manner, all information available with all Competent Authorities regarding NPO activities for the purpose of determining the size, features and types of NPOs, and identifying the threats posed against them by terrorism organisations, and the extent to which they are exposed to the risk of being misused for supporting Financing of Terrorism and Financing of Illegal Organisations, and then taking all appropriate and effective measures to combat these identified risks and reviewing them on a periodic basis to ensure their adequacy.
- Reviewing the relevance and adequacy of legislation relating to NPOs to stop their misuse for supporting the Financing of Terrorism and of Illegal Organisations, and working to improve them when necessary.
- Periodically reassessing NPOs by reviewing updated information on their potential vulnerabilities, which may be exploited in support of Financing of Terrorism.
- Promoting and conducting awareness outreach and educational programs in order to raise awareness of NPOs and their donators on their potential vulnerabilities, which may expose them to risks of being misused for supporting and financing of Terrorism, and measures that can be taken by NPOs to protect themselves from such risks.
- Supervising and monitoring NPOs using a risk-based approach to prevent their misuse in the Support and Financing of Terrorism and ensure compliance with their requirements.
- Cooperating, coordinating and exchanging information at the local level with Competent Authorities that hold relevant information on NPOs.
- Possessing experience in the field of investigations and the ability to examine NPOs that are suspected of being misused for supporting and financing of terrorism.
- Fully reviewing the information relating to the administration and management of any NPO, including financial information and information relating to its programs.
- Establishing mechanisms to ensure the prompt exchange of information with Competent Authorities for the purpose of taking preventive measures or investigative action when there is suspicion or reasonable grounds to suspect that the NPO is:
- A front for the raising of funds on behalf of a terrorist organisation.
- Being exploited as a conduit for the Financing of Terrorism or for the evasion of asset freezing measures or any other form of terrorism support.
- Concealing or disguising the flow of funds intended for legitimate purposes, but redirected for the benefit of terrorists or terrorist organisations.
- A front for the raising of funds on behalf of a terrorist organisation.
- Determining the appropriate points of contact and procedures required to respond to international requests for information regarding NPOs suspected of Financing of Terrorism or is being exploited for the Financing of Terrorism or other forms of terrorism support.
- Obtaining, in a timely manner, all information available with all Competent Authorities regarding NPO activities for the purpose of determining the size, features and types of NPOs, and identifying the threats posed against them by terrorism organisations, and the extent to which they are exposed to the risk of being misused for supporting Financing of Terrorism and Financing of Illegal Organisations, and then taking all appropriate and effective measures to combat these identified risks and reviewing them on a periodic basis to ensure their adequacy.
Chapter 6 Provisional Measures and Investigative Procedures
Section 1 Provisional Measures
Article (46)
- The Governor, or whoever is acting in his place, shall order the Freezing of funds, which are suspected to be linked to the Crime, with Financial Institutions licensed by the Central Bank for a period of no more than (7) seven working days, in the case of the FIU’s requests based on its analysis of STRs and other information received.
- The FIU shall, in the event of taking the decision mentioned in Clause (1) of this Article, do the following:
- Notify the concerned Financial Institution to perform the Freezing order without prior notice to the owner of the funds.
- Notify the public prosecutor, in case the Governor requests extending the Freezing order, including the justifications of such extension.
- Notify the concerned Financial Institution to perform the Freezing order without prior notice to the owner of the funds.
- The FIU, after presenting to the Governor, shall notify the concerned Financial Institution of the cancelation of the Freezing order in case the public prosecutor refuses the extension or after expiry of the period specified in Clause (1) of this Article without receiving a response from the public prosecutor
- The Financial Institution, which holds the frozen funds, shall notify the owner of the frozen funds of the Freezing order and its sources, and shall request the owner to provide the required documents that prove the legitimacy of the source of these funds and refer these documents to the FIU to take the required actions.
- The Governor shall submit a proposal to the public prosecutor to cancel the extension of the Freezing order once there are no grounds to such freeze in order for the public prosecutor to take actions as he deems appropriate.
- The fund freezing orders shall not be executed by Financial Institutions licensed by the Central Bank unless they are issued by it.
- The Governor, or whoever is acting in his place, shall order the Freezing of funds, which are suspected to be linked to the Crime, with Financial Institutions licensed by the Central Bank for a period of no more than (7) seven working days, in the case of the FIU’s requests based on its analysis of STRs and other information received.
