The following are considered financial activities and transactions:

1. Receiving deposits and other funds that can be paid by the public, including deposits in accordance with Islamic Sharia
    
2. Providing private banking services
    
3. Providing credit facilities of all types
    
4. Providing credit facilities of all types, including credit facilities in accordance with Islamic Sharia
    
5. Providing cash brokerage services
    
6. Financial transactions in securities, finance and financial leasing
    
7. Providing currency exchange and money transfer services
    
8. Issuing and managing means of payment, guarantees or obligations
    
9. Providing stored value services, electronic payments for retail and digital cash.
    
10. Providing virtual banking services
     
11. Trading, investing, operating or managing funds, option contracts, future contracts, exchange rate and interest rate transactions, other derivatives or negotiable financial instruments
     
12. Participating in issuing securities and providing financial services related to these issues
     
13. Managing funds and portfolios of all kinds
     
14. Saving funds
     
15. Preparing or marketing financial activities
     
16. Insurance transactions, in accordance with Federal Law No. (6) of 2007 concerning the Establishment of the Insurance Authority and the Organisation of its Operations
     
17. Any other activity or financial transaction determined by the Supervisory Authority

Anyone who is engaged in the following trade or business activities shall be considered a DNFBP:
 

1. Brokers and real estate agents when they conclude operations for the benefit of their Customers with respect to the purchase and sale of real estate
    
2. Dealers in precious metals and precious stones in carrying out any single monetary transaction or several transactions that appear to be interrelated or equal to more than AED 55,000.
    
3. Lawyers, notaries, and other independent legal professionals and independent accountants, when preparing, conducting or executing financial transactions for their Customers in respect of the following activities:
    
   1. Purchase and sale of real estate.
       
   2. Management of funds owned by the Customer.
       
   3. Management of bank accounts, saving accounts or securities accounts.
       
   4. Organising contributions for the establishment, operation or management of companies.
       
   5. Creating, operating or managing legal persons or Legal Arrangements.
       
   6. Selling and buying commercial entities.
   
    
4. Providers of corporate services and trusts upon performing or executing a transaction on the behalf of their Customers in respect of the following activities:
    
   1. Acting as an agent in the creation or establishment of legal persons;
       
   2. Working as or equipping another person to serve as director or secretary of a company, as a partner or in a similar position in a legal person.
       
   3. Providing a registered office, work address, residence, correspondence address or administrative address of a legal person or Legal Arrangement.
       
   4. Performing work or equipping another person to act as a trustee for a direct Trust or to perform a similar function in favour of another form of Legal Arrangement.
       
   5. Working or equipping another person to act as a nominal shareholder in favour of another person.
   
    
5. Other professions and activities which shall be determined by a decision of the Minister

1. Financial institutions and DNFBPs are required to identify, assess, and understand their crime risks in concert with their business nature and size, and comply with the following:
    
   1. Considering all the relevant risk factors such as customers, countries or geographic areas; and products, services, transactions and delivery channels, before determining the level of overall risk and the appropriate level of mitigation to be applied.
       
   2. Documenting risk assessment operations, keeping them up to date on on-going bases and making them available upon request.
       
2. Financial Institutions and DNFBPs shall commit to take steps to mitigate the identified risks mentioned as per Clause (1) herein, taking into consideration the results of the National Risk Assessment, by the following:
    
   1. Developing internal policies, controls and procedures that are commensurate with the nature and size of their business and are approved by senior management, to enable them to manage the risks that have been identified, and if necessary, to monitor the implementation of such policies, controls and procedures and enhance them as per Article (20) of the present Decision.
       
   2. Applying CDD measures to enhance high risks management once identified. Examples include:
       
      1. Obtaining more information and investigating this information such as information relating to the Customer and Beneficial Owner identity, or information relating to the purpose of the business relationship or reasons of the transaction.
          
      2. Updating the CDD information of the Customer and Beneficial Owner more systematically.
          
      3. Taking reasonable measures to identify the source of the funds of the Customer and Beneficial Owner.
          
      4. Increasing the degree and level of ongoing business relationship monitoring and examination of transactions in order to identify whether they appear unusual or suspicious.
          
      5. Obtaining the approval of senior management to commence the business relationship with the Customer.
          
3. In case the requirements stipulated in Clauses (1 and 2) above are met, the Financial Institutions and DNFBPs shall be permitted to apply simplified CDD measures to manage and limit the identified low risks, unless there is suspicion of a committed Crime. The simplified CDD measures should be commensurate with the low risk factors. These include the following, as examples:
   1. Verifying the identity of the Customer and Beneficial Owner after establishing the business relationship.
       
