The following shall be considered as Financial Activities and Operations:

1- Receipt of deposits and other payable funds by the public, including Shariah-compliant deposits.

2- Provision of private banking services.

3- Provision of credit facilities of all types.

4- Provision of Financing facilities of all types, including Shariah-complaint Financing facilities.

5- Provision of monetary intermediary services.

6- Financial transactions in securities, financing and financial leasing.

7- Provision of exchange and money transfer services.

8- Issuance and management of means of payment, guarantees or obligations.

9- Provision of stored values services, retail e-payments and digital cash services.

10- Provision of virtual banking services.

11- Trading in, investment, operation or management of funds, options and future financial contracts, exchange rate and interest rate operations, and other financial derivatives or negotiable instruments.

12- Participation in issuing securities and providing of financial services related to these issues

13- Management of funds and portfolios of all kinds

14- Custody of Funds

15- Preparing or marketing financial activities.

16- Direct insurance operations, reinsurance operations for the type and branches of personal insurance, and money making operations in insurance companies, insurance brokers and agents.

17- Any other financial activity or transaction specified by the Supervisory Authority.

Anyone who is engaged in the following trade or business activities shall be considered a DNFBP:
 

1. Brokers and real estate agents when they conclude operations for the benefit of their Customers with respect to the purchase and sale of real estate
    
2. Dealers in precious metals and precious stones in carrying out any single monetary transaction or several transactions that appear to be interrelated or equal to more than AED 55,000.
    
3. Lawyers, notaries, and other independent legal professionals and independent accountants, when preparing, conducting or executing financial transactions for their Customers in respect of the following activities:
    
   1. Purchase and sale of real estate.
       
   2. Management of funds owned by the Customer.
       
   3. Management of bank accounts, saving accounts or securities accounts.
       
   4. Organising contributions for the establishment, operation or management of companies.
       
   5. Creating, operating or managing legal persons or Legal Arrangements.
       
   6. Selling and buying commercial entities.
   
    
4. Providers of corporate services and trusts upon performing or executing a transaction on the behalf of their Customers in respect of the following activities:
    
   1. Acting as an agent in the creation or establishment of legal persons;
       
   2. Working as or equipping another person to serve as director or secretary of a company, as a partner or in a similar position in a legal person.
       
   3. Providing a registered office, work address, residence, correspondence address or administrative address of a legal person or Legal Arrangement.
       
   4. Performing work or equipping another person to act as a trustee for a direct Trust or to perform a similar function in favour of another form of Legal Arrangement.
       
   5. Working or equipping another person to act as a nominal shareholder in favour of another person.
   
    
5. Other professions and activities which shall be determined by a decision of the Minister

1. Financial Institutions and Designated Non-Financial Businesses and Professions shall identify, evaluate and understand their crime risks, in a manner commensurate with the nature and size of their business and shall abide by the following:
    
   1. Observing all relevant risk factors such as risks of Clients, countries or geographical areas, products, services, operations and their delivery channels before determining the overall risk level and the appropriate level of risk reduction measures to be applied Client.
       
   2. Documenting and continually updating risk assessments and providing them upon request.
       
2. Financial Institutions and Designated Non-Financial Businesses and Professions shall undertake to reduce the risks identified under Clause no 1) of this Article, taking into account the results of the national risk assessment, through the following:
    
   1. Developing internal policies, controls and procedures commensurate with the nature and size of its business approved by the senior management, which enable it to manage the identified risks and follow up their implementation and strengthen them if necessary, in accordance with Article no. (20) of this Resolution.
       
   2. Taking enhanced due diligence measures to manage high risks when identified, including the following for example:
       
      1.  Obtaining and verifying further information as information on the identity of the Client, the beneficial owner, his/ her profession, and the amount of funds and information available through public databases and open sources.
          
      2. Obtaining additional information about the purpose of the business relationship or the reasons for the operations expected or actually performed.
          