Article (47)
- The Public Prosecution and the competent court shall, as the case may be, order the identification, tracing, and valuation of the Funds, Proceeds and Means under suspicion, or their equivalent value, or order their Seizing or Freezing, if they were the result of or linked to the Crime, and that is without prior notice to the owner, and shall issue a travel ban for the owner until the completion of the investigation or trial.
- The Public Prosecution or the competent court shall, as the case may be and when deemed necessary, take decisions to prevent the dealing with or disposing of such Funds, Proceeds or Means, and take the necessary measures to prevent any action intended to evade the Freezing and Seizing order issued in that regard, without violating the rights of bona fide third parties.
- Any interested party shall have the right to contest the public prosecution’s Freezing or Seizing decision before the competent court of first instance, which is located within the jurisdiction of the order public, or the competent court specialised in criminal claims.
- The contest shall be submitted as a report to the competent court. The president of the court shall, then, schedule a hearing session with the knowledge of the defendant, and the public prosecution shall be required to lodge a memorandum with its opinion on the defendant’s grievance. The court then issues its final decision within a period of no more than 14 working days as of the date of submission of the appeal.
- The decision to dismiss the contest request is not subject to appeal; if the contest was rejected, it is not permissible to lodge a new contest except after a duration of three months from the date of rejecting the contest, unless a serious reason occurs before the period passes.
- The Public Prosecution and the competent court shall, as the case may be, order the identification, tracing, and valuation of the Funds, Proceeds and Means under suspicion, or their equivalent value, or order their Seizing or Freezing, if they were the result of or linked to the Crime, and that is without prior notice to the owner, and shall issue a travel ban for the owner until the completion of the investigation or trial.
Article (48)
The public prosecution and the competent court shall, as the case may be, appoint whomever they deem suitable to manage the seized and frozen Funds, Proceeds and Means or those subject to Confiscation, and permit them to dispose or sell the Funds, Proceeds and Means in public auction, even before the issuance of the verdict, if necessary, if they are concerned about their depreciation or devaluation over time. The amount of the sale shall be deposited in the State’s treasury in the event of a final verdict of conviction. Such funds shall remain within the limits of their value for any rights legitimately determined to any bona fide third parties.
Section 2 Investigation Procedures
Article (49)
- The public prosecution and Law Enforcement Authorities shall, when launching an investigation and collecting evidence for a Predicate Offense, when necessary, take into consideration the extent to which the financial aspects of the criminal activity are connected with Money Laundering, Financing of Terrorism, or the Financing of Illegal Organisations, in order to determine the scope of the crime, identify and track proceeds and any other funds that may be subject to confiscation and strengthen evidence of the crime.
- The public prosecution shall request the opinion of the FIU on the notifications received in relation to Money Laundering, Financing of Terrorism or Financing of Illegal Organisations cases.
- Law Enforcement Authorities shall be responsible for receiving, and following up on, the results of STR analysis from the FIU and for gathering the related evidence.
- The public prosecution and Law Enforcement Authorities shall promptly identify, trace and seize Funds, Proceeds and Means that might be subject to Confiscation and linked to the Crime.
- Law Enforcement Authorities shall obtain the information directly from Competent Authorities, even if it is subject to banking secrecy or professional confidentiality, as they deem fit so they can perform their duties in detecting the Crime or its perpetrator(s) and collecting evidence about them, and the authority, who is the recipient of the information request, shall execute the request without delay.
- The public prosecution and Law Enforcement Authorities shall, when launching an investigation and collecting evidence for a Predicate Offense, when necessary, take into consideration the extent to which the financial aspects of the criminal activity are connected with Money Laundering, Financing of Terrorism, or the Financing of Illegal Organisations, in order to determine the scope of the crime, identify and track proceeds and any other funds that may be subject to confiscation and strengthen evidence of the crime.
Chapter 7 International Cooperation
Section 1 General Provisions for International Cooperation
Article (50)
Competent Authorities, for the purpose of implementation of International Cooperation requests on the Crime, to conclude, negotiate and sign agreements in a timely manner with foreign counterpart authorities, in a manner that does not contradict the legislation in force in the State
Article (51)
Competent authorities shall give priority to all International cooperation requests related to the Crime and implement them expeditiously through clear and secure mechanisms and channels. The confidentiality of the information received shall be subject to the request, if required. If the confidentiality of the information cannot be kept, then the requesting authority shall be informed of the matter.