   2. Updating the Customer’s data based on less frequent intervals.
       
   3. Reducing the rate of ongoing monitoring and transaction checks.
       
   4. Concluding the purpose and nature of the business relationship based on the type of transactions or the business relationship that has been established, without the need to gather information or performing specific procedure.

1. Financial Institutions and DNFBPs are required to undertake CDD measures to verify the identity of the Customer and the Beneficial Owner before or during the establishment of the business relationship or opening an account, or before executing a transaction for a Customer with whom there is no business relationship. And in the cases where there is a low crime risk, it is permitted to complete verification of Customer identity after establishment of the business relationship, under the following conditions:
    
   1. The verification will be conducted in a timely manner as of the commencement of business relationship or the implementation of the transaction.
       
   2. The delay is necessary in order not to obstruct the natural course of business.
       
   3. The implementation of appropriate and effective measures to control the risks of the Crime.
       
2. Financial Institutions and DNFBPs are required to take measures to manage the risks in regards to the circumstances where Customers are able to benefit from the business relationship prior to completion of the verification process.
    

Financial Institutions and DNFBPs should, as the case may be, undertake CDD measures in the following cases:

1. Establishing the business relationship;
    
2. Carrying out occasional transactions in favour of a Customer for amounts equal to or exceeding AED 55,000, whether the transaction is carried out in a single transaction or in several transactions that appear to be linked;
    
3. Carrying out occasional transactions in the form of Wire Transfers for amounts equal to or exceeding AED 3,500.
    
4. Where there is a suspicion of the Crime.
    
5. Where there are doubts about the veracity or adequacy of previously obtained Customer's identification data.
    

Financial Institutions and DNFBPs should undertake CDD measures and ongoing supervision of business relationships, including:

1. Audit transactions that are carried out throughout the period of the business relationship, to ensure that the transactions conducted are consistent with the information they have about Customer, their type of activity and the risks they pose, including - where necessary - the source of funds
    
2. Ensure that the documents, data or information obtained under CDD Measures are up-to-date and appropriate by reviewing the records, particularly those of high-risk customer categories
    

1. Financial Institutions and DNFBPs should identify the Customer’s identity, whether the Customer is permanent or walk-in, and whether the Customer is a natural or legal person or legal arrangement, and verify the Customer’s identity and the identity of the Beneficial Owner. This should be done using documents, data or information from a reliable and independent source or any other source to verify the identity verification as follows:
    
   1. For Natural Persons:
      
      The name, as in the identification card or travel document, nationality, address, place of birth, name and address of employer, attaching a copy of the original and valid identification card or travel document, and obtain approval from the senior management, if the Customer or the Beneficial Owner is a PEP.
       
   2. For Legal Persons and Legal Arrangements:
       
      1. The name, Legal Form and Memorandum of Association
          
      2. Headquarter office address or the principal place of business; if the legal person or arrangement is a foreigner, it must mention the name and address of its legal representative in the State and submit the necessary documents as a proof.
          
      3. Articles of Association or any similar documents, attested by the competent authority within the State.
          
      4. Names of relevant persons holding senior management positions in the legal person or legal arrangement.
          
2. Financial institutions and DNFBP’s are required to verify that any person purporting to act on behalf of the Customer is so authorised, and verify the identity of that person as prescribed in Clause (1), of this Article.
    
3. Financial institutions and DNFBP’s are required to understand the intended purpose and nature of the business relationship, and obtain, when necessary, information related to this purpose.
    
4. Financial institutions and DNFBP’s are required to understand the nature of the Customer’s business as well as the Customer’s ownership and control structure.
    

Financial Institutions and DNFBP’s are required to take reasonable measures to verify the identity of the Beneficial Owners of legal persons and Legal Arrangements, by using information, data, or statistics acquired from a reliable source, by the following:

1. For Customers that are legal persons:

(a) Obtaining and verifying the identity of the natural person, who by himself or jointly with another person, has a controlling ownership interest in the legal person of 25% or more, and in case of failing or having doubt about the information acquired, the identity shall be verified by any other means.

