The Central Bank shall be managed by a Board of Directors of seven (7) members, including the Chairman and the Governor.

1) Members of the Board of Directors shall be appointed by a Federal Decree based on recommendation of the Cabinet, and shall serve for a four (4) year term renewable to similar periods. The Decree designates from among the members of the board of directors one or more deputy chairman.
2) The Chairman, his Deputies and the Governor, shall each have the rank of Minister.
3) The Chairman issues a decision defining the powers of his Deputies.
4) Subject to item three (3) of this article, Should the Chairman be absent or his post became vacant, the Deputy Chairman shall replace him; and should both the Chairman and his Deputies be absent or their posts became vacant, the Governor shall replace them both.

A member of the Board of Directors shall satisfy the following conditions:

1. 1) Be of UAE nationality.
2. 2) Have experience in economic, financial or banking affairs.
3. 3) Not have been declared bankrupt or failed to repay his debts.
4. 4) Not have been convicted, of a felony or a misdemeanor involving moral turpitude or dishonesty, unless rehabilitated.
5. 5) Not an active minister, excluding the Chairman of the Board of Directors.
6. 6) Not a member of the Federal National Council.
7. 7) Not holding any position, a job or board of directors’ membership of any institution licensed by any of the Regulatory Authorities in the State or by any of the regulatory authorities in the Financial Free Zones.
8. 8) Not a controller or auditor of accounts of a Licensed Financial Institution, nor owner, agent, or partner in any accounts audit firm.
9.  

Should a member of the Board of Directors resign, or his seat become vacant for any reason whatsoever prior to the expiry of his term of office, a successor shall be appointed, in accordance with the membership conditions referred to in Article (12) of this decretal law, for the remaining term of office of the Board of Directors

1)Membership of the Board of Directors terminates upon end of the term of office without renewal, death, or resignation. Membership of the Board of Directors may also be terminated by a federal decree, based on the Cabinet approval, in any of the following cases:

• a. If the member committed grave mistakes in management of the Central Bank, or committed serious breach of his duties.
• b. If the member absented himself from three (3) consecutive meetings of the Board of Directors without the Board of Directors’ approval, unless such absence was due to his being on an official assignment, annual or sick leave, or due to any other acceptable reason.
• c. If the member no longer satisfies any of the membership conditions referred to in Article (12) of this decretal law.
• d. If the member was rendered incapable of performing his functions, for any reason whatsoever.

2)Where term of office of members of the Board of Directors has expired without renewal, members of the Board of Directors shall continue to perform their functions until such time new members were appointed

The Board of Directors shall, within the limitations imposed by the provisions of this decretal law, exercise all powers required for achieving the objectives for which the Central Bank has been established.

The Board of Directors shall, in particular, exercise the following:

1. Approve regulations, rules, standards, instructions and business controls to perform its functions and jurisdictions, and take all measures and actions necessary to enforce the provisions of this decretal law.
2. Establish and oversee implementation of polices for deployment and management of the Central Bank’s Own Funds and assets.
3. Decide on matters relating to issuance of the Currency and its withdrawal from circulation.
4. Issue regulations relating to organization of Licensed Financial Activities and decide on related matters, including regulations and procedures relating to supervision and oversight thereof, and determine conditions and rules for granting licenses to Licensed Financial Institutions to carry on Licensed Financial Activities and authorizations to undertake Designated Functions.
5. Approve regulations, rules, standards, instructions and business controls for insurance and reinsurance companies, insurance agents and the professions associated therewith.
6. Establish policies, and approve regulations relating to prudential supervision, and the standards and guidelines relating to Licensed Financial Activities.
7. Establish regulations and standards for protection of customers of Licensed Financial Institutions.
8. Approve regulations, controls, and procedures for encountering money laundering and combating terrorism financing and unlawful organizations.
9. Take necessary actions, procedures and impose administrative penalties against any Person violating the provisions of this decretal law, and regulations issued in implementation thereof.
10. Approve rules and regulations for maintaining integrity and efficiency of Financial Infrastructure Systems licensed, established, developed, or operated by the Central Bank.
11. Approve risk management and compliance policies at the Central Bank.
12. Approve Central Bank’s bylaws, issue the organizational structure and the administrative, financial and technical regulations, and determine powers and competencies, within the limitations of the provisions of this decretal law.
13. Approve human resources policies at the Central Bank.
14. Approve rules for the Central Bank institutional governance, including a set of rules and regulations aimed at achieving performance quality and excellence, in line with the Government’s strategic plans and objectives.
15. Decide on loans and advances granted to the Government, in accordance with the provisions of this decretal law.
16. Approve settlements and reconciliations relating to Central Bank’s businesses.
17.  Approve the Central Bank’s annual budget and any variations thereof during the year.
18.  Approve the Central Bank’s annual final accounts and the amount of net annual profits.
19. Regulate the mechanism of objections related to the insurance activity.
20. Deal with all other matters deemed within its powers, and are conducive to achievement of the objectives of the Central Bank and the discharge of its functions, in accordance with the provisions of this decretal law

1) The Board of Directors may form the committees it deems appropriate to assist in the discharge of its functions and jurisdictions in accordance with the provisions of this decretal law. Such committees may be formed from within the Board of Directors, or from outside the Board of Directors. The Board of Directors may also form committees and advisory boards, which include in their membership Persons from outside the Central Bank, and shall determine the remunerations of members of such committees and boards.

2) The Board of Directors may delegate some of its powers to the Chairman, to the Governor, or to any committee from within the Board of Directors.

3) The Board of Directors may, annually, review the terms of reference and performance of the committees formed in accordance with item (1) of this article, and may take necessary actions to ensure compliance with professional and international standards, codes of conduct and governance.

1) Pursuant to this decretal law, an authority named “Higher Shari`ah Authority” attached to the Central Bank shall be established with a membership not less than five (5) members and not exceeding seven (7) members, of sufficient knowledge and experience in the jurisprudence of Islamic financial transactions.

2) The Board of Directors shall approve the authority’s work system, its functions and competencies, and the mechanism for financing the costs of its establishment and continuity of work.

3) The Governor shall issue a decision to form the authority and appoint its members.

4) Licensed Financial Institutions, which carry on the whole or part of their businesses and activities in compliance with Islamic Shari`ah shall bear all expenses of the Authority referred to in item (1) of this article, including remunerations, allowances and expenses of its members according to the decision issued by the Board of Directors.

5) The Higher Shari`ah Authority shall determine the rules, standards, and general principles applicable to Shari`ah-compliant businesses and Licensed Financial Activities, and shall undertake supervision and oversight of the internal Shari`ah supervisory committees of Licensed Financial Institutions, referred to in Article (79) of this decretal law.

6) The Higher Shari`ah Authority shall approve Islamic monetary and financial tools issued and developed by the Central Bank to manage monetary policy operations in the State, and provide its opinion regarding the specific regulatory rules and instructions relating to the operations and activities of Licensed Financial Institutions which conduct the whole or part of their business and activities in accordance with the provisions of Islamic Shari`ah.

7) The Fatwas and opinions of the Higher Shari`ah Authority shall be binding on the internal Shari`ah supervisory committees, referred to in Article (79) of this decretal law, as well as on Licensed Financial Institutions which conduct the whole or part of their business and activities in accordance with the provisions of Islamic Shari`ah.

8) The Higher Shari`ah Authority may seek assistance of a specialized party, if necessary, to conduct Shari`ah external audit of the business of any Licensed Financial Institution, which carry on the whole or part of their businesses and activities in accordance with the provisions of Islamic Shari`ah, and the conditions and procedures determined by the Authority, at the expense of the concerned institution.

The Board of Directors may, upon recommendation of the Governor, appoint senior Central Bank executives, with titles of deputy, assistant governors, or any other titles the Board of Directors deems appropriate. The decision appointing the deputies and assistants shall determine their competences, salaries, and remunerations

1) The Governor, his deputies and assistants shall devote their full time to their work at the Central Bank, and none of them may hold any paid or unpaid position, or be a member of the Board of Directors of any of the Regulatory Authorities in the State, or in the Financial Free Zones or the Board of Directors of any Licensed Financial Institution, or enter, directly or indirectly, in any contracts concluded by the Public Sector.

2) The prohibition referred to in item (1) of this article shall not apply to assignments entrusted to any of them by the Government in the Public Sector, including representation in international conferences, or representation of the Public Sector in the various committees, subject to the approval of the Board of Directors.

The Board of Directors shall set up a regulation regarding remunerations of the Governor and his other entitlements, and the remunerations of the Chairman and members of the Board of Directors. A federal decree, in this respect, shall be issued.

1) The Board of Directors shall, upon invitation by the Chairman, hold an ordinary meeting, at least once every sixty (60) days.

2) The Chairman of the Board of Directors may call the Board of Directors to convene whenever the need arises.

3) The Chairman of the Board of Directors shall convene the Board of Directors upon request of, at least, three (3) members of the Board of Directors

1) Five (5) members of the Board of Directors including the Chairman of the Board of Directors, one of his Deputies, or the Governor, shall constitute quorum for any meeting.
2) Decisions of the Board of Directors shall be adopted by a majority vote of the members present. In case of a tie, the Chairman of the session shall have the casting vote.

Without prejudice to the powers and competencies of the Chairman of the Board of Directors, the Governor shall be the legal representative of the Central Bank, and shall sign, on its behalf, all instruments, contracts and documents.

Without prejudice to any competencies established for the Board of Directors or the Chairman of the Board of Directors, the Governor shall conduct and manage all the affairs of the Central Bank, and issue regulations, systems and policies approved by the Board of Directors. The Governor shall be responsible for the implementation of this decretal law, the regulations of the Central Bank and decisions of the Board of Directors. He may delegate some of his powers and competencies to any of his deputies, assistants, or some senior staff of the Central Bank.

1) The Central Bank, members of the Board of Directors, members of committees formed by the Board of Directors, whether from within its membership or from outside, staff of the Central Bank and its duly authorized representatives, shall all be exempt from civil liability towards third parties, in respect of the following:

unless bad faith, with intent to harm third parties, was established.

• a. Exercise, or failure to exercise, the functions, powers, authorities and businesses of the Central Bank, or their own functions, competencies and powers, authorities, and all related practices;
• b. Instructions, guidelines, declarations, data, statements and opinions given by them in relation to the practice of the Central Bank’s functions, powers, authorities and businesses, or their own functions, competencies, authorities and businesses –

2) The Central Bank shall bear all charges, costs, expenses, and attorney fees relating to defense of the Persons referred to in item (1) of this article, in lawsuits pertaining to discharge of their functions at the Central Bank

1) Any member of the Board of Directors, any member of the committees formed by the Board of Directors, any employees or representatives of the Central Bank; any experts, technical personnel, or academics the Central Bank deals with, shall not disclose any information that is confidential, unless such disclosure is consistent with the provisions of item (3) of this article. This prohibition shall remain effective even after the expiry of membership or termination of the service or the function.

2) Confidential information shall include all information received by any of the Persons referred to in item (1) of this article, by virtue of their positions, or in the course of discharging their functions, as long as such information were not made available to the public through official or legal means.

3) Without prejudice to the provisions of Article (28) of this decretal law, confidential information may be disclosed where such disclosure is permitted, legally enforced, or addressed to authorities and agencies within the State or in other jurisdictions

1) A member of the Board of Directors shall, upon his appointment, declare his interests, which may conflict with his membership at the Board of Directors, and whenever a conflict of interest arises. Should any member of the Board of Directors have a personal interest in any contract or dealing to which the Central Bank is party, such member must declare those interest prior to the discussion of the subject; withdraw from the meeting when such dealing or contract is discussed, and should not participate in voting pertaining thereto, in accordance with the code of conduct and governance rules issued by the Board of Directors.

2) Every employee or representative of the Central Bank shall disclose to his manager, or his immediate superior, any interest which may be in conflict with the discharge of his functions, and he may not participate in exchange of opinions, and decisions or measures, taken in this regard.

3) The Board of Directors shall establish codes of conduct for employees and representatives of the Central Bank, as well as disclosure procedures, compliance, and governance

1) The Central Bank may, within the scope of its jurisdiction and in accordance with the Law, cooperate with the concerned regulatory authorities in other countries, and with international institutions, in providing assistance and exchanging information, subject to the following:

• a. The request is made on basis of reciprocity.
• b. The request does not contravene any of the State’s established laws and regulations.
• c. The request is serious and important.
• d. The request is not in conflict with the public interest and public order requirements.

2) The Central Bank shall, in coordination and collaboration with the concerned regulatory authorities, within applicable laws, exercise its powers on Licensed Financial Institutions operating outside the State or in Financial Free Zones.

The Central Bank may seek assistance of experts, technical personnel and academics, determine their remunerations and entitlements. The Board of Directors may also invite to its meetings whomever it may wish to hear their opinion on a specific issue, and such invitee to the meeting shall have no counted vote in deliberations

1) The Central Bank may publish the draft regulations and rules it intends to issue in relation to organization of businesses of Licensed Financial Institutions and Licensed Financial Activities, for their feedback, via a public notice to the concerned parties.

2) The Central Bank may invite concerned parties to provide their feedback on the draft rules and regulations referred to in item (1) of this article, within the period prescribed by the Central Bank.

3) The Central Bank may decide not to publish the draft regulations referred to in item (1) of this article, if it deems such publication contrary to public interest, or to the achievement of the Central Bank’s objectives and discharge of its functions

1) Monetary policy shall be aimed at maintaining soundness and stability of the monetary system in the State, in order to ensure stability and required confidence in the national economy.

2) The Central Bank shall determine monetary tools and operational means for achievement of monetary policy objectives, including policies relating to management of the exchange rate of the national Currency and money markets in the State.

3) The Central Bank shall, on basis of a proposal by the Board of Directors and approval of the Cabinet, determine the national Currency’s exchange rate regime.

4) The Central Bank may, for operational purposes, take necessary measures to manage and control the official exchange rate of the national Currency, as per the guidelines set by the Board of Director

1) The Central Bank may, in line with monetary policy objectives and the current and forecasted status of liquidity, determine and keep with it, minimum Reserve Requirements for each type of deposits, or on total of deposits held with deposit-taking Licensed Financial Institutions. The Board of Directors shall determine the manner in which ratio of the Reserve Requirements is calculated, as it deems appropriate.

2) The Central Bank shall specify all operational arrangements related to the maintenance of the Reserve Requirements referred to in item (1) of this article

The Central Bank may set regulations which determine limits of credit facilities extended by Licensed Financial Institutions to their customers, compared to the total of their stable resources or to the total of deposits of their customers. Such limits may be prescribed for a specific Licensed Financial Institution or for all Licensed Financial Institutions

The Central Bank and the Ministry shall establish a mechanism for coordinating monetary policy and fiscal policy for the purpose of achieving balanced growth in the national economy. Such coordination shall take place before the beginning of each financial year, and whenever necessary, and shall be in respect of volume of government expenditure, the Government’s debt, and debts of governments of emirates members of the Union, along with debts of Government Related Entities, companies and institutions which they own, hold shares in, or manage, and their plans regarding domestic and foreign public debt.

The Central Bank shall solely have the authority to designate any Licensed Financial Institution as systemically important. For such purpose, the Central Bank may require the designated Licensed Financial Institution to take required measures and procedures

1) The Public Sector and other agencies as the Board of Directors deems necessary, shall provide the Central Bank with all the information and statistics it requires for the purpose of performing its functions under the provisions of this decretal law. Such information and statistics shall include all monetary and economic statistics, as well as balance of payments statistics and consumer prices. The Central Bank may publish the statistics it deems appropriate, in whole or in part.