Article (52)
Within the scope of implementing the provisions of the Decretal-Law and this Decision, an International Cooperation request regarding the Crime shall not be rejected on the basis of any of the following:
- The crime involves financial, tax or customs matters.
- Secrecy provisions are binding upon Financial Institutions and DNFBPs, providing that they do not violate the applicable laws in the State, unless the relevant information was obtained under the circumstances where professional legal privileges or professional secrecy apply.
- The crime is political or related to a political crime.
- The request is connected with a crime subject of an ongoing investigation or prosecution in the State, unless the request impedes the investigation or the prosecution.
- The act, on which the assistance is based, does not constitute a crime in the State, or the act does not have similar attributes to a crime set out in the State, unless it involves constraining, coercive measures or its in accordance with the applicable laws in the State.
- The criminal act in the State is listed under a different name or description or that its structure varies from that of the requesting country.
- The crime involves financial, tax or customs matters.
Section 2 Exchange of Information between Competent Authorities and Counterparts
Article (53)
In accordance with the legislation and agreements in force in the State or on the condition of reciprocity, the competent authorities shall:
- Execute requests received from any foreign entity and exchange information on the Crime at the appropriate speed with foreign counterparts, and obtain any other requested information on its behalf, even if such requests change in nature, whether spontaneously or upon request.
- Provide feedback to foreign counterparts on the use of the information obtained and the extent to which it was beneficial, if requested to do so.
- Obtain a declaration or undertaking from the foreign counterpart that international cooperation information will only be used for the intended purpose, unless prior approval has been obtained.
- Use international cooperation information obtained for the intended purpose, unless the foreign counterpart grants its approval for use for another purpose.
- Refuse to provide information in the event that it is not effectively protected by the foreign counterpart requesting international cooperation.
- Execute requests received from any foreign entity and exchange information on the Crime at the appropriate speed with foreign counterparts, and obtain any other requested information on its behalf, even if such requests change in nature, whether spontaneously or upon request.
Article (54)
- The Competent Authorities commit to provide the means for international cooperation with respect to the basic information and Beneficial Owners of companies and legal arrangements, whereby such cooperation shall include the following:
- Facilitating the access of foreign competent authorities to basic information held by the registries of companies and legal arrangements;
- Exchanging information on legal arrangements and the shareholders in companies;
- Using their powers to obtain all the information on Beneficial Owners on behalf of foreign counterparts.
- Facilitating the access of foreign competent authorities to basic information held by the registries of companies and legal arrangements;
- The Competent Authorities shall supervise the implementation quality for the international cooperation requests received from other countries in relation to basic company information and Beneficial Ownership for companies and legal arrangements, as well as the requests for international cooperation relating to determining the location of the Beneficial Owner from companies abroad.
- The Competent Authorities commit to provide the means for international cooperation with respect to the basic information and Beneficial Owners of companies and legal arrangements, whereby such cooperation shall include the following:
Article (55)
In accordance with the legislation in force in the State, and the provisions of the agreements to which they are a party, and on the condition of reciprocity, the Supervisory Authorities of the Financial Institutions shall:
- Exchange information relating to the appropriate Crime that it maintains and which is available to it directly or indirectly, with foreign counterparts, regardless of their nature, and consistent with the relevant international financial control principles relevant to anti money-laundering and combating the financing of terrorism applicable to each of them, including information on:
- The regulatory framework of the financial sectors and the general information related to them.
- Preventive financial control measures such as information related to the activities and works of financial institutions, their real beneficiaries, their management, and information of merit and eligibility.
- Internal policies of financial institutions in the field of combatting the Crime, CDD information of Customers, and of information related to accounts and transactions.
- The regulatory framework of the financial sectors and the general information related to them.
- Obtaining prior approval of the foreign supervisory authority, where the information is required for transmission or use, other than for the intended purpose, and to informing it of the matter in the event of disclosure of such information whenever it is the result of a legal obligation.
- Requesting or facilitating access to information on behalf of the foreign supervisory authority, for the purposes of enhancing supervision on the financial group.