(b) In the event of failing to verify the identity of the natural person exercising control as per paragraph (a) of this Clause, or the person(s) with the controlling ownership interest is not the Beneficial Owner, the identity shall be verified for the relevant natural person(s) holding the position of senior management officer, whether one or more persons.

2. For Customers that are Legal Arrangements:

Verifying the identity of the Settlor, the Trustee(s), or anyone holding a similar position, the identity of the beneficiaries or class of beneficiaries, the identity of any other natural person exercising ultimate effective control over the legal arrangement, and obtaining sufficient information regarding the Beneficial Owner to enable the verification of his/her identity at the time of payment, or at the time he/she intends to exercise his/her legally acquired rights.

Financial Institutions and DNFBPs shall be exempted from identifying and verifying the identity of any shareholder, partner, or the Beneficial Owner, if such information is obtainable from reliable sources where the Customer or the owner holding the controlling interest are as follow:

1. A company listed on a regulated stock exchange subject to disclosure requirements through any means that require adequate transparency requirements for the Beneficial Owner.
    
2. A subsidiary whose majority shares or stocks are held by the shareholders of a holding company.
    

1. In addition to the CDD measures required for the Customer and the Beneficial Owner, Financial Institutions shall be required to conduct CDD measures and ongoing monitoring of the beneficiary of life insurance policies and funds generating transactions, including life insurance products relating to investments and family Takaful insurance, as soon as the beneficiary is identified or designated as follows:
    
   1. For the beneficiary identified by name, the name of the person, whether a natural person a legal person or a legal arrangement, shall be obtained.
       
   2. For a beneficiary designated by characteristics or by class– such as a family relation like parent or child, or by other means such as will or estate – it shall be required to obtain sufficient information concerning the beneficiary to ensure that the Financial Institution will be able to establish the identity of the beneficiary at the time of the pay-out.
       
2. In all cases – the Financial Institutions should verify the identity of the beneficiary at the time of the payout as per the insurance policy or prior to exercising any rights related to the policy. If the Financial Institution identifies the beneficiary of the insurance policy to be a high-risk legal person or arrangement, then it should conduct enhanced CDD measures to identify the Beneficial Owner of that beneficiary, legal person, or legal arrangement.
    

Financial Institutions and DNFBPs should apply CDD measures to Customers and the ongoing business relationship on the effective date of the present Decision, within such times as deemed appropriate based on relative importance and risk priority. It should also ensure the sufficiency of data acquired, in case CDD measures were applied before the effective date of the present Decision.

1. Financial Institutions and DNFBPs shall be prohibited from establishing or maintaining a business relationship or executing any transaction should they be unable to undertake CDD measures towards the Customer and should consider reporting a suspicious transaction to the FIU.
    
2. Even if they suspect the commission of a Crime, financial institutions and DNFBPs should not apply CDD measures if they have reasonable grounds to believe that undertaking such measures would tip-off the Customer and they should report a Suspicious Transaction to the FIU along with the reasons having prevented them from undertaking such measures.
    

1. In addition to undertaking CDD measures required under Section 3, Part 1 of this Chapter, Financial Institutions and DNFBPs shall be required to carry out the following:
   
   First: For Foreign PEPs:
    
    
   1. Put in place suitable risk management systems to determine whether a Customer or the Beneficial Owner is considered a PEP.
       
   2. Obtain senior management approval before establishing a business relationship, or continuing an existing one, with a PEP.
       
   3. Take reasonable measures to establish the source of funds of Customers and Beneficial Owners identified as PEPs.
       
   4. Conduct enhanced ongoing monitoring over such relationship.
       
       Second: For Domestic PEPs and individuals previously entrusted with prominent functions at international organisations:
       
   1. Take sufficient measures to identify whether the Customer or the Beneficial Owner is considered one of those persons.
       
   2. Take the measures identified in Clauses (b), (c), and (d) under the first paragraph of this Article, when there is a high-risk business relationship accompanying such persons.
       
2. Financial Institutions shall be required to take reasonable measures to determine the beneficiary or Beneficial Owner of life insurance policies and family takaful insurance. If identified as a PEP, Financial institutions shall inform senior management before the pay-out of those policies, or prior to the exercise of any rights related to them, in addition to thoroughly examining the overall business relationship, and consider reporting to the Unit a suspicious transaction report.
    