      3. Updating Client Due Diligence (CDD) information in a more regular manner about the Client and the beneficial owner.
          
      4. Applying reasonable measures to determine the source of funds and wealth of the Client and the beneficial owner.
          
      5. Increasing the degree and level of continuous monitoring of the business relationship in order to determine whether they look unusual or suspicious, and to select patterns of operations that need further examination and review.
          
      6. Make the first payment through an account in the Client's name at a financial institution subject to similar due diligence standards.
          
      7. Obtain senior management approval to start or continue the business relationship with the Clientclient.
          
3.  If the requirements indicated in clauses nos. (1) and (2) of this Article are met, the Financial Institutions and Designated Non-Financial Businesses and Professions may apply simplified due diligence measures to manage and reduce risks when low risks are identified, unless there is a suspicion of a crime has been committed. Simplified due diligence measures must be commensurate with low risk elements, including the following for example:
    
   1. Verifying the Clientclient’s identity and the real beneficiary owner after starting the business relationship.
       
   2. Updating Clientclients’ data at intervals.
       
   3. Reducing the rate of continuous monitoring rate and examination operations.
       
   4.  Inferring the purpose and nature of the business relationship from the type of the established transactions or business relationship, without the need to collect information or undertake specific procedures.

1. Financial Institutions and DNFBPs are required to undertake CDD measures to verify the identity of the Customer and the Beneficial Owner before or during the establishment of the business relationship or opening an account, or before executing a transaction for a Customer with whom there is no business relationship. And in the cases where there is a low crime risk, it is permitted to complete verification of Customer identity after establishment of the business relationship, under the following conditions:
    
   1. The verification will be conducted in a timely manner as of the commencement of business relationship or the implementation of the transaction.
       
   2. The delay is necessary in order not to obstruct the natural course of business.
       
   3. The implementation of appropriate and effective measures to control the risks of the Crime.
       
2. Financial Institutions and DNFBPs are required to take measures to manage the risks in regards to the circumstances where Customers are able to benefit from the business relationship prior to completion of the verification process.
    

Financial Institutions and DNFBPs should, as the case may be, undertake CDD measures in the following cases:

1. Establishing the business relationship;
    
2. Carrying out occasional transactions in favour of a Customer for amounts equal to or exceeding AED 55,000, whether the transaction is carried out in a single transaction or in several transactions that appear to be linked;
    
3. Carrying out occasional transactions in the form of Wire Transfers for amounts equal to or exceeding AED 3,500.
    
4. Where there is a suspicion of the Crime.
    
5. Where there are doubts about the veracity or adequacy of previously obtained Customer's identification data.
    

Financial Institutions and DNFBPs should undertake CDD measures and ongoing supervision of business relationships, including:

1. Audit transactions that are carried out throughout the period of the business relationship, to ensure that the transactions conducted are consistent with the information they have about Customer, their type of activity and the risks they pose, including - where necessary - the source of funds
    
2. Ensure that the documents, data or information obtained under CDD Measures are up-to-date and appropriate by reviewing the records, particularly those of high-risk customer categories
    

1. Financial Institutions and Designated Non-Financial Businesses and Professions shall recognize the identity of Client the client, whether permanent or occasional, and whether he/ she is a natural or juridical person or a legal arrangement they must also verify his/ her identity, using original documents, data or information from a reliable and independent source, as follows:
    
   1. As for natural persons:
      
      Name as shown in the identity or travel document, the nationality, the address, the place of birth and, where applicable, the name and address of the employer, with an attached original copy of the valid identity card or travel document.
       
   2. As for juridical persons and legal arrangements:
       
      1. the Name, the legal form, and Articles of Incorporation.
          
      2. The address of the head office or the principal place of business, and if the person is a foreigner, the name and address of his/ her legal representative in the state, if any, shall be stated and the relevant supporting documents shall be submitted.
          
      3. Articles of Association or any other similar approved documents.
          
      4. The names of the relevant persons who hold senior management positions with the juridical person or legal arrangement.
          