2) The Central Bank shall obtain the approval of other Regulatory Authorities in the State regarding provision and/or publication of non-public information and statistics in relation to institutions under the supervision of those authorities

1) The Central Bank may conduct research and analyses in areas of macro-economy, conduct of monetary policy, and banking and financial operations, as deemed of strategic importance to the State economy.

2) The Central Bank shall publish and issue regular statistical reports, quarterly and annual reviews of the Central Bank, policy briefs and working papers that contain analyses of the relevant data to inform policy decisions, as deemed appropriate.

The Central Bank shall advise the Government on matters falling within its jurisdiction, and shall provide its opinion on monetary, banking, and financial affairs as requested by the Government.

1) The Central Bank shall participate in negotiations relating to the Government’s international monetary and financial agreements, and it may be assigned implementation of provisions of such agreements.

2) The Central Bank may, directly or through Primary Dealers, sell and manage securities issued or secured by the Government or governments of emirates members of the Union, in accordance with an agreement with the concerned government.

1) For the purposes of achieving objectives of its monetary policy, and in order to provide for the Government and governments of emirates members of the Union with their needs for national Currency and/or foreign currencies, the Central Bank shall buy or sell foreign currencies to the concerned government, at prevailing exchange rates.

2) The Central Bank shall conduct banking operations and services for the Government, whether in the State or in other jurisdictions, against fees. The Central Bank may also perform banking operations and services for governments of member emirates of the Union, against fees.

3) The Government and governments of emirates members of the Union, shall open accounts in national Currency and foreign currencies with the Central Bank, and conduct transfers through such accounts.

4) Government funds in national Currency or foreign currencies shall be deposited with the Central Bank, and the latter shall pay or charge interest thereon in view of the prevailing market rates. Governments of emirates members of the Union may also deposit funds in national Currency or foreign currencies with the Central Bank, on which the latter shall pay or charge interest thereon in view of the prevailing market rates.

5) Public Sector entities, other than the Government, and governments of emirates members of the Union, may deposit their funds in national Currency or foreign currencies with the Central Bank. The Central Bank shall pay or charge interest thereon as determined by the Central Bank.

6) The Central Bank may grant advances or other credit facilities to the Government, at interest rates set in accordance with the terms and conditions of the agreement signed between the Central Bank and the Ministry in this regard, provided such advances and credit facilities are for the purpose of covering a temporary, unforeseen deficit in Government revenues, compared to its expenses. The Government may not relend or grant such advances to any other party. Granted advances shall at no time exceed ten percent (10%) of the government’s average revenues realized in the budgets of the last three (3) years. The Government shall repay these advances within a period not exceeding one (1) year from date of granting thereof. In case advances were not repaid at the specified date, the outstanding balance should be subject to an interest charge, as specified in the agreement signed between the Central Bank and the Ministry.

7) The Central Bank may subscribe to securities and debt instruments issued by the Government for maturities exceeding one (1) year, only in cases designated by the Board of Directors. The Government shall repay the amounts due, including interest, on maturity dates. In case of late or early payment an interest charge shall be imposed, as specified in the debt agreement.

Apart from the funds deposited with the Central Bank in accordance with the provisions of Article (40) of this decretal law, the Central Bank may not interfere in the investment and deployment of Government funds or funds of governments of emirates, members of Union, unless it has been assigned to do so per the agreement concluded between the concerned government and the Central Bank.

1) The Central Bank may open the following accounts:

• a. National Currency or foreign currencies accounts for Licensed Financial Institutions, and accept deposits from them. The Central Bank shall pay or charge agreed interest on such deposits.
• b. Accounts for monetary authorities, other Central Banks, foreign banks, international financial and monetary institutions, as well as Arab and international monetary funds. The Central Bank may pay or charge interest on such accounts, and act as agent or correspondent for these parties.

2) The Central Bank may open accounts with monetary authorities, Central Banks, foreign banks or international financial and monetary institutions, as well as Arab and international monetary funds

The Central Bank may conduct the following money and capital markets operations:

1) Purchase, re-purchase, sell, and accept and place deposits of gold bullion or coins and precious metals.

2) Accept and place monetary deposits and pay or charge interest thereon, subject to the provisions of Article (62) of this decretal law.

3) Issue bills payable upon demand and other types of payable financial transfers, at its head office, branches, and offices of its agents or correspondents.

4) Conduct all foreign currency operations and external transfer operations with the Government, governments of emirates members of the Union, public entities, local and foreign banks, licensed Exchange Establishments, other monetary authorities and Central Banks, and other Arab and international financial institutions and funds.

5) Issue securities in the name of the Central Bank, and sell and re-purchase, discount and rediscount, redeem such securities for the purposes of managing monetary policy operations.

6) Purchase, re-purchase, sell, discount and rediscount Eligible Securities and other securities related to the management of its Own Funds and/or Foreign Reserves as per established terms and conditions.

7) Purchase, re-purchase, and sell Shari`ah-compliant commodities and securities, in order to develop liquidity management instruments for Islamic Licensed Financial Institutions.

8) Grant collateralized loans, advances, other credit facilities, and Shari`ah-compliant funding facilities to Licensed Financial Institutions, for the purpose of managing monetary policy operations, in accordance with the terms and conditions the Central Bank deems appropriate and determines from time to time.

9) Grant collateralized loans and advances to monetary authorities, Central Banks, foreign banks, and international financial institutions, and obtain loans and advances therefrom, provided there is consistency of such operations with the Central Bank’s functions and jurisdictions. Interest or commission may be paid or charged for this purpose.

10) Obtain, guarantee or secure loans and advances or issue credit, in any currency inside the State or in other jurisdictions, in accordance with the terms and conditions the Central Bank deems appropriate for the purpose of conducting its own business.

11) Conduct all other operations deemed conducive to the achievement of Central Bank’s objectives

1) The Central Bank shall take all measures it deems appropriate to maintain conduct of operations of Licensed Financial Institutions, within the frameworks and limits set by the Board of Directors.

For this purpose, the Central Bank shall:

1. A) Request to hold a meeting of the general assembly of the licensed financial institution to discuss any issue the Central Bank deems important.
2. B) Request to include any item that the Central Bank deems necessary into the agenda of the general assembly meeting of the licensed financial institution.
3. C) Stopping the implementation of any decision issued by the general assembly of the licensed financial institution in the event that it violates the laws or regulations in force.

2) The Central Bank, according to its own discretion, in cases of necessity during which the deposit-taking licensed financial institution is exposed to liquidity pressures or is subject to crisis management procedures, may provide loans to that establishment, in order to contribute to strengthening and protecting the stability of the financial system and protecting the monetary system in the state.

1) The Central Bank shall set-up rules to regulate securities issued by the Central Bank or the Government in coordination with the various stakeholders. Such rules shall include all aspects of these securities issuance, custody, trading in the State.

2) The Central Bank may appoint Primary Dealers for securities issued inside the State by the Central Bank or the Public Sector, in accordance with the terms and conditions set by the Central Bank.

3) For the purpose of listing securities issued by the Public Sector in the State’s financial markets, the Central Bank shall appoint Primary Dealers approved by it an whom comply with the requirement of the concerned regulator.

The Central Bank may, in accordance with the instructions and rules stipulated in the investment policy and guidelines approved by the Board of Directors, invest its Foreign Reserves in all or any of the following instruments:

1) Gold bullions, gold coins and other precious metals.

2) Currency notes and coins, call money, and placements in foreign countries.

3) Securities issued or secured by governments of foreign countries and related entities, or by international monetary and financial institutions.

4) Derivatives and other financial instruments required for the management of Central Bank’s exposure to interest rates, currencies, credit, gold, and other precious metals.

5) Any other financial assets the Central Bank deems appropriate for investment as foreign assets, subject to approval of the Board of Directors

The Central Bank may, in accordance with the investment policy and guidelines set by the Board of Directors, deploy or invest part of its Own Funds in the following:

1) Purchase and sell securities, and subscribe to loans issued or guaranteed by the Public Sector, or buy shares in any entity wherein the Government or governments of emirates members of the Union hold shares, or is granted a concession in the State.

2) Invest in projects, investment funds and financial institutions not licensed by the Central Bank.

3) Acquire real estate, equity and movable properties allocated for conduct of its business and all related matters.

The Central Bank may appoint external parties to manage its Foreign Reserves and Own Funds, in accordance with the investment policy and guidelines set by the Board of Directors.

1) The following activities shall be considered financial activities subject to Central Bank licensing and supervision in accordance with the provisions of this decretal law:

• a. Taking deposits of all types, including Shari`ah-compliant deposits.
• b. Providing credit facilities of all types.
• c. Providing funding facilities of all types, including Shari`ah-complaint funding facilities.
• d. Providing currency exchange and money transfer services.
• e. Providing monetary intermediating services.
• f. Providing stored values services, electronic retail payments and digital money services.
• g. Providing virtual banking services.
• h. Arranging and/or marketing for Licensed Financial Activities.
• i. Acting as a principle in financial products that affect the financial position of the Licensed Financial Institution, including but not limited to foreign exchange, financial derivatives, bonds and sukuk, equities, commodities, and any other financial products approved by the Central Bank.

2) The Board of Directors shall:

• a. Classify and define Licensed Financial Activities and the practices relating thereto.
• b. Add activities or practices to the list of Licensed Financial Activities mentioned in item (1) of this article, or delete activities or practices from the list, or amend them, following coordination and agreement with the Regulatory Authorities in the State, through the Financial Activities Committee referred to in Article (66) of this decretal law.

3) In case a Licensed Financial Institution wishes to carry on activities licensed by Regulatory Authorities in the State or the regulatory authorities in other jurisdictions, other than the activities referred to in item (1) of this article, such institution must obtain approval of the Central Bank, prior to obtaining licensing from the concerned regulatory authority.

1) A technical committee named the 'Financial Activities Committee' shall be established in the Ministry by a Cabinet resolution, chaired by the Ministry and include in its membership a representative of each of the Regulatory Authority in the State. The mentioned committee shall look into and provide opinion on any proposal to regulate a financial activity other than those mentioned in the laws of regulatory authorities. The resolution shall specify the committee’s terms of reference and the mechanism for discharge of its functions.

2) The approval of the concerned regulatory authority shall be obtained in case the financial activities committee suggest adding a specific financial activity not mentioned in its law to the list of activities under its licensing and regulation.

1) Any Person may, in accordance with the regulations issued by the Board of Directors, submit to the Central Bank an application for a license to carry on one or more Licensed Financial Activities or addition of one or more Licensed Financial Activities to an issued license.

2) The Board of Directors shall issue rules, regulations and standards, and determine conditions for granting license to carry on Licensed Financial Activities, including the following:

• a. Fit and proper criteria.
• b. Resources required for carrying on the activity.
• c. Control and monitoring systems.

3) The Board of Directors may add any requirements or conditions to be fulfilled by the applicant for license, at its own discretion and as it deems appropriate for safeguarding public interest.

1) A licensed financial institution must carry on its business within the scope of the license granted to it.

2) No Person may represent that it is a Licensed Financial Institution, if such is not the case

1. The application for license or expansion of its scope shall be decided on within a period not exceeding sixty (60) working days from the date of satisfying the requirements and conditions of the license. The lapse of such period without reply shall be deemed rejection of the application.
2. The Central Bank may request the applicant to meet the requirements and conditions of the license within the period it determines.
3. The Central Bank may reject the application or request the addition of any financial activity at its sole discretion, according to the absorptive capacity of the financial sector of the State and the requirements of the domestic market. The decision issued in this regard shall be final and not appealable before the Grievances and Appeals Committee.
4. The applicant shall be notified of the substantiated rejection decision by means of an official notice within a period not exceeding twenty (20) days from the date of its issuance.

1) The Board of Directors may impose conditions or restrictions, or otherwise change or cancel conditions or restrictions imposed on a license for carrying on Licensed Financial Activities.

2) The Board of Directors may, before issuing the decision mentioned in item (1) of this article, request the concerned financial institution to provide its opinion on the reasons for the decision, within such period as specified.

3) The licensed financial institution shall be notified, officially, of the reasoned decision within a period not exceeding twenty (20) working days from date of its issue. The notice shall include the following:

• a. Content of the decision.
• b. Reasons for the decision.
• c. Effective date of the decision.
• d. A statement advising the licensed financial institution of its right to submit a grievance against the decision, by applying to the Grievances & Appeals Committee, in accordance with the provisions of this decretal law.

1) The Board of Directors may suspend, withdraw, or revoke a license issued to a Licensed Financial Institution, in the following cases:

• a. If the Licensed Financial Institution ceased to meet, or breached one or more of the conditions or restrictions imposed on the license.
• b. If the Licensed Financial Institution breached any of the State’s established laws and regulations, or the regulations, rules, standards, instructions, and guidelines issued by the Central Bank.
• c. If the Licensed Financial Institution failed to take any measures or actions determined or prescribed by the Central Bank.
• d. If the Licensed Financial Institution ceased to carry on one or more of the Licensed Financial Activities, for a period exceeding one year.
• e. If the business or operations were ceased for a period exceeding one year.
• f. If the Central Bank considered, at its own discretion, that the full or partial withdrawal, revocation, or suspension of the license, was necessary for achieving its objectives and discharging its functions.
• g. If the concerned Licensed Financial Institution submitted an application for full or partial suspension or revocation of the license.
• h. If the Licensed Financial Institution’s liquidity or solvency was at risk.
• i. If the capital of the Licensed Financial Institution fell below the minimum required in accordance with the provisions of this decretal law, or the regulations, rules, or standards issued by the Central Bank.
• j. If the Licensed Financial Institution merged with another financial institution.
• k. If the Licensed Financial Institution was declared bankrupt.

l. If the Licensed Financial Institution’s officers, employees, or representatives refused to cooperate with Central Bank officers, representatives, or examiners or abstained from providing required information, statements, documents, or records.

m. If the license of a foreign Licensed Financial Institution was revoked, or if it was put under liquidation at its domicile, or if the businesses of its branch, companies or Representative Offices in the State were wound down.

2) The Licensed Financial Institution shall be notified, officially, of the reasoned withdrawal, cancellation or suspension decision within a period not exceeding twenty (20) working days from date of its issue. The notice shall include the following:

• a. Content of the decision.
• b. Reasons for the decision.
• c.Effective date of the decision.
• d. A statement advising the Licensed Financial Institution of its right to submit a grievance against the decision, by applying to the Grievances & Appeals Committee, in accordance with the provisions of this decretal law.

3) The decision issued by the Central Bank shall, following decision on the grievance or appeal, if presented to the Grievances & Appeals Committee, or expiry of the period specified in item (2) of this article, be published in two local newspapers, one in Arabic and another in English, and on the Central Bank’s official website. Such decision may also be announced by any other means if necessary

1) Entities other than Banks licensed in accordance with the provisions of this decretal law may not use, in their business addresses or advertisements, the expressions “Bank”, “Masraf” or any other expression derived therefrom or similar thereto, in any language, and in any way which may mislead the public as to the nature of its business.

2) The following entities shall be not be subject to the provisions of item (1) of this article:

• a. Monetary authorities and Central Banks.
• b. Any federation or association established for protection of Banks’ interests.
• c. Any other institution exempted by the Board of Director.

1) An electronic register named “Register of Licensed Financial Institutions” shall be created in the Central Bank, to which names of Licensed Financial Institutions and all their data and any amendments thereto, shall be entered. A decision setting the rules and conditions for entry to such register shall be issued by the Board of Directors. Decision to license such institutions and any amendments thereto, shall be published in the Official Gazette. This register shall be published on the Central Bank’s official website.