Financial Institutions and DNFBPs shall put in place indicators that can be used to identify the suspicion on the occurrence of the Crime in order to report STRs, and shall update these indicators on an ongoing basis, as required, in accordance with the development and diversity of the methods used for committing such crimes, whilst complying with what the Supervisory Authorities or FIU may issue instructions in this regard.

1. If Financial Institutions and DNFBPs have reasonable grounds to suspect that a Transaction, attempted Transaction, or funds constitute crime proceeds in whole or in part, or are related to the Crime or intended to be used in such activity, regardless of the amount, they shall adhere to the following without invoking bank secrecy or professional or contractual secrecy:
    
   1. Directly report STRs to the FIU without any delay, via the electronic system of the FIU or by any other means approved by the FIU
       
   2. Respond to all additional information requested by the FIU.
       
2. Lawyers, notary publics, other legal stakeholders and independent legal auditors shall be exempt from Clause (1) of this Article, if obtaining this information regarding such Transactions relates to the assessment of their Customers’ legal position, or defending or representing them before judiciary authorities or in arbitration or mediation, or providing legal opinion with regards to legal proceedings, including providing consultation concerning the initiation or avoidance of such proceedings, whether the information was obtained before or during the legal proceedings, or after their completion, or in other circumstances where such Customers are subject to professional secrecy.
    
3. Financial Institutions and DNFBPs, their board members, employees and authorised representatives shall not be legally liable for any administrative, civil or criminal liability for reporting when reporting to the Unit or providing information in good faith.
    

1. Financial Institutions and DNFBPs, their managers, officials or staff, shall not disclose, directly or indirectly, to the Customer or any other person(s) that they have reported, or are intending to report a Suspicious Transaction, nor shall they disclose the information or data contained therein, or that an investigation is being conducted in that regard.
    
2. When lawyers, notaries, other independent legal professionals, and legal independent auditors attempt to discourage their Customers from committing a violation, they shall not be considered to have made a disclosure.
    

1. Taking into consideration the high-risk countries identified by the Committee, the Financial Institutions and DNFBPs shall be permitted to rely on a third party to undertake the necessary CDD measures towards Customers as per Section 3 of Part 1 of this Chapter, and each of the Financial Institution and the DNFBP shall be responsible for the validity of these CDD measures, and shall do the following:
    
   1. Immediately obtain, from third parties, the necessary identification data and other necessary information collected through the CDD measures and ensure that copies of the necessary documents for such measures can be obtained without delay and upon request.
       
   2. Ensure that the third party is regulated and supervised, and adheres to the CDD measures towards Customers and record-keeping provisions of the present Decision.
       
2. Financial Institutions and DNFBPs, who rely on third parties that are part of the same Financial Group,shall ensure that:
    
   1. The Financial Group applies the CDD, PEP, and record-keeping requirements and implements programs for combating the Crime in accordance with Sections 3, 4, 11 of Part 1 of this Chapter and Article (31) of this Decision, and the Financial Group is subject to supervision in that regard.
       
   2. The Financial Group sufficiently mitigates any high risks linked to countries through its own policies and controls for combating the Crime.
       

Financial Institutions and DNFBPs shall have internal policies, procedures and controls for combating the Crime, that should be commensurate with the Crime risks, and with the nature and size of their business, and to continuously update them, and to apply them to all its branches and subsidiaries in which it holds majority interest, including the following:

1. CDD measures towards Customers as required in accordance with the Decretal-Law and the present Decision, including procedures for the risk management of business relationships prior to completing the verification process.
    
2. Procedures for the reporting of Suspicious Transactions.
    
3. Appropriate arrangements for compliance management for combating the Crime, including appointing a compliance officer
    
4. Screening procedures to ensure the availability of high competence and compatibility standards when hiring staff
    
5. Preparation of periodic programs and workshops in the field of combatting the Crime to build the capabilities of compliance officers and other competent employees.
    
6. An independent audit function to test the effectiveness and adequacy of internal polices, controls and procedures relating to combating the Crime.
    

Financial Institutions and DNFBPs shall appoint a compliance officer. The compliance officer shall have the appropriate competencies and experience and under his or her own responsibility, shall perform the following tasks:

1. Detect Transactions relating to any Crime.
    
2. Review, scrutinise and study records, receive data concerning Suspicious Transactions, and take decisions to either notify the FIU or maintain the Transaction with the reasons for maintaining while maintaining complete confidentiality.
    