2. Financial Institutions and Designated Non-Financial Businesses and Professions shall verify that any person who is acting on behalf of the ClientClient is authorized to do so, and shall identify such person in the manner provided for in clause no. (1) of this article.
    
3. Financial Institutions and Designated Non-Financial Businesses and Professions shall understand the purpose and nature of the business relationship and obtain information related to this purpose when needed.
    
4. Financial Institutions and Designated Non-Financial Businesses and Professions shall understand the nature of the Clientclient's business and the ownership and control structure of the Client.
    

Financial Institutions and Designated Non-Financial Businesses and Professions shall take reasonable measures that take the risks of crime arising from the client Client and business relationship into account, to identify and verify the beneficial owner of juridical persons and legal arrangements, using documents, data or information obtained from a reliable and independent source, as follows:

1. ClientClients from among juridical persons :

2. ClientClients from among Legal arrangements:

Determing the Trustor or trustee, the beneficiaries or classes of beneficiaries, and any other natural person who exercises ultimate effective control, including through a series of controls or ownership over the trust directly or indirectly, and obtain sufficient information about the real beneficial owner so that he/ she can be identified at the time of payment or when he/ she intends to exercise his / her legally acquired rights.

With respect to other legal arrangements, they shall recognize the identity of the natural persons holding equivalent or similar positions.

Financial Institutions and Designated Non-Financial Businesses and Professions and virtual assets services providers shall be exempt from determining and verifying the identity of the shareholder or partner or the Real Beneficiary, provided that such information is obtained from reliable sources in cases where the Client or owner of the controlling interest is of any of the following:
 

1. A company that is listed on a regulated securities market and that is subject to disclosure requirements under any means that impose the requirements of adequate transparency for the Real Beneficiary.
    
2. A subsidiary company whose majority of shares or stocks are owned by a holding company.
    

1. In addition to the Due Diligence measures required for the ClientClient and the beneficial owner, Financial Institutions must take Due Diligence measures and continuous supervision towards the beneficiary of personal insurance policies and money making operations, including life insurance products, family takaful insurance and other investment insurance products, as soon as the beneficiary is identified or named as follows:
    
   1. As for the named beneficiary, the name of the person must be obtained, whether he/she is a natural or legal person or a legal arrangement.
       
   2. As for the beneficiary identified by category or description such as family relationship such as spouse, children or any other means such as will or estate, sufficient information about the beneficiary must be obtained to ensure that the financial institution will be able to identify the beneficiary when disbursing compensation or benefits.
       
   3. Verifying the identity of the beneficiary in the two previous cases when paying compensation or dues or exercising any rights related to those documents.
       
2. In all cases, Financial Institutions must consider the clientClient and beneficiary of life insurance policies and family takaful insurance as risk factors when determining the applicability of enhanced due diligence procedures. Moreover, if they find that the beneficiary is a high risk legal person or arrangement, they must take enhanced due diligence measures, which must include reasonable procedures to identify and verify the beneficial owner of the policy beneficiary when paying compensation or dues or exercising any rights related to those policies.
    

Financial Institutions and DNFBPs should apply CDD measures to Customers and the ongoing business relationship on the effective date of the present Decision, within such times as deemed appropriate based on relative importance and risk priority. It should also ensure the sufficiency of data acquired, in case CDD measures were applied before the effective date of the present Decision.

1. Financial Institutions and DNFBPs shall be prohibited from establishing or maintaining a business relationship or executing any transaction should they be unable to undertake CDD measures towards the Customer and should consider reporting a suspicious transaction to the FIU.
    
2. Even if they suspect the commission of a Crime, financial institutions and DNFBPs should not apply CDD measures if they have reasonable grounds to believe that undertaking such measures would tip-off the Customer and they should report a Suspicious Transaction to the FIU along with the reasons having prevented them from undertaking such measures.
    

1. Financial Institutions and Designated Non-Financial Businesses and Professions must, in addition to implementing ClientClient Due Diligence (CDD) in accordance with the third part of the first section of this chapter, adopt the following:
   
    First: As for Foreign Politically exposed person (PEPs),
    

   1. Developing the appropriate risk management systems to determine whether the Client or the beneficial owner is a Foreign Politically exposed person.
       