2) A Licensed Financial Institution may not commence any Licensed Financial Activity except after its name was entered to the register.

3) Proceeds of licensing and entry to the register fees shall be deposited in a special account with the Central Bank. A decision shall be issued by the Board of Directors organizing operation of the account, and setting rules for withdrawing funds from it.

1) Banks shall take the form of public joint- stock companies, with incorporating law or decree so permits. Branches of foreign banks operating in the State, and specialized banks with low risks that are determined according to the conditions and rules set by the Board of Directors shall be exempt from this requirement.

2) Other Financial Institutions may take the form of joint- stock companies or limited liability companies, in accordance with the rules and conditions issued by the Board of Directors.

3) Exchange Houses and monetary intermediaries may be a sole proprietorship, or take any other legal form in accordance with the rules and conditions issued by the Board of Directors.

The Board of Directors shall establish regulations on the minimum capital requirement for Licensed Financial Institutions, and conditions and instances of increase or decrease of capital, and shall determine its risk-based requirements, and the necessary actions to be taken in case of capital shortfall, in addition to the measures taken by the Central Bank in this regard.

1) Without prejudice to the financial and commercial activities restricted to UAE nationals prescribed in any other law, the Board of Directors shall determine the conditions and controls for ownership of shares of Banks incorporated in the State and shareholdings contribution in their capital, and in all cases the national shareholding must not be less than sixty percent (60%).

2) The Board of Directors may determine the conditions, controls for percentage of ownership of shares and shareholdings contribution in the capital of Other Financial Institutions incorporated in the State by nationals and foreigners.

1) Licensed Financial Institutions shall seek Central Bank approval for amendments to their memorandum or articles of association. Such amendments shall only take effect after they were entered into the register.

2) The Central Bank shall decide on the application. Should the Central Bank decided to reject the application to enter the amendment, the matter shall be presented to the Board of Directors whose decision in that respect shall be final.

1) Licensed Financial Institutions that carry on all or part of their activities and businesses in accordance with the provisions of Islamic Shari`ah may carry on the Licensed Financial Activities mentioned in article (65) of this decretal law, whether for their account or for the account of or in partnership with third parties, provided such activities and businesses are Shari`ah-compliant. The Board of Directors shall issue regulations specifying the activities, conditions, rules, and operating standards for these institutions, in a manner commensurable with the nature of the license granted to them.

2) Licensed Financial Institutions mentioned in item (1) of this article shall, in respect of their Shari`ah-compliant businesses and activities initiated on behalf of their customers and not for their own account, be exempted from:

• a. Provisions of item (1) of article (93) of this decretal law.
• b. Provisions of item (2) of article (93) of this decretal law, insofar as such exemption does not contradict the provisions of local legislations applicable in the relevant emirate member of the Union.

1) An independent committee named “Internal Shari`ah Supervision Committee” shall be established within each Licensed Financial Institution that carries on all or part of its activities and businesses in accordance with the provisions of Islamic Shari`ah. Membership of this committee shall consist of experienced specialists in Islamic financial and banking transactions jurisprudence. The said committee shall undertake Shari`ah supervision of all businesses, activities, products, services, contracts, documents, and conduct of business charters of the concerned institution and shall approve them and establish their respective Shari`ah requirements, within the framework of the rules, principles and standards set by the Higher Shari`ah Authority, in order to ensure compliance thereof with Shari`ah. Fatwas or opinions issued by the Committee shall be binding.

2) The Internal Shari`ah Supervision Committee shall be appointed by the general assembly of the concerned Licensed Financial Institution, in accordance with the provisions of the referenced Commercial Companies law. Names of members of the Internal Shari`ah Supervision Committee shall be presented to the Higher Shari`ah Authority for approval, prior to presentation thereof to the general assembly and issuance of decision approving their appointment.

3) Members of the Internal Shari`ah Supervision Committee are prohibited from holding any executive position in the institution referred to in item (1) of this article, or provide services to it outside of the scope of the committee’s assigned functions, nor hold shares or have for themselves or for any of their relatives up to the second degree, any interests associated with it.

4) In cases where disagreement arises, over a Shari`ah opinion, between members of the Internal Shari`ah Supervision Committee, or disagreement between the Internal Shari`ah Committee and the Board of Directors of the concerned financial institution, over the compliance or noncompliance of a particular matter with the provisions of Shari`ah, the disagreement shall be referred to the Higher Shari`ah Authority, whose opinion on the matter shall be final.

5) There shall be established, in each institution referred to in item (1) of this article, a division or internal section, of a size commensurable with the businesses and activities of the concerned institution, to undertake internal Shari`ah audit and monitor compliance of the concerned institution with the fatwas and opinions of the Internal Shari`ah Supervision Committee. Such division or section shall report to the Board of Directors of the concerned institution, and its employees shall not have any executive powers or any responsibilities towards the businesses, activities and contracts which they review or audit from a Shari`ah perspective. The said division/ section shall be headed by a Shari`ah controller appointed by the Board of Directors of the concerned institution.

1) The Internal Shari`ah Supervision Committee shall prepare an annual report to be presented to the general assembly of the Licensed Financial Institution, which carries on all or part of its activities and businesses in accordance with Islamic Shari`ah. The report shall take the form specified by the Higher Shari`ah Authority, and shall indicate the extent of compliance of management of the concerned institution, with the provisions of Islamic Shari`ah, in all its activities, businesses, offered products, contracts entered into, and used documentation. The said report shall include the following:

   a. A statement on the extent of independence of the Internal Shari`ah Supervision Committee in discharge of its functions.

   b. A statement on compliance of policies, accounting standards, financial products and services, operations and activities in general, together with the memorandum, articles of association, and financial statements of the relevant institution, with the provisions of Islamic Shari`ah during the ending financial year.

   c. A statement on the compliance of distribution of profits, bearing of losses, costs, and expenses among the shareholders and investment account holders, with the fatwas and opinions of the Internal Shari`ah Supervision Committee.

   d. A statement on any other breaches to Shari`ah provisions and the controls established by the Higher Shari`ah Authority.

2) The Internal Shari`ah Supervision Committee shall provide the Higher Shari`ah Authority with copy of its report, no later than two (2) months from end of the financial year, in order for the Authority to express its remarks prior to the meeting of the general assembly of the concerned institution

Where a Licensed Financial Institution, which exercises all or part of its business and activities in accordance with Islamic Shari`ah, is subject to the supervision of the State Audit Institution, pursuant to the referenced Re-organization of the State Audit Institution law, the function of the audit institution shall be restricted to post- audit, and shall not interfere in the conduct of business or policies of these institutions.

Where it is established that a financial institution, which carries on all or part of its businesses and activities in accordance with the provisions of Islamic Shari`ah, has conducted businesses that are not compliant with such provisions, as per fatwas and opinions of the Internal Shari`ah Supervision Committee, and the fatwas and opinions of the Higher Shari`ah Authority, the Central Bank shall inform the concerned institution accordingly, after consulting with the Higher Shari`ah Authority, and shall ask the institution to reconcile its position, under the supervision of the Internal Shari`ah Supervision Committee, within thirty (30) working days from date of notification. The Central Bank shall take the appropriate corrective measures and corrective actions in case the concerned institution’s inability to reconcile its position.

1) The Board of Directors may issue regulations, rules, standards, conditions, and instructions, specifying Designated Functions subject to Central Bank authorization and the individuals who shall be required to obtain Central Bank authorization to undertake them, including fit and proper conditions, and cases of exemption of such conditions and standards.

2) Without prejudice to the provisions of item (1) of this article, Designated Functions subject to Central Bank authorization include those carried out by members of the boards of directors of Licensed Financial Institutions, and their chief executive officers, senior managers, executives, and Authorized Individuals.

3) No individual may undertake any Designated Functions at a Licensed Financial Institution, without obtaining Central Bank’s prior authorization.

4) Licensed Financial Institutions shall take all measures and actions, which ensure that no officer, employee, or any other individual representing them, shall exercise any of the Designated Functions without obtaining prior authorization from the Central Bank.

5) Any Authorized Individual in accordance with the provisions of this article shall abide with limits of powers stated in the authorization.

6) No individual shall introduce himself as an Authorized Individual unless he is authorized by the Central Bank

1) A Licensed Financial Institution may submit an application to the Central Bank for authorization of any individual to undertake any of the Designated Functions or to undertake additional Designated Functions.

2) The Central Bank may require the applicant to provide all information necessary for enabling it to decide on the application.

3) A Licensed Financial Institution shall notify the Central Bank of any material changes relating to the conditions for granting authorization to undertake the Designated Functions.

1) Deciding on application for authorization or extension thereof shall be within a period not exceeding twenty (20) working days from date of meeting all conditions and requirements for authorization. The lapse of this period without decision on the application shall be considered an implicit rejection thereof.

2) The Board of Directors may reject an application for authorization or addition of other Designated Functions to an Authorized Individual if it considered that such rejection would serve public interest or that conditions and requirements for authorization were not fulfilled.

3) The applicant shall be notified, officially, of the rejection decision within a period not exceeding twenty (20) working days from date of its issue. The notice shall include the following:

• a. Content of the decision.
• b. Reasons for the decision.
• c. A statement advising the applicant of his right to submit a grievance against the rejection decision, by applying to the Grievances & Appeals Committee, in accordance with the provisions of this decretal law

1) The Central Bank may decide to add conditions or restrictions to an authorization to undertake Designated Functions.

2) Before issuing the decision referred to in item (1) of this article, the Central Bank may request the concerned Licensed Financial Institution to provide its remarks on the reasons for the decision, within such period as it specifies.

3) The Licensed Financial Institution shall be notified, officially, of the decision within a period not exceeding twenty (20) working days from date of its issue. Such notice shall include the following:

• a. Content of the decision.
• b. Reasons for the decision.
• c. Effective date of the decision.
• d. A statement advising the Licensed Financial Institution of its right to submit a grievance against the decision, by applying to the Grievances & Appeals Committee, in accordance with the provisions of this decretal law.

1) The Central Bank may suspend, withdraw, or revoke the authorization issued to an individual undertaking Designated Functions, by an official notice, in the following cases:

• a. If the Authorized Individual ceased to meet, or breached one or more of the fit and proper criteria and other conditions or restrictions imposed on the authorization to undertake Designated Functions.
• b. If the Authorized Individual violated any of the State’s established laws and regulations or the regulations, rules, standards, or guidelines issued by the Central Bank.
• c. If the Authorized Individual failed to take any measures or actions prescribed by the Central Bank.
• d. If the Central Bank considered, that full or partial withdrawal, revocation, or suspension of the authorization, was necessary for achieving its objectives and discharging its functions.
• e. If the Authorized Individual was declared bankrupt.
• f. If the Authorized Individual refused to cooperate with the officials, representatives, or examiners of the Central Bank, or failed to submit required information or records.

2) In all cases, the authorization shall be revoked in case a cancellation application was submitted by the Licensed Financial Institution where the Authorized Individual works or in case of termination of his relationship with such institution.

3) The Licensed Financial Institution, where the Authorized Individual works shall be notified, in writing, of the decision to withdraw, revoke, or suspend the authorization, within a period not exceeding twenty (20) working days from date of its issue. Such notice shall include the following:

• a. Content of the decision.
• b. Reasons for the decision.
• c. Effective date of the decision.
• d. A statement advising the concerned Licensed Financial Institution and the Authorized Individual of their right to submit a grievance against the decision, by applying to the Grievances & Appeals Committee, in accordance with the provisions of this decretal law.

1) The Central Bank may prohibit any individual from working, or undertaking Designated Functions related to Licensed Financial Activities if it considered that the concerned individual was not fit and proper to work or undertake such Designated Functions.

2) The concerned Licensed Financial Institution shall be notified, officially, of the decision to prohibit the concerned individual from working or undertaking Designated Functions at it, within a period not exceeding twenty (20) working days from date of its issue. Such notice shall include the following:

• a. Content of the decision.
• b. Reasons for the decision.
• c. Effective date of the decision.
• d. A statement advising the Licensed Financial Institution and the concerned individual of their right to submit a grievance against the decision, by applying to the Grievances & Appeals Committee, in accordance with the provisions of this decretal law.

1) A Person shall not hold controlling interest, or increase controlling interest in any Licensed Financial Institution, nor exercise powers, which render him a de facto holder of controlling interest, at the discretion of the Central Bank, unless he obtains Central Bank’s prior approval.

2) A Licensed Financial Institution shall also not allow any Person to hold controlling interest therein, unless it obtains Central Bank’s prior approval.

3) The Board of Directors shall issue regulations, rules, standards, conditions, instructions, and restrictions relating to interests and instances of control.

A Licensed Financial Institution shall not establish any branch or representative office inside the State or in other jurisdictions, or relocate or closedown any existing branch without Central Bank’s prior approval.

1) Licensed Financial Institutions shall:

• a. Provide the Central Bank with reports, information, statements and other documents, which it determined and considered necessary for achieving its objectives and discharge its functions.
• b. Appoint qualified employees and assign them the task of preparing the reports required by the Central Bank.
• c. Take appropriate measures to ensure that the Person assigned, in accordance with the paragraph (b) of this item, obtains the information required for preparation of the reports.

2) Licensed Financial Institutions are prohibited from issuing instructions or directives, or agree with any manager, officer, an employee working for it, an agent representing it, or auditor of its accounts, to decline to provide the Central Bank with the requirements referred to in item (1) of this article.

3) The Central Bank shall establish rules and guidelines for periodical compilation of information from Licensed Financial Institutions.

4) The Central Bank shall determine the nature, forms and frequency of submission of information. Licensed Financial Institutions shall provide such information in accordance with the instructions issued by the Central Bank in this regard.

5) The provisions of this article shall apply to branches of foreign Licensed Financial Institutions operating in the State.

6) The Board of Directors shall issue regulations, rules, standards, and instructions regarding provision of the requirements referred to in this article, and may take all the measures and actions against the concerned institution or any of its employees referred to in paragraph (b) of item (1) of this article.

1) Licensed Financial Institutions, along with their legal representatives, compliance officers, and auditors of accounts shall be responsible for, immediate reporting of any of the following to the Central Bank:

• a. Occurrence of any material or crucial developments, which may impact its activities, structure, or overall position.
• b. Occurrence of any violation to the provisions of this decretal law or the decisions, regulations, or instructions issued in implementation thereof.

2) The aforementioned Persons referred to in item (1) of this article shall not be considered to have breached any of their obligations if they, acting in good faith, filed a report as per provisions of this article, or provided information or opinion to the Central Bank. The Licensed Financial Institution shall not dismiss those mentioned in item (1) of this article without obtaining approval of the Central Bank.

3) The Central Bank shall establish a mechanism for accepting notifications concerning violations referred to in item (1) of this article.

1) Each Licensed Financial Institution shall be required to provide the Central Bank with the statements and reports relating to its financial position.

2) Each Licensed Financial Institution shall be required to provide the Central Bank, within a period not exceeding three (3) months from end of the financial year, or within such period as the Central Bank may specify, with the following:

• a. Copy of the audited balance sheet, showing use of assets and liabilities arising from operations of the concerned institution.
• b. Copy of the audited profit and loss account, and any related notes.
• c. Copy of report of auditors of accounts of the concerned institution.
• d. Copy of report of the board of directors of the concerned institution.

3) The Central Bank may also require the Licensed Financial Institution to provide the following:

• a. Copy of the interim profit and loss account, on semi-annual basis, or for other periods specified by the Central Bank.
• b. Any other additional reports, data or information it deems necessary.