3. Review the internal rules and procedures relating to combating the Crime and their consistency with the Decretal-Law and the present Decision, assess the extent to which the institution is committed to the application of these rules and procedures, propose what is needed to update and develop these rules and procedures, prepare and submit semi-annual reports on these points to senior management, and send a copy of that report to the relevant Supervisory Authority enclosed with senior management remarks and decisions.
    
4. Prepare, execute and document ongoing training and development programs and plans for the institution’s employees on Money Laundering and the Financing of Terrorism and Financing of Illegal Organisations, and the means to combat them.
    
5. Collaborate with the Supervisory Authority and FIU, provide them with all requested data, and allow their authorised employees to view the necessary records and documents that will allow them to perform their duties.
    

1. Financial Institutions and DNFBPs shall implement enhanced CDD measures based on the level of risk that might arise from business relationships and Transactions with natural or legal persons from high-risk countries.
    
2. Financial Institutions and DNFBPs shall implement CDD measures as defined by the Committee regarding High Risk Countries.
    

1. Financial institutions and DNFBPs shall identify and assess the risks of money laundering and terrorism financing that may arise when developing new products and new professional practices, including means of providing new services and using new or under-development techniques for both new and existing products.
    
2. Financial Institutions and DNFBPs shall assess risks prior to the release of products, practices or techniques, and take appropriate measures to manage and mitigate such risks
    

1. Financial Institutions and DNFBPs shall maintain all records, documents, data and statistics for all financial transactions and local or international commercial and cash transactions for a period of no less than five years from the date of completion of the transaction or termination of the business relationship with the Customer.
    
2. Financial institutions and DNFBPs shall keep all records and documents obtained through CDD measures, ongoing monitoring, account files and business correspondence, and copies of personal identification documents, including STRs and results of any analysis performed , For a period of no less than five years from the date of termination of the business relationship or from the closing date of the account to Customers who maintain accounts with these institutions or after the completion of a casual transaction or from the date of completion of the inspection by the Supervisory authorities, or from the date of issuance of a final judgment of the competent judicial authorities, all depending on the circumstances.
    
3. The records, documents and documents kept shall be organised so as to permit data analysis and tracking of financial transactions.
    
4. Financial Institutions and DNFBPs shall make all Customer information regarding CDD towards Customers, ongoing monitoring and results of their analysis, records, files, documents, correspondence and forms available immediately to the competent authorities upon request.
    

1. Before entering into correspondent banking or any other similar relationship, financial institutions shall take the following measures:
    
   1. Refrain from entering into or maintaining a correspondent banking relationship with Shell Banks or with an institution that allows their accounts to be used by Shell Banks.
       
   2. Collect sufficient information about any receiving correspondent banking institution for the purpose of identifying and achieving a full understanding of the nature of its work, and to make available, through publicly available information, its reputation and level of control, including whether it has been investigated.
       
   3. Evaluate anti-crime controls applied by the receiving institution.
       
   4. Obtain approval from senior management before establishing new correspondent banking relationships.
       
   5. Understand the responsibilities of each institution in the field of combatting Crime.
       
2. With respect to intermediate payment accounts, the financial institution should be required to ensure that the receiving institution has taken CDD measures towards Customers who have direct access to those accounts and that it is able to provide CDD information to the relevant Customers upon request of the correspondent institution.
    

1. Providers of money or value transfer services shall be licensed by or registered with the competent Supervisory Authority. The Supervisory Authority shall take the necessary measures to punish those who provide such services without a licence or registration in accordance with their effective legislation and to ensure compliance of licensed or registered providers with the Crime combating controls.
    
2. Providers of money or value transfer services shall keep an up-to-date list of their agents and make them available to the relevant authorities within the country in which the money or value transfer services providers and their agents operate, and shall engage their agents in combatting the Crime control programs and monitor them for compliance with these programs.
    

1. Financial institutions shall ensure that all international wire transfers equal to or exceeding AED (3,500) are always accompanied by the following data:
    
   1. The name of the originator, his or her identity number or travel document, date and place of birth, address and account number. In the absence of an account, the transfer must include a unique transaction reference number which allows the process to be tracked.
       
   2. The name of the beneficiary and his account number used to make the transfers. In the absence of the account, the transfer must include a unique transaction reference number which allows the process to be tracked.
       
2. In the event that several individual cross-border wire transfers from a single originator are bundled in a batch file for transmission to beneficiaries, the batch file shall contain required and accurate originator information, and full beneficiary information, that is fully traceable within the beneficiary country; and the financial institution shall be required to include the originator’s account number or unique transaction reference number.
    