   2. Obtaining senior management approval before establishing or continuing the business relationship for current Clients who are Foreign Politically exposed persons.
       
   3. Taking reasonable measures to determine the sources of funds and wealth of Clients, and the beneficial owners who have been identified as politically exposed persons.
       
   4. Carrying out continuous and enhanced follow-up of the business relationship.
       

    Second: As for local politically exposed persons and persons who have already been assigned a prominent position in an international organization:
    

   1.  Taking sufficient measures to determine whether the Client or the beneficial owner is one of these persons.
       
   2. Taking the measures mentioned in paragraphs nos. (b), (c) and (d) of article “First”, when there is a high-risk business relationship with such persons.
       
2. Subject to clause no. (1) of this article, the Financial Institutions concerned with life and family takaful insurance policies must take reasonable measures to determine whether the beneficiary or beneficial owner is a politically exposed person before paying compensation or dues or exercising any rights related to those policies. When there are higher risks, they must inform senior management before paying compensation or dues or exercising any rights related to them, conduct a thorough examination of the overall business relationship, and consider reporting a suspicious transaction report to the Unit.
    

Financial Institutions and DNFBPs shall put in place indicators that can be used to identify the suspicion on the occurrence of the Crime in order to report STRs, and shall update these indicators on an ongoing basis, as required, in accordance with the development and diversity of the methods used for committing such crimes, whilst complying with what the Supervisory Authorities or FIU may issue instructions in this regard.

1. In the case of suspecting, or if they have reasonable grounds to suspect, that an Operation or an attempt to carry out an Operation or that Funds representing Proceeds, in whole all or in part, are related to the Crime or that they will be used for such purpose regardless of their value, Financial Institutions and Designated Non-Financial Businesses and Professions shall comply with the following without invoking bank secrecy or professional or contractual confidentiality:
    
   1. Report directly Suspicious Transaction Reports (STRs) to the Unit without delay through its electronic system or any other means approved by the Unit.
       
   2. Respond to all additional information requested by the Unit.
       
2. Lawyers, notaries and other independent legal professionals and independent legal auditors shall be exempt from the provision of Clause no. (1) of this Article if obtaining information relating to such operations on their assessment of the legal status of the client, defending or representing him/ her, before the courts, arbitration or mediation proceedings, or the provision of legal opinion in a matter relating to a judicial proceeding. This includes providing advice on the commencement or avoidance of such proceedings whether the information was previously obtained, during or after the proceedings or in other circumstances in which they are subject to professional secrecy.
    
3. Financial Institutions, Designated Non-Financial Businesses and Professions, Virtual Asset Service Providers, members of their boards of directors, employees and legally authorized representatives shall not incur any administrative, civil or criminal responsibility resulting from the disclosure of any secret, when informing the unit or providing it with information in good faith, even if they do not know exactly what the crime is or whether it actually occurs.
    

1. Financial Institutions and Designated Non-Financial Businesses and Professions, their directors, officials and employees shall not disclose, directly or indirectly, to the Client or any other person, their reporting, or that they are about to report suspicious operations or information and data related to them. They shall not also disclose the existence of an investigation. This does not prevent sharing of information with branches and subsidiaries at the level of the financial group in accordance with the provisions of Article no. (31) of this decision.
    
2. An attempt by lawyers, notaries pubic, other independent legal professionals, or independent legal auditors to dissuade the Client from performing an act that is contrary to the law shall not be considered as disclosure.
    

1. Taking into account the countries that the Committee identifies as high risk and the countries that suffer from weaknesses in AML/CFT systems, the Financial Institutions and the Designated Non-Financial Businesses and Professions may rely on a third party to carry out Client Due Diligence (CDD) in accordance with the third part of the first section of this chapter. The financial institution and the Designated Non-Financial Businesses and Professions shall be responsible for the validity of these measures, and shall do the following:
    
   1. Immediately obtain the identification data and necessary information collected during the Client Due Diligence (CDD) measures from the third party, and ensure that copies of the necessary documents for these measures can be obtained without delay upon request.
       