1) A Licensed Financial Institution shall not merge with or acquire any other institution, regardless of its type of activity, nor transfer any part of its liabilities to another Person, without obtaining Central Bank’s prior approval.

2) Without prejudice to the established legislation in the State concerning merger and acquisition, the Board of Directors may issue all regulations, rules, standards, conditions, instructions, and directives pertaining to merger and acquisition.

3) The Licensed Financial Institution shall be notified, officially, of Central Bank’s decision rejecting the proposed merger or acquisition within a period not exceeding twenty (20) working days from date of its issue. The notice shall include the following:

• a. Content of the decision.
• b. Reasons for the decision.
• c. Effective date of the decision.
• d. A statement advising the concerned Licensed Financial Institution of its right to submit a grievance against the decision, by applying to the Grievances & Appeals Committee, in accordance with the provisions of this decretal law.

A Licensed Financial Institution shall not cease to operate, fully or partially or suspend its operations, or cease to carry-on all or part of its Licensed Financial Activities without approval of the majority of its shareholders and approval of the Central Bank.

1) The Board of Directors shall, for the purposes of prudential supervision, issue necessary instructions and directives to a particular Licensed Financial Institution, or to a number of Licensed Financial Institutions within a specific category, relating to:

• a. Compliance with Central Bank instructions and directives relating to prudential ratios determined by the Board of Directors, regarding capital adequacy and liquidity or any other purposes.
• b. Compliance with the required provisions, or processing of specific assets.
• c. Adherence to limits of large exposures.
• d. Adherence to limits of exposures to related parties.
• e. Satisfying any additional requirements relating to reporting.

2) The Central Bank may take any additional actions to those mentioned in item (1) of this article.

3) The Central Bank may instruct any subsidiary of a Licensed Financial Institution to take particular actions, or refrain from carrying on particular activities, in the following cases:

• a. If the Central Bank is the consolidated regulatory authority of the entities referred to in this item.
• b. If the Central Bank decided that such instruction is necessary for the exercise of effective and consolidated prudential supervision of the entities referred to in this item.

4) The instructions and directives referred to in item (3) of this article may include the following:

• a. Require the subsidiary of the concerned Licensed Financial Institution to suspend provision of particular services, or carrying on particular businesses or activities, or even closing down any of its offices or branches outside the State, if such services, businesses or activities may expose the concerned Licensed Financial Institution to additional risk, or to risks that cannot be managed effectively and appropriately.
• b. Require the subsidiary of the concerned Licensed Financial Institution to take all necessary actions to remove any impediments that may hinder effective consolidated supervision.

The Central Bank may set limits to which deposit-taking Licensed Financial Institutions shall adhere to in their operations, which include the following:

1) The maximum amount of total discount operations or loans and advances the Licensed Financial Institution is allowed to conduct, as of a certain date.

2) The maximum amount the Licensed Financial Institution may lend to a single Person, relative to its own funds.

3) Any other limits the Central Bank may determine.

1) The Central Bank shall establish a general framework for governance of Licensed Financial Institutions, and shall issue rules and regulations relating to organization of works of their boards of directors and shall determine the conditions to be met by nominees for membership of their boards of directors, and the requirements and conditions for appointment of their senior staff; provided that Licensed Financial Institutions listed in the State’s financial markets shall adhere to the minimum requirements of corporate governance set by the concerned regulatory authority.

2) Licensed Financial Institutions must obtain Central Bank’s prior approval for appointment, nomination of any Person for membership of their boards of directors or renewal of his membership, and appointment or renewal of the employment contract of any of their senior staff.

3) The Board of Directors may, as may be required to safeguard public interest, reject any Person’s nomination, appointment, or renewal of his membership in the board of directors of a Licensed Financial Institution, and may also reject appointment or renewal of the employment contract of any of its senior staff.

The Central Bank shall prepare an electronic guide, which would include all regulations, rules, standards, decisions, and circulars issued by the Central Bank in accordance with the provisions of this decretal law. Such guide shall be published and regularly updated on the Central Bank’s website.

The regulations, decisions, and circulars issued by the Central Bank in accordance with the provisions of this decretal law shall have no retroactive effect, and shall not prevent implementation of agreements concluded between Licensed Financial Institutions and their customers prior to their issuance. The Central Bank shall determine the required transitional period for Licensed Financial Institutions to reconcile their respective positions, according to the provisions of this decretal law.

1) The Central Bank may, at any time, dispatch any of its staff or any third party authorized to act on its behalf to Licensed Financial Institutions and their owned companies or subsidiaries, if it deemed necessary to ensure soundness of their financial positions, and their compliance with the provisions of this decretal law and the regulations and decisions issued in implementation thereof, and other established laws and regulations in the State.

2) In case of the conduct of examination of companies owned by Licensed Financial Institutions and their subsidiaries, which are regulated by any of the Regulatory Authorities in the State or in other jurisdictions, the Central Bank shall coordinate with the concerned regulatory authority in this regard.

3) The Central Bank may, in coordination with the concerned agencies in the State, inspect premises of any Person suspected of carrying on any of the financial activities referred to in Article (65) of this decretal law, without a license. The Central Bank may, in this respect, require the suspected Person to provide all information, documents, and records relating to the unlicensed financial activities, and may seize such information, documents, and records.

4) Licensed Financial Institutions, their owned companies and subsidiaries shall provide the staff referred to in item (1) of this article with all information, records, books, accounts, documents and data relating to the subject of examination, along with any information he may ask for, on timely basis.

5) Central Bank staff may, within the framework of the examination process, summon any related Person, on the time and place they may determine, to provide information, data, documents, or records relating to the examination process.

6) The Board of Directors may issue regulations, rules, standards, directives and instructions relating to mechanisms and procedures for examination of Licensed Financial Institutions.

7) The Central Bank may take all measures and actions it deems appropriate for achieving its objectives and discharging its functions, and may particularly take the following actions, if it was found that a violation to the provisions of this decretal law, or the regulations and decisions issued in implementation thereof, has occurred:

• a. Impose restrictions on some of the operations or activities carried on by the concerned Licensed Financial Institution.
• b. Require the concerned Licensed Financial Institution to take necessary actions to rectify the situation immediately.
• c. Appoint a specialized expert, or a qualified Central Bank employee, to advice the concerned Licensed Financial Institution or supervise, or oversee some of its operations, for a period specified by the Central Bank. The concerned Licensed Financial Institution shall pay remunerations of such appointee if he is an expert from outside the Central Bank.
• d. Take any other action or measure, or impose any penalties it deems appropriate.

8) Licensed Financial Institutions shall be required to pay all costs of examination and investigations process outsourced, by the Central Bank, to a third party, in case its violation to the provisions of this decretal law, and the regulation and decisions issued in implementation thereof, has been established.

The Central Bank may dispatch one or more of its examiners or experts, to undertake examination of entities of national Licensed Financial Institutions operating abroad, in collaboration and coordination with the concerned regulatory authorities in those jurisdictions;

Such would include entities of national Licensed Financial Institutions operating in Financial Free Zones in the State, in cooperation and coordination with the supervisory authorities of the concerned Financial Free Zone.

The Central Bank may assign an expert or a Person qualified in the area of Licensed Financial Activities, to provide it with a report on a subject specified by the Central Bank, relating to direct and indirect businesses and activities of a particular Licensed Financial Institution. Such would be carried out in accordance with the conditions and procedures established by the Central Bank, and at the expense of the entities referred to in this article.

Central Bank staff designated per decision issued by the Minister of Justice, in coordination with the Governor, shall, in establishing acts occurring in violation of the provisions of this decretal law, have the capacity of judicial officers.

1) Without prejudice to the provisions of the Civil Procedures Law, the Central Bank may request intervention in any lawsuit filed with judicial authorities to which a Licensed Financial Institution is party.

2) Law enforcement and other concerned authorities shall notify the Central Bank of any investigations or proceedings initiated against Licensed Financial Institutions. The Central Bank may provide such authorities with any clarifications, statements, or information it deems appropriate in this regard.

The financial year for a Licensed Financial Institution shall begin on the first of January and end on the thirty first of December of each year, except for the first financial year, which begins from date of registration of the institution and shall end at the end of the following financial year.

1) Branches of foreign Licensed Financial Institutions shall maintain separate accounts for all their operations in the State, including the balance sheet and profit & loss account.

2) Branches and sections of a local or foreign Licensed Financial Institution operating in the State, shall, for the purposes of bookkeeping, constitute one financial institution.

1) Each Licensed Financial Institution operating in the State shall, every year, appoint an auditor or more, from amongst the auditors approved by the Central Bank, for auditing its accounts. Should the concerned Licensed Financial Institution fail to appoint an auditor, the Central Bank shall appoint an auditors for the concerned institution and determine its remunerations, which shall be paid by the concerned institution.

2) The functions of the auditors shall include preparation of a report on the balance sheet and the profit and loss accounts for the shareholders. The auditors shall state in their report whether the annual balance sheet and profit and loss accounts are true and fair, and whether the concerned Licensed Financial Institution has provided them with all the information and clarifications requested for performance of their mission. The concerned Licensed Financial Institution shall, at least twenty (20) working days before convening of the general assembly, provide the Central Bank with copy of the auditors’ report, along with copy of the balance sheet and the profit and loss account.

3) The general assembly of a Licensed Financial Institution may not be convened prior to receipt of Central Bank’s remarks on the report. The Central Bank may, within ten (10) working days from date of receipt of the report referred to in item (2) of this article, issue a decision not to approve the profits proposed for distribution to shareholders, if a shortfall in provisions was found, or a decline in the capital adequacy ratio from the established minimum requirement was established, or any reservation indicated in the auditors’ report or from the Central Bank, and deemed to have impact on distributable profits.

4) The auditors’ report, together with the report of the board of directors of the Licensed Financial Institution shall be read to the shareholders at the annual general assembly where the concerned institution is incorporated in the State. Such institution shall provide the Central Bank, within twenty (20) work days from date of convening of the general assembly, with three (3) copies of each report. If the concerned Licensed Financial Institution was incorporated in another jurisdiction, a copy of the auditors’ report shall be forwarded to its head office, and three (3) copies thereof shall be submitted to the Central Bank within twenty (20) working days from date of its issue.

5) The auditors shall not be represented in the board of directors of the Licensed Financial Institution, which appointed it to audit its accounts, nor have one of its staff appointed as employee, or act as advisor to the same institution.

6) A Licensed Financial Institution shall not extend credit facilities, of any type, to the auditors of its accounts. An auditor approved by the Central Bank may not commence its functions at a Licensed Financial Institution, unless any obligations it may have towards such institution were settled.

7) The auditors shall be responsible for the contents of their report on the financial statements of the concerned Licensed Financial Institution. If failure to properly perform their assigned duties or violation of provisions of this decretal law and the regulations and decisions issued in implementation thereof was established, the Central Bank may take any necessary measures or procedures, in collaboration and coordination with the concerned authorities in the State to strike their names from the established registers. The Central Bank may, at its own discretion, take any administrative or legal actions against the negligent or violating auditors.

8) The Central Bank may, at its discretion, require the auditors of a Licensed Financial Institution, or its subsidiaries or affiliates, to submit a report, at the expense of the concerned Licensed Financial Institution, establishing their compliance with the provisions of this decretal law and the regulations issued in implementation thereof.

9) The Board of Directors shall issue regulations and establish a register for approved auditors, authorized to audit the accounts of Licensed Financial Institutions.

1) Each Licensed Financial institution shall publish and display the following information and statements on its website, and in each of its offices and branches in the State:

• a. Copy of its audited balance sheet and profit and loss account, and copy of the auditors’ report. Where a Licensed Financial Institution is incorporated in other jurisdictions, publication of such statements may be carried out in the manner consistent with laws of the concerned jurisdiction.
• b. List of names of members of the board of directors, senior executives and their deputies and assistants.
• c. Names of all wholly or partially owned subsidiaries, or entities related to the concerned Licensed Financial Institution.

2) The Central Bank may, require any Licensed Financial Institution to publish or display any information or statements relating to its accounts, in addition to the requirements stated in item (1) of this article, as it deems appropriate.

1) The Board of Directors shall establish a resolution framework for deposit-taking Licensed Financial Institutions in order to minimize the effect that a deficiency in their financial position may have on the financial system in the State. This includes the effects related to a deficiency in the financial position of companies owned by those Licensed Financial Institutions or their subsidiaries.

2) The resolution framework shall include a set of triggers, both prudential as well as qualitative, which signal material risks that would result in the deficiency of the financial position of the institutions referred to in item (1) of this article. In order to achieve this, the Central Bank shall, at its own discretion, decide any of the following measures and actions for the protection of the concerned institution and its depositors:

• a. Impose a minimum ratio for liquidity of the concerned institution, commensurable with the risks associated with its activities.
• b. Require the concerned institution to provide, as per terms and conditions set by the Board of Directors, additional financial resources for support of its paid-up capital.
• c. Issue a decision to merge the concerned institution with another Licensed Financial Institution.
• d. Permit any Financial Institution to acquire the concerned institution.
• e. Form an interim committee to manage the concerned institution, and authorize such committee to take whatever actions it deems appropriate, as per conditions and controls determined by the Board of Directors, including the possibility of taking the decision to impose a moratorium on all or some of the activities of the concerned institution with immediate effect or within another timeframe as well as consequential actions.
• f. Undertake, over a period specified by the Board of Directors, direct management of the concerned institution, and shall, in this case, substitute management of the concerned institution in exercising all powers, including financial and administrative powers; and the powers and authorities of its board of directors, and its general assembly shall immediately be frozen until expiry of the period of interim management.
• g. Request competent authorities in the State to place the concerned institution under interim custody and seize its assets, property and shareholders rights.
• h. Adopt a decision to request the competent court to pass a decision to liquidate the concerned institution, prepare a plan for liquidation or transfer of its assets and liabilities, as it deems appropriate, along with all related settlements and releases and implement or oversee implementation of the liquidation plan, or adopt a resolution decision, or request the competent court to declare bankruptcy, in accordance with established laws.
• i. Where a decision to merge or liquidate of a Licensed Financial Institution incorporated in another jurisdiction and has a branch operating in the State, the same procedures applicable in the concerned jurisdiction of incorporation shall apply if they provide better protection for customers in the State, unless otherwise agreed with the concerned authority.
• j. Any other measures or actions in accordance with a decision by the Board of Directors.

3) The Central Bank may coordinate with the relevant federal and local authorities before issuance of any decision by the Board of Directors, as per provisions of this article, if necessary. The Central Bank may request the competent judicial authorities to take protective and urgent measures and actions, which would ensure protection of property and interest of investors and depositors, or serve public interest.

1) In case of resolution or liquidation of a Licensed Financial Institution, such an announcement shall be published in the Official Gazette, and in, at least, two local Arabic and English daily newspapers, and for a period not less than three (3) business days.

2) The announcement shall include the following:

• a. A grace period, not be less than three (3) months, allowed to customers of the concerned Licensed Financial Institution to take necessary actions to protect their rights.
• b. Details of the entity assigned for the resolution and its functions or the liquidator and his functions.

3 )If the resolution or liquidation occurred as a result of the Licensed Financial Institution being struck-off the Licensed Financial Institution Register, the Chairman of the Board of Director or his deputized representative shall specify, in the decision to strike- off name of the concerned institution, the date of closing down of the concerned institution, and the entity assigned for resolution or liquidation of any outstanding operations on such date.

The Central Bank shall continue surveillance of operations of any Licensed Financial Institution under resolution or liquidation, until final closure of its offices

The provisions of article nos. (116), (117), and (118) of this decretal law shall not preclude implementation of any established legal provisions in the State, relating to resolution and liquidation.