3. Financial institutions shall ensure that all cross-border wire transfers less than AED 3,500 are always accompanied by the data in Clause (1) of this Article, without the need to verify the accuracy of the data referred to, unless there are suspicions about committing the Crime.
    
4. For domestic wire transfers, the ordering financial institution shall ensure that the information accompanying the wire transfer includes originator information as indicated in Clause (1) of this Article, unless this information can be made available to the beneficiary financial institution and competent authorities by other means.
    
5. Where the information accompanying the domestic wire transfer can be made available to the beneficiary financial institution and competent authorities by other means, the ordering financial institution shall be only required to include the account number or a unique transaction reference number, provided that this number or identifier will permit the transaction to be traced back to the originator or the beneficiary. The ordering financial institution shall make the information available within three business days of receiving the request either from the beneficiary financial institution or from competent authorities.
    
6. Financial institutions shall not carry out wire transfers if they fail to comply with the conditions set out in this article.
    
7. Ordering financial institutions shall keep all information about the originator and the beneficiary collected in accordance with the provisions of Article (24) of this Decision.
    

1. An intermediary financial institution shall ensure that all originator and beneficiary information that accompanies a wire transfer is retained with it for cross-border wire transfers.
    
2. Where technical limitations prevent the required originator or beneficiary information accompanying a cross-border wire transfer from remaining with a related domestic wire transfer, the Intermediary Financial Institution shall keep a record of all the information received from the ordering financial institution or another cross-border Intermediary Financial Institution, in accordance with the provisions of Article (24) of the present Decision.
    
3. Intermediary Financial Institutions shall take reasonable measures, which are consistent with straight-through processing, to identify cross-border wire transfers that lack required originator information or required beneficiary information and shall have risk-based policies and procedures for determining when to execute, reject, or suspend a wire transfer; and the appropriate follow-up action.
    

1. Beneficiary Financial Institutions shall take reasonable measures, to identify cross-border wire transfers that lack required originator information or required beneficiary information, which may include real-time monitoring where feasible or post-event monitoring.
    
2. For cross-border wire transfers of AED 3,500 or more, a Beneficiary Financial Institution shall verify the identity of the beneficiary, if the identity has not been previously verified.
    
3. Beneficiary Financial Institutions shall have risk-based policies and procedures determining when to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information; and for determining the appropriate follow-up action.
    
4. Beneficiary Financial Institutions shall maintain records of all required originator and required beneficiary information collected, in accordance with the provisions of Article (24) of this Decision.
    

1. Providers of Money or Value Transfer Services shall comply with all of the relevant requirements of Articles (27), (28), and (29) of this Decision, whether they operate directly or through their agents.
    
2. In the case of a provider of money or value transfer services that controls both the ordering and the beneficiary side of a cross-border wire transfer, the provider of money or value transfer services shall:
    
   1. Take into account all information from both the ordering and beneficiary sides in order to determine whether an STR is to be filed; and
       
   2. If it is decided to file STR regarding the Transaction, the STR shall be sent to the Financial Intelligence Unit in the relevant country, attaching all relevant transaction information.
       

Financial Groups shall implement group-wide programs with respect to combating the Crime. Such programs shall be applicable and appropriate to all its branches and majority-owned subsidiaries. In addition to the measures mentioned in Article (20) of this Decision, these programs should also include the following:

1. Policies and procedures for the exchange of information required for the purposes of CDD and risk management of the Crime;
    
2. The provision of Customer information, accounts, and Transactions from the branches and subsidiaries to the compliance officers at a Financial Group level, whenever necessary for the purpose of combating the Crime.
    
3. Provision of adequate safeguards on the confidentiality and use of the information exchanged.
    

1. Financial Institutions should ensure that their foreign branches and majority-owned subsidiaries apply Crime-combating measures that are consistent with the requirements of the Decretal-Law and the present Decision when the minimum Crime-combating requirements of the other country are less strict than those applied in the State, to the extent permitted by that other country’s laws and regulations.
    
2. If the other country does not permit the appropriate implementation of measures for combating the Crime that are consistent with the requirements of the Decretal-Law and the present Decision, then Financial Institutions shall take additional measures to manage AML/CFT risks related to their operations abroad and reduce them appropriately, inform the other country of the matter, and abide by the instructions received from the Country in this regard.