   2. Ensure that the third party is subject to regulation and control, and complies with the requirements of Client Due Diligence and keeps the registers provided for in this Decision.
       
2. The financial institution and the Designated Non-Financial Businesses and Professions that that engage a third party who is part of the same Financial Group shall ensure the following:
    
   1. Ensure that the Group applies the Client Due Diligence Measures towards Clients and Politically Exposed Persons, that records are kept and that anti-Crime programmes are implemented in accordance with Parts 3, 4 and 11 of Section 1 of this Chapter and Article (31) of this Decision; .
       
   2. Sufficiently reduce any high risks related to countries through the Group-related anti-Crime policies and controls.
       

Financial Institutions and DNFBPs shall have internal policies, procedures and controls for combating the Crime, that should be commensurate with the Crime risks, and with the nature and size of their business, and to continuously update them, and to apply them to all its branches and subsidiaries in which it holds majority interest, including the following:

1. CDD measures towards Customers as required in accordance with the Decretal-Law and the present Decision, including procedures for the risk management of business relationships prior to completing the verification process.
    
2. Procedures for the reporting of Suspicious Transactions.
    
3. Appropriate arrangements for compliance management for combating the Crime, including appointing a compliance officer
    
4. Screening procedures to ensure the availability of high competence and compatibility standards when hiring staff
    
5. Preparation of periodic programs and workshops in the field of combatting the Crime to build the capabilities of compliance officers and other competent employees.
    
6. An independent audit function to test the effectiveness and adequacy of internal polices, controls and procedures relating to combating the Crime.
    

Financial Institutions and Designated Non-Financial Businesses and Professions shall undertake to appoint a compliance officer, who shall have the appropriate competence and experience under its responsibility, to carry out the following tasks:

1. Controlling of the Crime-Related Transactions.
    
2. Accessing records and receiving, examining and studying data on Suspicious Transactions and taking the decision to notify the Unit or to retain such records and data while stating the reasons, under complete confidentiality.
    
3. Reviewing the internal systems and procedures for anti-money laundering and combating the financing of terrorism and financing of illegal organizations, and their consistency with the provisions of the decree-law and this resolution. This is in addition to assessing the extent of the institution's commitment to its application and proposing what is necessary to update and develop it, and prepare periodic reports thereon to be submitted to the senior management. This is in addition to sending a copy to the concerned regulatory authority at its request, including the observations and decisions of the senior management.
    
4. Developing, implementing and documenting ongoing programs and training and qualification plans for employees working for the organization on all matters related to anti-money laundering and combating the financing of terrorism and financing of illegal organizations and ways to confront them.
    
5. Cooperating with the Regulatory Authority and the Unit, providing them with the data they request, and enabling their assigned employees to view the records and documents necessary to exercise their competencies.
    

1. Financial Institutions and Designated Non-Financial Businesses and Professions shall apply enhanced due diligence measures in proportion to the degree of risk that may arise from business relationships or transactions with a natural or legal person from the countries that the Committee identifies as high risk or countries that suffer from weaknesses in AML/CFT systems.
    
2. Financial Institutions and Designated Non-Financial Businesses and Professions shall apply countermeasures and any other measures requested by the regulatory Authorities on their own or on the basis of what the Committee determines with regard to high-risk countries and countries that suffer from weaknesses in AML/CFT systems.
    

1. Financial institutions and DNFBPs shall identify and assess the risks of money laundering and terrorism financing that may arise when developing new products and new professional practices, including means of providing new services and using new or under-development techniques for both new and existing products.
    
2. Financial Institutions and DNFBPs shall assess risks prior to the release of products, practices or techniques, and take appropriate measures to manage and mitigate such risks
    

1. Financial Institutions and Designated Non-Financial Businesses and Professions shall keep all records, documents, papers and data, for all financial operations and local or international commercial and cash transactions, for a period of no less than (5) years from the completion date of the transaction or the end of the business relationship with the Client.
    