Non-Profit Organisations, in collaboration with the competent Supervisory Authority, shall commit to the following:

1. Apply best practices adopted by the competent Supervisory Authority to mitigate their vulnerabilities so that they can protect themselves from being abused for Financing of Terrorism and of Illegal Organisations.
    
2. Put in place clear policies to promote transparency, integrity, and public confidence in its own administration.
    
3. Conduct Transactions through official financial channels, taking into consideration the different capabilities of financial sectors in other countries.
    

1. The Registrar shall provide information regarding legal persons in the State and make it available to the public as follows:
    
   1. The types, different forms and basic features of legal persons
       
   2. The processes for the creation of those legal persons
       
   3. The processes for obtaining its basic information as stipulated in paragraph (b), Clause (1), of Article (8) of this Decision
       
   4. The processes for obtaining information about the Beneficial Owner.
       
2. The Registrar shall undertake to maintain and keep the up-to-date basic information defined in paragraph (b), Clause (1), of Article (8) of this Decision, ensure its accuracy and make it available to the public
    
3. Upon registering companies, the Registrar shall commit to receive the data of the Beneficial Owner of the company as stipulated in Clause (Error! Reference source not found.) of Article (9) of this Decision and make sure it remains up to date accurate, and available to the Competent Authorities.
    

1. Companies shall be required to maintain the information set out in paragraph (b), Clause (1) of Article (8) of this Decision and a register of all their shareholders containing the number of shares held by each shareholder and categories of shares, if any, including the voting rights and providing this register to the Registrar after ensuring its accuracy.
    
2. Companies shall undertake to maintain and make available the data mentioned in Clause (Error! Reference source not found.) of Article (9) of this Decision to the Registrar at all times and upon request, update such data within 15 business days upon its amendment or change and ensure to keep this information up-to-date and accurate on an ongoing basis and assist the Registrar in documenting such information if so required.
    
3. Companies shall have one or more natural persons residents of the State and authorised to disclose to the Registrar all information contained in Clauses (1) and (2) of this Article
    
4. Any company established or registered in the State shall be prohibited from issuing share warrants to bearer.
    
5. Companies that permit the issuance of nominee shares in the name of individuals or members of the board of directors shall be required to disclose those shares and the identities of the members of the board of directors to the Registry for the purpose of registering them.
    

The Registrar and the companies, or the administrators or liquidators or any other stakeholder involved in the dissolution of the company, shall maintain records and all information as mentioned in Article (34) and Article (35) for at least five years from the date in which the company is dissolved or otherwise ceased to exist.

1. The Trustees in Legal arrangements are required to information about the Beneficial Owner as prescribed in Clause (Error! Reference source not found.) of Article (9) of this Decision.
    
2. The Trustees in Legal Arrangements are required to maintain basic information relating to intermediaries, who are subject to supervision, and service providers, including consultants, investors, directors, accountants and tax advisors.
    
3. The information mentioned in Clauses (1) and (2) of this Article shall be maintained accurately and updated within 15 days if it is amended or changed and legal arrangement representatives shall be required to maintain this information for at least five years from the date of the end of their involvement with the legal arrangement.
    
4. The Competent Authorities, and in particular Law Enforcement Authorities, shall request and obtain information held by trustees, Financial Institutions, or DNFBPs, without delay, relating to the following:
    
   1. The Beneficial Ownership of legal arrangements
       
   2. The residence of the Trustee
       
   3. The funds that are held or managed by the Financial Institution or DNFBP in relation to any trustees with which they have a Business Relationship, or for which they undertake an occasional Transaction.
       

It is prohibited to invoke banking, professional or contractual secrecy as a pretext to prevent application of the provisions of the Decretal-Law and this Decision in the following cases:

1. Exchange of information among Financial Institutions whenever it is related to Correspondent Banking or Wire Transfers and the reliance on regulated third party relationships in accordance with Articles (19), (25), and (27) to (30) of this Decision.
    
2. Exchange of information among Competent Authorities at the domestic or international level in relation to the combating of the Crime.
    

1. Any person who obtains information related to a suspicious transaction or any of the crimes stipulated in the Decretal-Law shall be bound by its confidentiality and not disclosed except to the extent necessary for its use in investigations, prosecutions or cases in violation of the provisions of the Decretal-Law and this Decision.
    
2. In all cases, it is not permissible to contact the Customer directly or indirectly to notify him of the actions taken, except at the written request of the competent Supervisory Authority.
    

1. The FIU shall be operationally independent in order to carry out its functions effectively, and the Central Bank shall provide it with the required technical, financial and human resources.
    
2. The main headquarter for the FIU shall be the capital of the State and it may open branches within the Central Bank’s branches in the Emirates of the State.
    
3. The FIU shall operate as national centre to receive STR’s and other information related to the Crime.
    

The FIU shall have the following powers:

1. Putting in place the FIU’s departments and internal regulations for approval by the Central Bank’s Board of Directors. The internal regulations shall include procedures to ensure the competency and integrity of its employees and the awareness of their responsibilities in dealing with confidential information.
    
2. Establishing a database or special register to hold any information it has available and securing this information by establishing rules that govern information security and confidentiality, including procedures for processing, storing, disseminating and setting procedures to ensure limited access to the FIU’s facilities, information and technical systems and to the review or disclosure of information, except by those authorised to do so.
    
3. Providing courses and programs to train and develop the employees working in it and any other authority, be it inside or outside the State.
    
4. Preparing studies, research and statistics related to the Crime, and following up on any studies, research or statistics conducted domestically or internationally in this regard.
    
5. Preparing annual reports about its Crime-combatting activities that include specifically general analysis of STRs and notifications received as well as activities and trends of the Crime, and preparing a brief of this report for dissemination purposes.
    

The FIU shall be responsible for carrying out its duties with regards to STRs as follows:

1. Receiving STRs relating to the Crime from Financial Institutions and DNFBPs on the FIU’s approved templates, then studying, analysing and storing them in its database.
    
2. Requesting Financial Institutions, DNFBPs, and Competent Authorities to provide any additional information and documents relating to the STRs and information received, and any other information that it might deem necessary to perform its duties, including information relating to customs’ disclosures, in the time and form specified by the FIU
    
3. Analysing available reports and information as follows:
    
   1. Operational analysis by using available and obtainable information, to identify specific targets, such as persons, funds, or criminal networks, track activities or specific Transactions, and determine the links between those targets, activities or transactions and potential proceeds of the Crime.
       
   2. Strategic analysis by using available and obtainable information, including data provided by Competent Authorities, to identify trends and patterns of the Crime.
       
4. Providing the Financial Institutions and DNFBPs with the analysis results of the information provided in the reports received by the FIU in order to enhance the effectiveness of the measures for combating the Crime and detecting STRs.
    
5. Cooperating and coordinating with the Supervisory Authorities by disseminating the outcomes of its own analysis, specifically with respect to the quality of STRs, to ensure the compliance of Financial Institutions and DNFBPs with the procedures for combating the Crime
    
6. Sending the data relating to the reports, the outcomes of its analyses and any other relevant data to Law Enforcement Authorities, when there are sufficient grounds to suspect its connection to the Crime, to take required actions in that regard.
    
7. Providing to judiciary authorities and Law Enforcement Authorities information related to the Crime and information it can obtain from foreign FIUs, spontaneously or upon request.
    

The FIU shall be responsible for carrying out its duties at the international level as follows:

1. Exchanging information with its FIU counterparts in other countries on STRs or any other information the FIU has the power to obtain or access, whether directly or indirectly, as per the international agreements to which the State is a party or any memorandums of understanding the FIU has entered into with FIU counterparts to regulate its cooperation with them or on the condition of reciprocity.
    
2. Reporting to its FIU counterparts the outcomes of using the submitted information and analysis conducted based on that information.
    
3. The information specified in Clauses (1) and (2) of this Article may not be used except for Crime-combatting purposes and may not be disclosed to any third party without the FIU’s approval.
    
4. Following up on the developments relating to Money Laundering and Terrorism Financing crimes through the relevant regional and international organisations and bodies and participating in related meetings.
    
5. Following up with the requirements of the Egmont Group, as well as participating and attending its meetings as a member of the group.
    

The Supervisory Authorities, each in accordance with its specialisations, shall assume the functions of supervision, monitoring and follow-up to ensure compliance with the provisions of the Decretal-Law and this Decision and shall be specialised in the following:

1. Conducting a risk assessment for any potential occurrence of the Crime in legal persons, including Financial Institutions and DNFBPs.
    
2. Putting in place the Crime-Combating regulations, instructions and forms for the entities subject to their supervision, when necessary.
    
3. Putting in place the required procedures and controls to assess the compliance of supervised institutions with the provisions of the Decretal-Law and this Decision and any other legislation related to combating the Crime in the State, as well as to request the information relating to such compliance.
    
4. Setting and applying the regulations, controls, standards of merit to anyone who seeks to acquire, control, participate in management or operation, whether directly or indirectly, or to be the beneficiary of Financial Institutions and DNFBPs.
    
5. Conducting onsite and offsite supervision and inspections over Financial Institutions and DNFBPs.
    
6. Determining the frequency of supervision and inspection over Financial Institutions, Financial Groups, and DNFBPs based on the following:
    
   1. National Risk Assessment
       
   2. Distinctive characteristics of Financial Institutions, Financial Groups and DNFBPs in terms of their diversities, numbers and the degree of discretion provided to them under the risk-based approach.
       
   3. Risks of the Crime as well as internal policies, controls and procedures associated with Financial Institutions, Financial Groups, or DNFBPs as identified by the Supervisory Authority’s assessment of each’s risk profile.
       
7. Undertaking all measures to ensure full compliance of the Financial Institutions and DNFBPs in implementing Security Council Resolutions relating to the prevention and suppression of terrorism and Terrorism Financing, and the prevention and suppression of the proliferation of weapons of mass destruction and its financing, and other related decisions, by conducting onsite visits and on-going monitoring, and imposing appropriate administrative sanctions when there is a violation or shortcoming in implementing the instructions.
    
8. Ensuring that the prescribed measures are adopted by the supervised institutions in accordance with the provisions of the Decretal-Law and this Decision, and that these measures are implemented in their foreign branches and majority-owned subsidiaries to the extent permitted by the laws of the country, where those branches and subsidiaries exist.
    
9. Periodically reviewing the assessment of the Crime risk profile of a Financial Institution and Financial Group (including the risks of non-compliance), and when there are major events or developments in the management and operations of the Financial Institution or Group.
    
10. Ensuring the compliance of Financial Institutions and DNFBPs subject to their supervision in implementing enhanced CDD measures on Customers and ongoing monitoring of the business relationship related to High-Risk Countries.
     
11. Providing Financial Institutions and DNFBPs with guidelines and feedback to enhance the effectiveness of implementation of the Crime-combatting measures.
     
12. Maintaining an up-to-date list of the names and data of compliance officers of the institutions under their Supervision, and notifying the FIU thereof; and requiring those institutions to obtain their prior consent before appointing their compliance officers.
     
13. Conducting programs and outreach campaigns on combating the Crime.
     
14. Issuing decisions of imposing administrative sanctions in accordance with the provisions of the Decretal-Law and the present Decision, and the mechanism for submitting relevant grievance.
     
15. Maintaining statistics about the measures taken and sanctions imposed.
     

The Competent Supervisory Authority for NPOs shall commit to the following:

1. Obtaining, in a timely manner, all information available with all Competent Authorities regarding NPO activities for the purpose of determining the size, features and types of NPOs, and identifying the threats posed against them by terrorism organisations, and the extent to which they are exposed to the risk of being misused for supporting Financing of Terrorism and Financing of Illegal Organisations, and then taking all appropriate and effective measures to combat these identified risks and reviewing them on a periodic basis to ensure their adequacy.
    
2. Reviewing the relevance and adequacy of legislation relating to NPOs to stop their misuse for supporting the Financing of Terrorism and of Illegal Organisations, and working to improve them when necessary.
    
3. Periodically reassessing NPOs by reviewing updated information on their potential vulnerabilities, which may be exploited in support of Financing of Terrorism.
    
4. Promoting and conducting awareness outreach and educational programs in order to raise awareness of NPOs and their donators on their potential vulnerabilities, which may expose them to risks of being misused for supporting and financing of Terrorism, and measures that can be taken by NPOs to protect themselves from such risks.
    
5. Supervising and monitoring NPOs using a risk-based approach to prevent their misuse in the Support and Financing of Terrorism and ensure compliance with their requirements.
    
6. Cooperating, coordinating and exchanging information at the local level with Competent Authorities that hold relevant information on NPOs.
    
7. Possessing experience in the field of investigations and the ability to examine NPOs that are suspected of being misused for supporting and financing of terrorism.
    
8. Fully reviewing the information relating to the administration and management of any NPO, including financial information and information relating to its programs.
    
9. Establishing mechanisms to ensure the prompt exchange of information with Competent Authorities for the purpose of taking preventive measures or investigative action when there is suspicion or reasonable grounds to suspect that the NPO is:
    
   1. A front for the raising of funds on behalf of a terrorist organisation.
       
   2. Being exploited as a conduit for the Financing of Terrorism or for the evasion of asset freezing measures or any other form of terrorism support.
       
   3. Concealing or disguising the flow of funds intended for legitimate purposes, but redirected for the benefit of terrorists or terrorist organisations.
       
10. Determining the appropriate points of contact and procedures required to respond to international requests for information regarding NPOs suspected of Financing of Terrorism or is being exploited for the Financing of Terrorism or other forms of terrorism support.
     

1. The Governor, or whoever is acting in his place, shall order the Freezing of funds, which are suspected to be linked to the Crime, with Financial Institutions licensed by the Central Bank for a period of no more than (7) seven working days, in the case of the FIU’s requests based on its analysis of STRs and other information received.
    
2. The FIU shall, in the event of taking the decision mentioned in Clause (1) of this Article, do the following:
    
   1. Notify the concerned Financial Institution to perform the Freezing order without prior notice to the owner of the funds.
       
   2. Notify the public prosecutor, in case the Governor requests extending the Freezing order, including the justifications of such extension.
       
3. The FIU, after presenting to the Governor, shall notify the concerned Financial Institution of the cancelation of the Freezing order in case the public prosecutor refuses the extension or after expiry of the period specified in Clause (1) of this Article without receiving a response from the public prosecutor
    
4. The Financial Institution, which holds the frozen funds, shall notify the owner of the frozen funds of the Freezing order and its sources, and shall request the owner to provide the required documents that prove the legitimacy of the source of these funds and refer these documents to the FIU to take the required actions.
    
5. The Governor shall submit a proposal to the public prosecutor to cancel the extension of the Freezing order once there are no grounds to such freeze in order for the public prosecutor to take actions as he deems appropriate.
    
6. The fund freezing orders shall not be executed by Financial Institutions licensed by the Central Bank unless they are issued by it.
    

1. The Public Prosecution and the competent court shall, as the case may be, order the identification, tracing, and valuation of the Funds, Proceeds and Means under suspicion, or their equivalent value, or order their Seizing or Freezing, if they were the result of or linked to the Crime, and that is without prior notice to the owner, and shall issue a travel ban for the owner until the completion of the investigation or trial.
    
2. The Public Prosecution or the competent court shall, as the case may be and when deemed necessary, take decisions to prevent the dealing with or disposing of such Funds, Proceeds or Means, and take the necessary measures to prevent any action intended to evade the Freezing and Seizing order issued in that regard, without violating the rights of bona fide third parties.
    