- Exchange information relating to the appropriate Crime that it maintains and which is available to it directly or indirectly, with foreign counterparts, regardless of their nature, and consistent with the relevant international financial control principles relevant to anti money-laundering and combating the financing of terrorism applicable to each of them, including information on:
Article (56)
Without prejudice to the provisions of the treaties and conventions to which the State is a party and subject to reciprocity; and without prejudice to the legislation in force in the State, Law Enforcement Authorities, in coordination with the Competent Authority, may:
- Exchange information held by it, either directly or indirectly, with foreign counterparts for purposes of investigation or collection of inferences relating to Crime, identification and tracking of proceeds and intermediaries.
- Use the powers conferred upon it in accordance with the legislation in force in the State to conduct investigations and obtain information on behalf of the foreign counterpart, and coordinate the formation of bilateral or multilateral teams to conduct joint investigations.
- Exchange information held by it, either directly or indirectly, with foreign counterparts for purposes of investigation or collection of inferences relating to Crime, identification and tracking of proceeds and intermediaries.
Section 3 International Legal Assistance
Article (57)
Upon request from another judiciary authority in another country, with whom there is a valid agreement in place with the State, or on the basis of reciprocity concerning any acts that are punishable as per the applicable laws in the State, the competent judiciary authority shall provide legal assistance in investigations, trials or measures linked to the Crime and it shall order the following:
- Locating, Freezing, Seizing or Confiscation of Funds, Proceeds or Means that have been used, or intended for use in the Crime, or their equivalent. The death or anonymity of the suspect shall not prevent undertaking such measures.
- Any other measures applicable in accordance with the enforceable laws in the State, including the provision of records maintained by Financial Institutions, DNFBPs or NPOs, the search of persons and buildings, gathering statements from witnesses, collecting evidence, using investigative methods such as Undercover Operations, wiretapping, communications, obtaining electronic data and information and Controlled Delivery.
- Extradition and repatriation of persons and things related to the Crime in accordance with the laws applicable in the State.
- Locating, Freezing, Seizing or Confiscation of Funds, Proceeds or Means that have been used, or intended for use in the Crime, or their equivalent. The death or anonymity of the suspect shall not prevent undertaking such measures.
Article (58)
It is permitted to recognise any judgement or judicial order that provides for the confiscation of Funds, Proceeds or Means relating to Money Laundering, the Financing of Terrorism or the Financing of Illegal Organisations issued by a competent court or judiciary authority in another country, with whom there is an attested agreement in place with the State.
Article (59)
Taking into consideration the applicable laws in the State, the implementation of the judgement or judicial order mentioned in Article (58) of the present Decision shall not contradict a judgment or order previously issued by a court in the State, there shall not be an ongoing charge in the State regarding the same judgment issued from the requesting country, and the request shall also include the following documents and information:
- An attested copy of the judgment or judicial order for Confiscation along with the law on which it is based, and a statement of the reasons for issuing the confiscation order, if not mentioned in the judgment or the order itself.
- A statement establishing that the sentenced person has been duly summoned and represented, and has been able to defend himself.
- A document confirming that the judgement or judicial order is enforceable and not subject to appeal through ordinary methods.
- Description of the Funds, Proceeds and Means for Confiscation, their estimated value, their potential location and information regarding any persons who might be holding or possessing these funds.
- Statement of the amount to be repatriated from the funds for Confiscation.
- Any information relating to third party rights on the Funds, Proceeds or Means.
- Statement of the procedures undertaken in the requesting country to protect bona fide third parties.
- An attested copy of the judgment or judicial order for Confiscation along with the law on which it is based, and a statement of the reasons for issuing the confiscation order, if not mentioned in the judgment or the order itself.
Section 4 Implementation of the Security Council Resolutions
Article (60)
Every natural or legal person shall immediately comply with the instructions issued by the Competent Authorities in the State concerning the implementation of the resolutions issued by UN Security Council under Chapter VII of the Charter of the United Nations regarding the prevention and suppression of terrorism and Terrorism Financing, and the prevention and suppression of the proliferation of Weapons of Mass Destruction and its financing, and any other related decisions.
Chapter 8 Final Provisions
Article (61)
Any provision that contradicts or violates the provisions of the present Decision shall be considered void.
Article (62)
The present Decision shall come into force as of the date of its issuance and shall be published in the Official Gazette.