2. Financial Institutions and Designated Non-Financial Businesses and Professions must keep all records and documents obtained through Client due diligence measures, continuous supervision, accounts files, commercial correspondence, and copies of personal identity documents, including suspicious transaction reports and the results of any conducted analysis. This shall be for a period of no less than (5) years from the end date of the business relationship or from the closure date of the account for Clients who maintain accounts with these institutions. In addition, after the completion of an occasional process, from the date after the completion of the inspection by the supervisory authorities, from the completion date of the investigation, or from the date of a final judgment issued by the competent judicial authorities, all as the case may be.
    
3. The operations and the documents records and the kept documents shall be so organized as to be sufficient to permit the reconstitution or re-arrangement of individual operations, the analysis of data and the tracking of financial operations, in such a manner as to provide, where appropriate, evidence of claim against criminal activity.
    
4. Financial Institutions and Designated Non-Financial Businesses and Professions shall ensure all Client information related to Client due diligence, ongoing control and the results of their analysis, records, files, documents, correspondence and forms thereof immediately available to the concerned authorities upon their request.
    

1. Before entering into correspondent banking or any other similar relationship, financial institutions shall take the following measures:
    
   1. Refrain from entering into or maintaining a correspondent banking relationship with Shell Banks or with an institution that allows their accounts to be used by Shell Banks.
       
   2. Collect sufficient information about any receiving correspondent banking institution for the purpose of identifying and achieving a full understanding of the nature of its work, and to make available, through publicly available information, its reputation and level of control, including whether it has been investigated.
       
   3. Evaluate anti-crime controls applied by the receiving institution.
       
   4. Obtain approval from senior management before establishing new correspondent banking relationships.
       
   5. Understand the responsibilities of each institution in the field of combatting Crime.
       
2. With respect to intermediate payment accounts, the financial institution should be required to ensure that the receiving institution has taken CDD measures towards Customers who have direct access to those accounts and that it is able to provide CDD information to the relevant Customers upon request of the correspondent institution.
    

1. Providers of money or value transfer services shall be licensed by or registered with the competent Supervisory Authority. The Supervisory Authority shall take the necessary measures to punish those who provide such services without a licence or registration in accordance with their effective legislation and to ensure compliance of licensed or registered providers with the Crime combating controls.
    
2. Providers of money or value transfer services shall keep an up-to-date list of their agents and make them available to the relevant authorities within the country in which the money or value transfer services providers and their agents operate, and shall engage their agents in combatting the Crime control programs and monitor them for compliance with these programs.
    

1. Financial Institutions shall ensure that all international wire transfers equal to or more than (AED 3.500) are always accompanied by the following data:
    
   1. The full name of the sender and the beneficiary.
       
   2. The account number of the sender and the beneficiary, and in the absence of such account, the transfer must include a unique reference number that allows Financial Institutions to track it.
       
   3. The sender's address, identification number, travel document, date and place of birth, or Client identification number with the transferring financial institution, which shall refer to a record containing these data.
       
2. In case of several international wire transfers are collected from one being combined in a transfer file to be sent to the beneficiaries, the transfer file shall include accurate data about the sender, and full information about the beneficiaries, which can be fully tracked in the beneficiary's country. Hence, the financial institution is required to include the sender's account number, or a unique reference number for the process.
    
3. Financial Institutions shall ensure that all international wire transfers that are less than the amount of AED (3.500) are accompanied by the data contained in Clause no. (1) of this Article, without the need to verify the validity of the referred data, unless there are doubts about the commission of the crime.
    
4. Financial Institutions transferring local wire transfers shall ensure that the information attached to the wire transfers includes the same data on the transferor referred to in Clause no. (1) of this Article, unless such data is available to the beneficiary Financial Institutions and the concerned parties by other means.
    
5. When the data attached to the local wire transfer is available to the beneficiary Financial Institutions and the concerned authorities through other means, the transferring financial institution is required to include the account number or the unique reference number of the transaction only, provided that this number allows the tracking of transactions to the transferor or the beneficiary. Moreover, the transferring financial institution must provide such data within three (3) working days of receiving the request from the beneficiary financial institution or the concerned authorities.
    
6. Financial Institutions are prohibited from executing wire transfers if they do not comply with the conditions set out in this article.
    
7. The transferring Financial Institutions must keep all the collected information about the transferor and the beneficiary, in accordance with the provisions of Article No. (24) of this Resolution.
    

1. An intermediary financial institution shall ensure that all originator and beneficiary information that accompanies a wire transfer is retained with it for cross-border wire transfers.
    
2. Where technical limitations prevent the required originator or beneficiary information accompanying a cross-border wire transfer from remaining with a related domestic wire transfer, the Intermediary Financial Institution shall keep a record of all the information received from the ordering financial institution or another cross-border Intermediary Financial Institution, in accordance with the provisions of Article (24) of the present Decision.
    
3. Intermediary Financial Institutions shall take reasonable measures, which are consistent with straight-through processing, to identify cross-border wire transfers that lack required originator information or required beneficiary information and shall have risk-based policies and procedures for determining when to execute, reject, or suspend a wire transfer; and the appropriate follow-up action.
    

1. Beneficiary Financial Institutions shall take reasonable measures, to identify cross-border wire transfers that lack required originator information or required beneficiary information, which may include real-time monitoring where feasible or post-event monitoring.
    
2. For cross-border wire transfers of AED 3,500 or more, a Beneficiary Financial Institution shall verify the identity of the beneficiary, if the identity has not been previously verified.
    
3. Beneficiary Financial Institutions shall have risk-based policies and procedures determining when to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information; and for determining the appropriate follow-up action.
    
4. Beneficiary Financial Institutions shall maintain records of all required originator and required beneficiary information collected, in accordance with the provisions of Article (24) of this Decision.
    

1. Providers of Money or Value Transfer Services shall comply with all of the relevant requirements of Articles (27), (28), and (29) of this Decision, whether they operate directly or through their agents.
    
2. In the case of a provider of money or value transfer services that controls both the ordering and the beneficiary side of a cross-border wire transfer, the provider of money or value transfer services shall:
    
   1. Take into account all information from both the ordering and beneficiary sides in order to determine whether an STR is to be filed; and
       
   2. If it is decided to file STR regarding the Transaction, the STR shall be sent to the Financial Intelligence Unit in the relevant country, attaching all relevant transaction information.
       

The financial groups shall implement anti-crime programs at the group level, that shall be applicable to all branches and subsidiaries in which the group has a majority. In addition, these programs include the following, in addition to the measures stipulated in Article no. (20) of this Resolution:

1. Information exchange policies and procedures required for Client due diligence and crime risk management purposes.
    
2. Provision of information related to Clients, accounts and operations from branches and subsidiaries to the AML/CFT officials at the level of the financial group, when necessary. This shall be for the purposes of countering crime, including information on analyzing operations or activities that seem unusual or suspicious, in addition to suspicious transaction reports, their basic information, or an evidence on filing a report of a suspicious transaction. In all cases, branches and subsidiaries are provided with this information when appropriate and necessary to risk management.
    
3. Provision of adequate guarantees on confidentiality and use of exchanged information.
    

1. Financial Institutions should ensure that their foreign branches and majority-owned subsidiaries apply Crime-combating measures that are consistent with the requirements of the Decretal-Law and the present Decision when the minimum Crime-combating requirements of the other country are less strict than those applied in the State, to the extent permitted by that other country’s laws and regulations.
    
2. If the other country does not permit the appropriate implementation of measures for combating the Crime that are consistent with the requirements of the Decretal-Law and the present Decision, then Financial Institutions shall take additional measures to manage AML/CFT risks related to their operations abroad and reduce them appropriately, inform the other country of the matter, and abide by the instructions received from the Country in this regard.