3. Any interested party shall have the right to contest the public prosecution’s Freezing or Seizing decision before the competent court of first instance, which is located within the jurisdiction of the order public, or the competent court specialised in criminal claims.
    
4. The contest shall be submitted as a report to the competent court. The president of the court shall, then, schedule a hearing session with the knowledge of the defendant, and the public prosecution shall be required to lodge a memorandum with its opinion on the defendant’s grievance. The court then issues its final decision within a period of no more than 14 working days as of the date of submission of the appeal.
    
5. The decision to dismiss the contest request is not subject to appeal; if the contest was rejected, it is not permissible to lodge a new contest except after a duration of three months from the date of rejecting the contest, unless a serious reason occurs before the period passes.
    

The public prosecution and the competent court shall, as the case may be, appoint whomever they deem suitable to manage the seized and frozen Funds, Proceeds and Means or those subject to Confiscation, and permit them to dispose or sell the Funds, Proceeds and Means in public auction, even before the issuance of the verdict, if necessary, if they are concerned about their depreciation or devaluation over time. The amount of the sale shall be deposited in the State’s treasury in the event of a final verdict of conviction. Such funds shall remain within the limits of their value for any rights legitimately determined to any bona fide third parties.

1. The public prosecution and Law Enforcement Authorities shall, when launching an investigation and collecting evidence for a Predicate Offense, when necessary, take into consideration the extent to which the financial aspects of the criminal activity are connected with Money Laundering, Financing of Terrorism, or the Financing of Illegal Organisations, in order to determine the scope of the crime, identify and track proceeds and any other funds that may be subject to confiscation and strengthen evidence of the crime.
    
2. The public prosecution shall request the opinion of the FIU on the notifications received in relation to Money Laundering, Financing of Terrorism or Financing of Illegal Organisations cases.
    
3. Law Enforcement Authorities shall be responsible for receiving, and following up on, the results of STR analysis from the FIU and for gathering the related evidence.
    
4. The public prosecution and Law Enforcement Authorities shall promptly identify, trace and seize Funds, Proceeds and Means that might be subject to Confiscation and linked to the Crime.
    
5. Law Enforcement Authorities shall obtain the information directly from Competent Authorities, even if it is subject to banking secrecy or professional confidentiality, as they deem fit so they can perform their duties in detecting the Crime or its perpetrator(s) and collecting evidence about them, and the authority, who is the recipient of the information request, shall execute the request without delay.
    

Competent Authorities, for the purpose of implementation of International Cooperation requests on the Crime, to conclude, negotiate and sign agreements in a timely manner with foreign counterpart authorities, in a manner that does not contradict the legislation in force in the State

Competent authorities shall give priority to all International cooperation requests related to the Crime and implement them expeditiously through clear and secure mechanisms and channels. The confidentiality of the information received shall be subject to the request, if required. If the confidentiality of the information cannot be kept, then the requesting authority shall be informed of the matter.

Within the scope of implementing the provisions of the Decretal-Law and this Decision, an International Cooperation request regarding the Crime shall not be rejected on the basis of any of the following:

1. The crime involves financial, tax or customs matters.
    
2. Secrecy provisions are binding upon Financial Institutions and DNFBPs, providing that they do not violate the applicable laws in the State, unless the relevant information was obtained under the circumstances where professional legal privileges or professional secrecy apply.
    
3. The crime is political or related to a political crime.
    
4. The request is connected with a crime subject of an ongoing investigation or prosecution in the State, unless the request impedes the investigation or the prosecution.
    
5. The act, on which the assistance is based, does not constitute a crime in the State, or the act does not have similar attributes to a crime set out in the State, unless it involves constraining, coercive measures or its in accordance with the applicable laws in the State.
    
6. The criminal act in the State is listed under a different name or description or that its structure varies from that of the requesting country.
    

In accordance with the legislation and agreements in force in the State or on the condition of reciprocity, the competent authorities shall:

1. Execute requests received from any foreign entity and exchange information on the Crime at the appropriate speed with foreign counterparts, and obtain any other requested information on its behalf, even if such requests change in nature, whether spontaneously or upon request.
    
2. Provide feedback to foreign counterparts on the use of the information obtained and the extent to which it was beneficial, if requested to do so.
    
3. Obtain a declaration or undertaking from the foreign counterpart that international cooperation information will only be used for the intended purpose, unless prior approval has been obtained.
    
4. Use international cooperation information obtained for the intended purpose, unless the foreign counterpart grants its approval for use for another purpose.
    
5. Refuse to provide information in the event that it is not effectively protected by the foreign counterpart requesting international cooperation.
    

1. The Competent Authorities commit to provide the means for international cooperation with respect to the basic information and Beneficial Owners of companies and legal arrangements, whereby such cooperation shall include the following:
    
   1. Facilitating the access of foreign competent authorities to basic information held by the registries of companies and legal arrangements;
       
   2. Exchanging information on legal arrangements and the shareholders in companies;
       
   3. Using their powers to obtain all the information on Beneficial Owners on behalf of foreign counterparts.
       
2. The Competent Authorities shall supervise the implementation quality for the international cooperation requests received from other countries in relation to basic company information and Beneficial Ownership for companies and legal arrangements, as well as the requests for international cooperation relating to determining the location of the Beneficial Owner from companies abroad.
    

In accordance with the legislation in force in the State, and the provisions of the agreements to which they are a party, and on the condition of reciprocity, the Supervisory Authorities of the Financial Institutions shall:

1. Exchange information relating to the appropriate Crime that it maintains and which is available to it directly or indirectly, with foreign counterparts, regardless of their nature, and consistent with the relevant international financial control principles relevant to anti money-laundering and combating the financing of terrorism applicable to each of them, including information on:
    
   1. The regulatory framework of the financial sectors and the general information related to them.
       
   2. Preventive financial control measures such as information related to the activities and works of financial institutions, their real beneficiaries, their management, and information of merit and eligibility.
       
   3. Internal policies of financial institutions in the field of combatting the Crime, CDD information of Customers, and of information related to accounts and transactions.
       
2. Obtaining prior approval of the foreign supervisory authority, where the information is required for transmission or use, other than for the intended purpose, and to informing it of the matter in the event of disclosure of such information whenever it is the result of a legal obligation.
    
3. Requesting or facilitating access to information on behalf of the foreign supervisory authority, for the purposes of enhancing supervision on the financial group.
    

Without prejudice to the provisions of the treaties and conventions to which the State is a party and subject to reciprocity; and without prejudice to the legislation in force in the State, Law Enforcement Authorities, in coordination with the Competent Authority, may:

1. Exchange information held by it, either directly or indirectly, with foreign counterparts for purposes of investigation or collection of inferences relating to Crime, identification and tracking of proceeds and intermediaries.
    
2. Use the powers conferred upon it in accordance with the legislation in force in the State to conduct investigations and obtain information on behalf of the foreign counterpart, and coordinate the formation of bilateral or multilateral teams to conduct joint investigations.
    

Upon request from another judiciary authority in another country, with whom there is a valid agreement in place with the State, or on the basis of reciprocity concerning any acts that are punishable as per the applicable laws in the State, the competent judiciary authority shall provide legal assistance in investigations, trials or measures linked to the Crime and it shall order the following:

1. Locating, Freezing, Seizing or Confiscation of Funds, Proceeds or Means that have been used, or intended for use in the Crime, or their equivalent. The death or anonymity of the suspect shall not prevent undertaking such measures.
    
2. Any other measures applicable in accordance with the enforceable laws in the State, including the provision of records maintained by Financial Institutions, DNFBPs or NPOs, the search of persons and buildings, gathering statements from witnesses, collecting evidence, using investigative methods such as Undercover Operations, wiretapping, communications, obtaining electronic data and information and Controlled Delivery.
    
3. Extradition and repatriation of persons and things related to the Crime in accordance with the laws applicable in the State.
    

It is permitted to recognise any judgement or judicial order that provides for the confiscation of Funds, Proceeds or Means relating to Money Laundering, the Financing of Terrorism or the Financing of Illegal Organisations issued by a competent court or judiciary authority in another country, with whom there is an attested agreement in place with the State.

Taking into consideration the applicable laws in the State, the implementation of the judgement or judicial order mentioned in Article (58) of the present Decision shall not contradict a judgment or order previously issued by a court in the State, there shall not be an ongoing charge in the State regarding the same judgment issued from the requesting country, and the request shall also include the following documents and information:

1. An attested copy of the judgment or judicial order for Confiscation along with the law on which it is based, and a statement of the reasons for issuing the confiscation order, if not mentioned in the judgment or the order itself.
    

1. A statement establishing that the sentenced person has been duly summoned and represented, and has been able to defend himself.
    
2. A document confirming that the judgement or judicial order is enforceable and not subject to appeal through ordinary methods.
    
3. Description of the Funds, Proceeds and Means for Confiscation, their estimated value, their potential location and information regarding any persons who might be holding or possessing these funds.
    
4. Statement of the amount to be repatriated from the funds for Confiscation.
    
5. Any information relating to third party rights on the Funds, Proceeds or Means.
    
6. Statement of the procedures undertaken in the requesting country to protect bona fide third parties.
    

Every natural or legal person shall immediately comply with the instructions issued by the Competent Authorities in the State concerning the implementation of the resolutions issued by UN Security Council under Chapter VII of the Charter of the United Nations regarding the prevention and suppression of terrorism and Terrorism Financing, and the prevention and suppression of the proliferation of Weapons of Mass Destruction and its financing, and any other related decisions.

(AML-CFT Law Article 16.1; AML-CFT Decision Article 4.1)

An important first step in applying an RBA is to identify, assess and understand the ML/FT risks by way of an ML/FT risk assessment of the entire business. The purpose of such an ML/FT business risk assessment is to improve the effectiveness of ML/FT risk management, by identifying the inherent ML/FT risks faced by the enterprise as a whole, determining how these risks are effectively mitigated through internal policies, procedures and controls, and establishing the residual ML/FT risks and any gaps in the controls that should be addressed.

Thus, an effective ML/TF business risk assessment can allow FIs to identify gaps and opportunities for improvement in their framework of internal AML/CFT policies, procedures and controls, as well as to make informed management decisions about risk appetite, allocation of AML/CFT resources, and ML/FT risk-mitigation strategies that are appropriately aligned with residual risks.

The first step of conducting an ML/TF business risk assessment for FIs is to identify, assess and understand the inherent ML/FT risks (i.e., the risks that an FI is exposed to if there were no control measures in place to mitigate them) across all business lines and processes with respect to the following risk factors: customers, products, services and transactions, delivery channels, geographic locations, and any other risk factors.

With the inherent risks as a basis, the FI can determine the nature and intensity of risk mitigating controls to apply to the inherent risks. The level of inherent ML/FT risks influence the kinds and levels of AML/CFT resources and mitigation strategies which FIs require to put in place. The assessment of inherent ML/FT risks and of the effectiveness of the risk mitigation measures will result in a residual risk assessment, i.e., the risks that remain when effective control measures are in place. In case the residual risk falls outside the risk appetite of the FI, additional control measures will need to be implemented to ensure that the level of ML/FT risk is acceptable to the FI.

FIs may utilise a variety of models or methodologies to analyse their risks, in keeping with the nature and size of their businesses. FIs should decide on both the frequency and methodology of an ML/FT business risk assessment, including baseline and follow-up assessments, that are appropriate to their particular circumstances, taking into consideration the nature of the inherent and residual ML/FT risks to which they are exposed, as well as the results of the NRA and Topical Risk Assessments. In most cases, FIs should consider performing the ML/FT business risk assessment at least annually; however assessments that are more frequent or less frequent may be justified, depending on the particular circumstances. They should also decide on policies and procedures related to the periodic review of their ML/TF business risk assessment methodology, taking into consideration changes in internal or external factors. These decisions should be documented, approved by senior management, and communicated to the appropriate levels of the organisation.

As part of the model or methodology, FIs should consider including in their ML/FT risk assessment the following elements:

The result of an effective ML/FT business risk assessment will be the classification of identified risks into different categories, such as high, medium, low, or some combination of those categories (such as medium-high, medium-low). Such classifications may assist FIs to prioritise their ML/FT risk exposures more effectively, so that they may determine the appropriate types and levels of AML/CFT resources needed, and adopt and apply reasonable and risk-proportionate mitigation measures.

As part of the business-wide ML/TF risk assessment, a proper identification of risk factors is crucial to the effective assessment of ML/FT risk. Risks will often occur as combinations of these risk factors. A risk can for instance occur because of the interrelationship between a customer and the jurisdictions where the customer is from or is active, or because of the connection between a product and the delivery channel.

Identified risk factors are used for the accurate categorisation of inherent risks, as well as for the application of appropriate mitigation measures. At the enterprise level, this includes adopting and applying adequate policies, procedures, and controls to business processes (see Section 5.1, Internal Policies, Controls and Procedures). The policies, procedures, and controls will in turn address the risks at the individual customer level, including assigning appropriate risk classifications to customers and applying due diligence measures that are commensurate with the identified risks (see Section 6, Customer Due Diligence).

The AML-CFT Decision outlines several risk factors which FIs must consider, when identifying and assessing their ML/FT risk exposure. FIs may also consider a wide array of additional risk factors, utilising various sources, such as:

In keeping with the ever-evolving nature of ML/FT risks, and in order to ensure that FIs implement a model for conducting the ML/TF business risk assessment that is appropriate to the nature and size of their businesses, FIs should continuously update the risk factors which they consider, in order to reflect new and emerging ML/FT risks and typologies.

A good practice to assess the inherent risk factors, is for FIs to formulate risk scenarios and assess the likelihood that a scenario occurs and the impact should a scenario materialize. The likelihood can be assessed based on the number of times per year that a risk scenario can occur. The impact can be assessed based on the possible financial and reputational effects that can result if a scenario indeed occurs. In this way, the FI can determine the inherent risks of a risk factor.

When assessing the inherent risks, an FI should make an inventory of the customers it services, the products and services it offers, define the scope of business areas to assess, including business units, legal entities, divisions, countries and regions. For this, an FI should make use of up-to-date quantitative and qualitative information on for instance, the types and number of customers, the volume of operations for the types of customers, volume of business per product and services and geographic locations.

Examples with regard to some of the major risk factors that should be taken into account by FIs when conducting the ML/TF business risk assessment are provided in the sections below. Even though some of these risk factors will also be relevant for the risk assessment of an individual Customer or Business Relationship, for the ML/TF business risk assessment, FIs are reminded that they should take a holistic view when evaluating exposure to these categories of customers.

The customer risk factors relate to types or categories of customers. Certain customer or business relationship categories pose a risk that should be taken into account when assessing the overall level of inherent customer risk. When identifying certain categories of customers as inherently high risk, FIs should also consider the results of the NRA or any Topical Risk Assessment, as well as information from official sources, including the Supervisory Authorities, the FIU, the FATF, MENAFATF and other FSRBs, the Egmont Group, etc.

When assessing the customer risk factors with respect to the business-wide ML/FT risk assessment, an FI can take into account:

The specific customer risk factors that FIs should consider, include:

Some of these customer risk factors are also relevant when determining the customer risk classification of an individual customer and the type and extent of customer due diligence to be performed (see Section 6, Customer Due Diligence).

FIs should consider geographic ML/FT risk factors both from domestically and cross-border sources. These risks arise from: (i) the locations where the FI has offices, branches and subsidiaries and (ii) locations in which the customers reside or conduct their activities. Examples of some of these factors include:

When assessing the inherent ML/FT risks associated with product, service, and transaction types, an FI should take stock of its lines of business, products and services that are more vulnerable to ML/FT abuse. FIs should assess the inherent ML/FT risks of abuse of the products and services by their customers taking into account a number of factors such as their ease for holding and transferring value or their complexity and transparency. Some of the risk factors that FIs should consider, among others, are:

Different delivery channels for the acquisition and management of customers and business relationships, as well as for the delivery of products and services, entail different types and levels of ML/FT risk.

When evaluating delivery channel-related risk, FIs should pay particular attention to those channels, whether related to customer acquisition and/or relationship management, or to product or service delivery, which have the potential to favour anonymity. Among others, these may include non-face-to-face channels (especially in cases where there are no safeguards in place such as electronic identification means), such as internet-, phone-, or other remote-access services or technologies; the use of third-party business introducers, intermediaries, agents or distributors; and the use of third-party payment, or other transaction intermediaries.

Given the ever-evolving nature of ML/FT risks, new risks are constantly emerging, while existing ones may change in their relative importance due to legal or regulatory developments, changes in the marketplace, or as a result of new or disruptive products or technologies. For this reason, no list of risks can ever be considered as exhaustive.

Nevertheless, additional factors that may present specific risks are, e.g., the introduction of new products or services, new technologies or delivery processes or the establishment of new branches and subsidiaries locally and abroad.

In order to ensure, therefore, that FIs are in a position to review and update the ML/TF business risk assessment as well as mitigation measures, FIs should take into consideration the results of the NRA or any Topical Risk Assessment. They should also consult publications from official sources on a regular basis, including those of the relevant Supervisory Authorities, the FIU, the FATF, MENAFATF and other FSRBs, the Egmont Group, and others. Links to some of these sources may be found in Appendix 11.2.

Examples of some of the types of additional risk factors which FIs may consider in identifying and assessing their ML/FT risk exposure include:

(AML-CFT Decision Article 23)

As part of their obligation to update their ML/FT risk assessments on an ongoing basis, the AML-CFT Decision specifically requires FIs to “identify and assess the risks of money laundering and terrorism financing that may arise when developing new products and new professional practices, including means of providing new services and using new or under-development techniques for both new and existing products.”

FIs must complete the assessment of such risks, and take the appropriate risk management measures, prior to launching new products and services, practices or techniques, or technologies. In general, they should integrate these ML/FT risk assessment and mitigation requirements into their new product, service, channel, or technology development processes.

For the purpose of assessing the ML/FT risks associated with new products, services, practices, techniques, or technologies, FIs may consider utilising the same or similar risk assessment models or methodologies as those utilised for their ML/FT business risk assessments, updated as necessary for the particular circumstances. They should also document the new product, service, practice, technique, or technology risk assessments, in keeping with the nature and size of their businesses (see Section 4.6.1, Documentation, Updating and Analysis).

(AML-CFT Decision Article 4.1(b))

The AML-CFT Decision obliges FIs to document their risk assessment operations. FIs may utilise a variety of models or methodologies in assessing their ML/FT risk. FIs should determine the type and extent of the risk assessment methodology that they consider to be appropriate for the size and nature of their businesses, and should document the rationale for these decisions.

To be effective, a risk assessment should be based on a methodology that:

(AML-CFT Law Article 16.1(a) and AML-CFT Decision Article 4.1(a)-(b))

Documentation

FIs are obliged to document their ML/TF business risk assessment, including methodology, analysis, and supporting data, and to make them available to the Supervisory Authorities upon request. FIs should incorporate into their documentation, the information used to conduct the ML/TF business risk assessment in order to demonstrate the effectiveness of their risk assessment processes. Examples of such information include, but are not limited to:

The documentation measures taken by FIs should be reasonable and commensurate with the nature and size of their businesses.

Updating

FIs are obliged to keep their ML/TF business risk assessment up-to-date on an ongoing basis. In fulfilling this obligation, they should review and evaluate their ML/FT business risk assessment processes, models, and methodologies periodically, in keeping with the nature and size of their businesses. FIs should also update their ML/TF business risk assessment whenever they become aware of any internal or external events or developments which could affect their accuracy or effectiveness.

Such developments may include, among other things, changes in business strategies or objectives, technological developments, legislative or regulatory developments, or the identification of material new ML/FT threats or risk factors. In this regard, FIs should take into consideration the results of the most recent NRA or any Topical Risk Assessment, as well as circulars, notifications and occasional published information from official sources, such as the Supervisory Authorities; other national Competent Authorities; or relevant international organisations, such as FATF, MENAFATF and other FSRBs, the Egmont Group, and others. Links to some of these sources may be found in Appendix 11.2.

(AML-CFT Law Article 16.1; AML-CFT Decision Article 4.1)

A customer can be anyone who performs a one-off or occasional financial activity or transaction or anyone who establishes an ongoing commercial or financial relationship with the FI.

The accurate assessment of customer or business relationship risk is fundamental to the risk classification of customers and the effective application of appropriate risk-based customer due diligence measures. FIs should take the necessary steps to ensure that their customer or business relationship risk assessment processes are robust and reliable, and that they incorporate the results of the NRA, any Topical Risk Assessment and their own ML/TF business risk assessment, as well as the input of relevant internal stakeholders, including the designated AML/CFT compliance officer.

In assessing customer or business relationship risk, FIs should analyse customers on the basis of the identified risk factors in order to arrive at a risk classification. FIs may utilize different methodologies to accomplish their risk classification, depending on the nature and size of their businesses, and of the risks involved. For example, some entities with smaller or less complex businesses, or with more homogenous customer bases, may elect to assess business relationship risk and assign customer risk classifications on the basis of generic profiles for customers of the same type. Other larger or more complex FIs may elect to assess business relationship risk and assign customer risk classifications using more sophisticated models or scorecards based on weightings of various risk factors.

Regardless of the methodologies they choose, FIs should ensure that their business relationship risk assessment processes and the rationale for their methodologies are well-documented, approved by senior management, and communicated at the appropriate levels of the organisation. They should also decide on policies and procedures related to both the periodic review of their business relationship risk assessment processes, and to the frequency for updating the individual business relationship risk assessments and customer risk classifications produced by them, taking into consideration changes in internal or external factors.

(AML-CFT Decision Articles 7.1, 8.3-4)

FIs should establish a risk profile for their customers, commensurate with the types and levels of risk involved. Such risk profiles allow FIs to compare a customer’s actual activity with the expected activity more effectively, and thus contribute to their capacity to discover unusual circumstances or potentially suspicious transactions.

Where legal persons or legal arrangements are concerned, FIs are obliged to identify any natural person who owns or controls an interest of 25% or more. In order to achieve an effective understanding of the ownership and control structure of a customer that is a legal person or arrangement, FIs should obtain from the customer and including in the risk profile a detailed explanation or a company structure chart providing the details of any ownership interests of 25% or more, and tracing them through any intermediate entities (whether legal persons or arrangements, or natural persons who are nominee stakeholders) to the natural persons who ultimately own or control them.

Furthermore, in order to understand the nature of the business of a legal person or Legal Arrangement, FIs should obtain and include in the profile a detailed explanation or company structure chart showing the entity’s internal management structure, identifying the persons holding senior management positions, or other positions of control. They should also obtain information about the legal person’s or arrangement’s majority-owned or controlled operating subsidiaries, including the nature of the business and the operating locations of those subsidiaries.

FIs are also required to understand the intended purpose and nature of the Business Relationship, and, for legal persons or arrangements, the nature of the customer’s business and its ownership and control structure.

Based on the risk profile, FIs should carry out ongoing due diligence of their Business Relationships, so as to be able to ensure that the transactions conducted are consistent with the information they have about the customer, the type of activity they are engaged in, the risks they entail, and, where necessary, their source of funds.

When dealing with higher-risk or more complex customers, in addition to the type of information referred to above, FIs may obtain and include in the customer’s risk profile more detailed information about their customers’ activities, such as:

Where lower-risk customers are concerned, FIs may consider applying more generic risk profiles in order to compare actual and expected types and levels of activity.

FIs establish a Business Relationship with a customer when they perform any act for, on behalf of, or at the direction or request of the customer, with the anticipation that it will be of an ongoing or recurring nature, whether permanent or temporary. Such acts may include, but are not limited to:

In such cases, and other than in the exceptional circumstances described below (see Section 6.2.3, Exceptional Circumstances), FIs are required to undertake appropriate risk-based CDD measures (see Section 6.3, Customer Due Diligence (CDD) Measures, Section 6.4, Enhanced Due Diligence (EDD) Measures, and Section 6.5, Simplified Due Diligence (SDD) Measures for further guidance).

In addition, CDD also needs to be conducted when

Among other things, the CDD measures should include verifying the identity of the customer as well as the Beneficial Owners, beneficiaries, and controlling persons, and understanding the nature of their business and the purpose of the Business Relationship.

During the course of business, FIs may be called upon to perform occasional or non-recurring transactions for customers with whom there is no ongoing account or Business Relationship. Examples of such transactions include, but are not limited to:

On such occasions, and other than in the exceptional circumstances described below (see Section 6.2.3, Exceptional Circumstances), FIs are required to identify the customer and verify the customer’s identity as well as that of the Beneficial Owners, beneficiaries, and controlling persons. Furthermore, FIs are required to undertake appropriate risk-based CDD measures (see Section 6.3, Customer Due Diligence (CDD) Measures, Section 6.4, Enhanced Due Diligence (EDD) Measures, and Section 6.5, Simplified Due Diligence (SDD) Measures for further guidance), including among other things understanding the nature of the customer’s business and the purpose of the transaction, in the cases specified in Article 6 of the AML-CFT Decision, as follows:

Some of the indicators of transactions that may appear to be linked include, but are not limited to the following:

(AML-CFT Decision Articles 4.3, 5.1(a)-(c), 10, 11.1(b), 13.2)

From time to time, certain situations may arise which fall outside of the normal course of CDD processes. Under these circumstances, described below, FIs are permitted to handle the timing, customer identification, and other aspects of customer due diligence procedures exceptionally. Specifically:

(AML-CFT Decision Articles 4.2(b), 3(a), 5.1, 8.1, 9, 10, 11.2, 13.1, 14.2)

Grounded on the principles of “Know Your Customer” and risk-based CDD, the identification and verification of the identity of customers is a fundamental component of an effective ML/FT risk management and mitigation programme. In accordance with Cabinet Resolution no. 58 of 2020 regulating the Beneficial Owner Procedures (the UBO Resolution), FIs are obliged to identify customers, including the Beneficial Owners, beneficiaries, and controlling persons, whether permanent or walk-in, and whether a natural or legal person or Legal Arrangement, and to verify their identity using documents, data or information obtained from reliable and independent sources.

The specific requirements concerning the timing, extent, and methods of identifying and verifying the identity of customers and Beneficial Owners depend in part on the type of customer (whether a natural or legal person) and on the level of risk involved (also see Sections 6.4, Enhanced Due Diligence (EDD) Measures, and 6.5, Simplified Due Diligence (SDD) Measures). Thus, the type and nature of the customer (including Beneficial Owners, beneficiaries, and controlling persons) should be considered as risk factors in determining the type of CDD that should be applied, whether standard CDD, EDD or SDD. However, the core components of a customer’s identification generally remain the same in all cases. They are:

In taking adequate CDD measures, FIs are obliged at a minimum to identify and verify the identity of the customer as specified in the relevant articles of the AML-CFT Decision. In fulfilling these requirements, FIs should use a risk-based approach to determine the internal policies, procedures and controls they implement in relation to the identification and verification of customers (including the Beneficial Owners, beneficiaries, and controlling persons). The CDD policies and procedures that FIs apply should be reasonable and proportionate to the risks involved, and, in formulating them, entities should consider the following guiding principles.

In relation to natural persons:

In situations where natural persons do not have this documentation in their own name, for instance because they share accommodation or do not (yet) have a permanent or own residence, other evidence of address may be used as long as this evidence gives the FI reasonable confidence. Where the FI has determined that an individual has a valid reason for being unable to produce the usual documentation to verify the address and who would otherwise be excluded from establishing a business relationship with the FI, the address can be verified by other means, provided the FI is satisfied that the method employed adequately verifies the address of the natural person and any additional risk has been appropriately mitigated.

This can for instance be evidence of entitlement to a state or local authority-funded benefit, pension, educational or other grant, or a letter from a reputable employer or school stating the address.

In relation to legal persons and legal arrangements:

(AML-CFT Decision Articles 27-30)

Financial institutions are obliged to undertake certain CDD measures concerning wire transfers, as laid out in detail in the above-referenced articles of the AML-CFT Decision. In particular, these measures relate to the identification of the originators and beneficiaries; the maintenance of information in regard to the same; and the implementation of risk-based policies and procedures for handling the disposition of wire transfers and for taking appropriate follow-up action.

The purpose of these measures are to ensure that information on the originator and the beneficiary shall accompany (meaning sent at the same time but not necessarily in the same message) cross-border wire transfers at all stages of its execution in case the amount of the transfer of funds equals or exceeds AED 3,500 or equivalent in any other currency.

The FI of the originator (or payer) shall ensure that the transfer of funds is accompanied by the information on the originator and beneficiary (or payee) as follows:

Information on the originator:

Information on the beneficiary:

In case of cross-border wire transfers of less than AED 3,500 or equivalent it not required to verify the accuracy of the above-mentioned information, unless there are suspicions of ML or TF.

Also for domestic wire transfers, the FI of the originator shall ensure that above-mentioned information is included, unless this information can be made available to the FI of the and by other means.

The FI of the originator shall not execute the transfer if it has not verified the identity of the originator. The FI of the beneficiary shall not credit the beneficiary’s account or make the funds available for the beneficiary if it has not conducted verification of the beneficiary’s identity.

The FI of the beneficiary is required to implement effective procedures to identify the received transfers that lack information about the originator and the beneficiary, in real-time or as part of the post-event monitoring process. This will include risk-based procedures whether transactions that lack the required information are to be executed, returned, suspended or transferred to the account of the beneficiary, as well as procedures related to the follow-up actions regarding these transfers, including to request the information on the originator and the beneficiary.

An intermediary FI ensures that all information about the originator and the beneficiary accompanied with the cross-border wire transfer is transferred to the beneficiary or other intermediary provider. Should there be technical limitations that prevent the required information accompanying a cross-border wire transfer from remaining with a related domestic wire transfer, the intermediary FI shall keep a record of all the information received from the ordering FI or another cross-border intermediary FI.

The intermediary FI is required to implement effective risk-based procedures to identify the received transfers that lack information about the originator and the beneficiary, in real-time or as part of the post-event monitoring process.

The procedures can include defining and documenting specific AML/CFT system parameters (such as transaction value, aggregate transaction amounts at the customer level, customer risk classification, or others) which would trigger an exception to straight-through processing and require manual review and intervention. This will also include procedures for determining when to execute, reject, or suspend a wire transfer lacking required information and the appropriate follow-up action.

Where an FI repeatedly fails to provide the required information on the originator and the beneficiary, the beneficiary’s or intermediary FI, taking into consideration the risks and frequency of the violations by the FI of the originator, shall take steps, which may initially include the issuing of warnings and setting deadlines. These steps can ultimately consist of rejecting any future transactions from the FI or restricting or terminating its business relationship with that FI.

Similar requirements apply to VASPs. Originating VASPs obtain and hold required and accurate originator information and required beneficiary information on virtual asset transfers, submit the above information to the beneficiary VASP or FI (if any) immediately and securely. Beneficiary VASPs obtain and hold required originator information and required and accurate beneficiary information on virtual asset transfers. For the purposes of applying the wire transfer requirements to VASPs, all virtual asset transfers are to be treated as cross-border.

In addition to the above, as part of their ongoing account monitoring procedures, FIs should also review the purpose of wire transfers, as indicated in their description fields, for potential red-flag indicators (see Section 7.2, Identification of Suspicious Transactions).

(AML-CFT Decision Articles 8, 9, 37.1-3)

FIs are obliged to undertake CDD measures concerning legal persons and Legal Arrangements, including identification and verification of the identity of the Beneficial Owners, beneficiaries, and other controlling persons, in accordance with the provisions of the AML-CFT Decision. In fulfilling these requirements, they should take the following guidance into consideration:

(AML-CFT Decision Article 11)

For life or other investment-related insurance business, FIs should, in addition to the CDD measures required for the customer and the beneficial owner, conduct the following CDD measures on the beneficiary(ies) of life insurance and other investment related insurance policies, as soon as the beneficiary(ies) are identified/designated:

(a) For beneficiary(ies) that are identified as specifically named natural or legal persons or legal arrangements – taking the name of the person;

(b) For beneficiary(ies) that are designated by characteristics or by class (e.g. spouse or children at the time that the insured event occurs) or by other means (e.g. under a will) – obtaining sufficient information concerning the beneficiary to satisfy the financial institution that it will be able to establish the identity of the beneficiary at the time of the payout. The information collected under (a) and/or (b) should be recorded and maintained.

For both the cases referred to above, the verification of the identity of the beneficiary(ies) should occur at the time of the payout.

In determining whether enhanced CDD measures are applicable, an FI should take into account as a factor the beneficiary of a life insurance policy. If an FI determines that a beneficiary who is a legal person or a Legal Arrangement presents a higher risk, then the enhanced CDD measures should include reasonable measures to identify and verify the identity of the beneficial owner of the beneficiary, at the time of payout.

In case an FI cannot comply with this, the FI should consider filing an STR with the FIU.

(AML-CFT Decision Article 4.2(b), Article 4.3(c), 7.1)

With regard to established Business Relationships, FIs are obliged to undertake ongoing supervision of customers’ activity, including monitoring of transactions executed throughout the course of the relationship to ensure that they are consistent with the information, types of activity, and the risk profiles of the customers. FIs should use a risk-based approach to determine the policies, methods, procedures and controls they implement in relation to monitoring customers’ transactions and activities, as well as in regard to the extent of monitoring for specific customers or categories of customers.

As part of a risk-based approach to AML/CFT, in the case of customers or Business Relationships identified as high risk, FIs are expected to investigate and obtain more information about the purpose of transactions, and to enhance ongoing monitoring and review of transactions in order to identify potentially unusual or suspicious activities. In the case of customers or Business Relationships that are identified as low risk, FIs may consider monitoring and reviewing transactions at a reduced frequency.

Thus, in keeping with the level of risk involved, FIs should monitor and examine transactions in relation to the CDD information and risk profile of the customer (see Section 6.3, Customer Due Diligence (CDD) Measures, Section 6.4, Enhanced Due Diligence (EDD) Measures, and Section 6.5, Simplified Due Diligence (SDD) Measures). Where necessary, FIs should also obtain sufficient information on the counterparties and/or other parties involved (including but not limited to information from public sources, such as internet searches), in order to determine whether the transactions appear to be:

Examples of some of the methods that may be employed for the ongoing monitoring of transactions include, but are not limited to:

FIs may use all or any combination of the above methods, or any others that are appropriate to their particular circumstances, to effect ongoing monitoring of the Business Relationship. Furthermore, monitoring systems and methods may be automated, semi-automated, or manual, depending on the nature and size of their businesses. Whichever methods FIs elect to use, however, FIs should document them (see Section 9, Record Keeping), obtain senior management approval for them, and periodically review and update them to ensure their effectiveness. FIs should also establish specific monitoring procedures for customers and business relationships which have been reported as suspicious to the FIU (see Section 7.11, Handling of Transactions and Business Relationships after Filing of STRs).

(AML-CFT Decision Articles 4.2(b), 4.3(b), 7.2, 12)

The timely review and update of CDD information is a fundamental component of an effective ML/FT risk management and mitigation programme. FIs are obliged to maintain the CDD documents, data and information obtained on customers, and their Beneficial Owners or beneficiaries in the case of legal persons or arrangements, up to date. The AML-CFT Decision provides that FIs should update the CDD information on High Risk Customers more frequently, and that, in the absence of a ML/FT suspicion, FIs may update the CDD information of identified low-risk customers less frequently.

In order to be able to update the CDD information of customer in a risk-based manner, FIs should develop internal policies, procedures and controls in relation to the periodic or event-driven review and updating of CDD information. These policies and procedures should be reasonable and proportionate to the risks involved, and, in formulating them, FIs are advised to consider parameters such as:

(AML-CFT Decision Article 15)

Due to their potential ability to influence government policies, determine the outcome of public funding or procurement decisions, or obtain access to public funds, politically exposed persons (PEPs) are classified as high-risk individuals from an AML/CFT perspective. The AML-CFT Law and the AML-CFT Decision define PEPs as:

FIs are obliged to put in place appropriate risk management systems to determine whether a customer, Beneficial Owner, beneficiary, or controlling person is a PEP. In addition to undertaking standard CDD procedures, FIs are also required to take reasonable measures to establish the source of funds and the source of wealth of customers and Beneficial Owners identified as PEPs. In this regard, and commensurate with the nature and size of their businesses, FIs should take measures that include:

If a customer, Beneficial Owner, beneficiary, or controlling person is identified as a PEP, FIs are required to take reasonable measures to establish the PEP’s source of funds and source of wealth. In this regard, they should also evaluate the legitimacy of the source of funds and source of wealth, including making reasonable investigations into the individual’s professional and financial background.

Furthermore, FIs are also required to obtain senior management approval before establishing a Business Relationship with a PEP, or before continuing an existing one. In regard to the latter, senior management should be notified and their approval should be obtained for the continuance of a PEP relationship each time any of the following situations occur:

With regard to identified Domestic PEPs and individuals who were previously (but are no longer) entrusted with prominent functions at international organisations, the AML-CFT Decision provides that FIs should implement the measures described above when, apart from their PEP status, the Business Relationships associated with such persons could be classified as high-risk for any other reason.

The handling of a customer who is no longer entrusted with a prominent public function should be based on an assessment of risk. This risk based approach requires that FIs assess the ML/FT risk of a PEP who is no longer entrusted with a prominent public function, and take effective action to mitigate this risk. Possible risk factors are the level of (informal) influence that the individual could still exercise; the seniority of the position that the individual held as a PEP; or whether the individual’s previous and current function are linked in any way (e.g., formally by appointment of the PEPs successor, or informally by the fact that the PEP continues to deal with the same substantive matters).

(AML-CFT Decision Article 4.2(b))

FIs are obliged to apply EDD measures to manage and mitigate the risks associated with identified High Risk Customers and/or transactions. The AML-CFT Decision defines a High Risk Customers as including those who represent a risk:

Examples of the EDD measures that should be taken by FIs are laid out in the relevant article of the AML-CFT Decision. When carrying out such measures (especially as regards obtaining and investigating more information about the nature of the customer’s business, purpose of the Business Relationship, or reason for the transaction), FIs should pay particular attention to the reasonableness of the information obtained, and should evaluate it for possible inconsistencies and for potentially unusual or suspicious circumstances. Examples of factors that FIs should take into consideration in this regard include, but are not limited to:

Additionally, and commensurate with the nature and size of their businesses, when carrying out EDD measures in respect of High Risk Customers or Beneficial Owners, FIs should take appropriate risk-mitigation measures such as, but not limited to:

(AML-CFT Law Article 16.1(e); AML-CFT Decision Article 22, 44.7, 60)

FIs are obliged to implement EDD measures commensurate with the ML/FT risks associated with Business Relationships and transactions with customers from high-risk countries subject to a Call for Action and Jurisdictions under Increased Monitoring and the countries identified by NAMLCFTFC. In the case of legal persons and arrangements, their Beneficial Owners, beneficiaries and other controlling persons from high-risk countries.

FIs can obtain guidance on high risk countries from NAMLCFTFC, from the FATF list of High-Risk Jurisdictions subject to a Call for Action and Jurisdictions under Increased Monitoring, and from NRA report. In addition, reference can also be made to the Organisation for Economic Cooperation and Development (OECD) list of jurisdictions classified as tax havens. The Basel AML index can be a useful source to determine the risk of a country.

Examples of some of the measures FIs should apply in this regard include:

Additionally, FIs are obliged to implement all specific CDD measures and countermeasures regarding High Risk Countries as defined by the National Committee for Combating Money Laundering and the Financing of Terrorism and Illegal Organisations, including those related to the implementation of the decisions of the UN Security Council under Chapter VII of the Charter of the United Nations, the International Convention for the Suppression of the Financing of Terrorism and the Treaty on the Non-Proliferation of Nuclear Weapons, and other related directives, and those called for by the Financial Action Task Force (FATF) and/or other FSRBs.

In order to fulfil these obligations, and commensurate with the nature and size of their businesses and the risks involved, FIs should establish adequate internal policies, procedures and controls in relation to the application of EDD measures and risk-proportionate effective countermeasures to customers and Business Relationships associated with high-risk countries. Some of the factors to which FIs should give consideration when formulating such policies, procedures and controls, include but are not limited to the following:

For all countries identified as high-risk, the FATF calls on all members and urges all jurisdictions to apply EDD, and in the most serious cases, countries are called upon to apply countermeasures to protect the international financial system from the ongoing money laundering, terrorist financing, and proliferation financing risks emanating from the country. However, specific countermeasures which need to be applied by FIs shall be advised by the corresponding supervisory authorities, the FIU or the NAMLCFTC.

(AML-CFT Decision 25)

Financial Institutions are obliged to fulfil certain due diligence requirements with regard to the correspondent banking relationships and other similar relationships they maintain, regardless of whether these involve foreign or domestic financial institutions. Additional guidance in respect of the measures specified in the relevant article of the AML-CFT Decision is provided below. Similar relationships to which FIs should apply the guidance below include, for example those established for securities transactions or funds transfers.

FIs are prohibited from entering into or maintaining correspondent relationships with shell banks, or with institutions that allow their accounts to be used by shell banks. The AML-CFT Decision defines a shell bank as a “bank that has no physical presence in the country in which it is incorporated and licensed, and is unaffiliated with a regulated financial group that is subject to effective consolidated supervision.”

Regulatory and supervisory environments governing the operation of financial institutions around the world vary greatly. Thus, not all foreign financial institutions are subject to the same AML/CFT requirements as FIs in the UAE; and as a consequence, some of these foreign institutions may pose a higher ML/FT risk. To mitigate against these risks, FIs that maintain correspondent relationships with foreign financial institutions should consider implementing adequate procedures to assess and periodically review the relevant regulatory and supervisory frameworks of the countries concerned.

Furthermore, when gathering information about financial institutions with which they maintain correspondent relationships, whether foreign or domestic, FIs should take appropriate steps to assess the nature, size and extent of their businesses in the countries where they are incorporated and licensed, as well as their ownership and management structures (taking into consideration the nature and extent of any PEP involvement), in order to evaluate whether they exhibit the characteristics of shell banks, and whether they offer downstream correspondent services (also known as “nested accounts”) to other banks. If they do offer downstream correspondent services, FIs should also take reasonable steps to understand the types of services offered, the number and types of financial institutions they are offered to, the types of customers those institutions serve, and to identify the associated ML/FT risk issues.

In order to collect sufficient information about the nature of a financial institution and the AML/CFT controls it applies, and to assess the ML/FT risks associated with it, FIs should take appropriate measures such as implementing a suitable correspondent relationships questionnaire and, when necessary, conducting follow-up interviews. (FIs may find the correspondent banking questionnaire which has been developed by the Wolfsberg Group, as well as the Wolfsberg Anti-Money Laundering Principles for Correspondent Banking, instructive in this regard. See Appendix 11.2, Useful Links.)

In addition to obtaining senior management approval prior to establishing new correspondent relationships, FIs should also periodically review and update their due diligence information in relation to the financial institutions with which they maintain correspondent relationships, commensurate with the risks involved (see 6.3.6 Reviewing and Updating the Customer Due Diligence Information). In the event of a deterioration in the risk profile of a financial institution with which a correspondent relationship is maintained, including the discovery of material adverse information concerning the institution, FIs should ensure that senior management is informed and appropriate risk-based measures are taken to assess and mitigate the ML/FT risks involved.

FIs should also maintain agreements or contracts with financial institutions with which they maintain correspondent relationships. In addition to operational details concerning the products and services covered, these agreements should clearly describe each party’s responsibilities in regard to ML/FT risk mitigation, due diligence procedures, and the detailed conditions related to any permitted third-party usage of the correspondent account.

(AML-CFT Decision Articles 26, 30)

As part of a risk-based AML/CFT approach, FIs that enter into or maintain Business Relationships with Money or Value Transfer Services (MVTSs) should take adequate CDD measures that are commensurate with the risks involved (see Sections 6.3, Customer Due Diligence (CDD) Measures and 6.4, Enhanced Due Diligence (EDD) Measures). Examples of measures that FIs should consider in this regard include, but are not limited to:

FIs that enter into or maintain relationships with MTVSs should also use a risk-based approach to determine the appropriate internal AML/CFT policies, procedures and controls FIs implement in relation to the risk assessment, risk classification, and the type and extent of CDD they perform on the MVTSs. The policies and procedures that FIs apply should be reasonable and proportionate to the risks involved, and should be adequately documented, senior management approved, and communicated to the relevant employees of the organisation.

Non-Profit Organisations (NPOs) can often pose increased risks in regard to money laundering, the financing of terrorism, and the financing of illegal organisations. As part of an effective risk-based approach to AML/CFT, FIs that enter into or maintain Business Relationships with NPOs should take adequate CDD measures that are commensurate with the risks involved (see Sections 6.3, Customer Due Diligence (CDD) Measures and 6.4, Enhanced Due Diligence (EDD) Measures). Examples of measures that FIs should consider include, but are not limited to:

FIs that enter into or maintain relationships with NPOs should also use a risk-based approach to determine the appropriate internal AML/CFT policies, procedures and controls the FIs implement in relation to the risk assessment, risk classification, and the type and extent of CDD they perform on NPOs. The policies and procedures that FIs apply should be reasonable and proportionate to the risks involved, and should be adequately documented, senior management approved, and communicated to the relevant employees of the organisation.

FIs are obliged to appoint a compliance officer (CO) with the appropriate competencies and experience to perform the statutory duties and responsibilities associated with this role. The AML-CFT Decision stipulates that the CO performs these duties “under his or her own responsibility”, referring to the independent nature of the function and from which it should be understood that the position should be at a management level.

FIs must take all appropriate steps to identify and to prevent or manage confilicts of interests between:

The AML-CFT Decision further provides that the appointment of a person to the position of CO requires the prior consent of the relevant Supervisory Authority. Some FIs might also have appointed a Money Laundering Reporting Officer (MLRO).

In determining the competencies, level of experience, and organizational reporting structures that are appropriate for their COs, FIs should take several factors into consideration, including but not limited to:

Where appropriate, FIs may also consider engaging in dialogue with Supervisory Authorities, professional associations in their sectors, and industry peers, in relation to the competencies, experience, and governance structures that make for an effective compliance officer and an effective AML/CFT programme.

(AML-CFT Decision Article 21.1-5)

The specific tasks of the CO are detailed in the relevant provisions of the AML-CFT Decision. In general, the CO will collaborate with the relevant Supervisory Authority and the FIU to ensure that these can perform their respective duties. The CO’s tasks can be grouped broadly into the following categories: