Global efforts to prevent the abuse of financial systems to launder money or finance terrorist activities is extremely important. This chapter provides standards that every Licensed Person must follow at all times in order to protect the Licensed Person from abuse by money launderers and/or terrorist financiers. The Licensed Person must ensure that its Anti-Money Laundering and Combating Financing of Terrorism (AML/CFT) Compliance is in line with applicable Laws and Regulations of the UAE regarding Criminalization of Money Laundering (“AML/CFT Laws and Regulations”).

1. 16.1.1The Licensed Person must carefully design, document and effectively implement its compliance program based on standards under Paragraphs 16.2 to 16.30 of this Chapter at a minimum; and
2. 16.1.2The Licensed Person must implement additional AML/CFT procedures, systems, controls and measures as appropriate to the risk profile of its business.

1. 16.2.1The Licensed Person must identify, assess and understand the money laundering and financing of terrorism (ML/FT) risks associated with its business on a regular basis;
2. 16.2.2The Licensed Person must implement a ML/FT risk assessment methodology as appropriate to the nature, size and complexity of its business;
3. 16.2.3Money laundering and terrorist financing risks associated with the following parameters of the Licensed Person must be assessed at a minimum:
   1. a)Customer Risk;
   2. b)Counterparty Risk (i.e. foreign correspondent banks, financial institutions, agents, etc.);
   3. c)Product Risk;
   4. d)Jurisdictional Risk or Country Risk; and
   5. e)Delivery Channel Risk or Interface Risk.
4. 16.2.4The Licensed Person must identify and assess ML/FT risks based on additional parameters that may be relevant to the nature, size and complexity of its business before entering into any business relationships;
5. 16.2.5In assessing ML/FT risks, the Licensed Person must have the following in place:
   1. a)Documented risk assessment methodology, process and findings;
   2. b)Determine the level of overall risk, acceptable level of risk and mitigating measures to be applied to minimise the impact of risks;
   3. c)Keep risk assessments up-to-date through periodic reviews; and
   4. d)Establish appropriate mechanisms to provide information on risk assessments to the Central Bank and to Examiners, whenever required.
6. 16.2.6The Licensed Person should also be guided by the results of the National Risk Assessment in conducting its own ML/FT risk assessments which will be issued by the competent authority in the UAE in future; and
7. 16.2.7The Licensed Person must identify and assess the ML/FT risks that may arise in relation to the development of new products and services including new delivery mechanisms and the use of new or developing technologies for both new and existing products, as follows:
   1. a)Undertake the risk assessment prior to the launch or use of such products, services and technologies;
   2. b)Take appropriate measures to manage and mitigate risks;
   3. c)Notify the Banking Supervision Department of the product and its risks, risk mitigation measures; and
   4. d)Obtain a Letter of No Objection from the Banking Supervision Department prior to launching the product.

1. 16.3.1The Licensed Person must introduce a comprehensive and documented AML/CFT Policy, based on its ML/FT risk assessment in accordance with Paragraph 16.2 of this Chapter, which must be the foundation of its compliance function;
2. 16.3.2The AML/CFT Policy must clearly define the roles and responsibilities of the Manager in Charge, Compliance Officers, Compliance Committee and employees in relation to AML/CFT compliance. The AML/CFT Policy must also provide for regular and timely reporting to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) regarding ML/FT risks and the culture/values to be adopted within the business of the Licensed Person to prevent money laundering, terrorist financing and related crimes;
3. 16.3.3The AML/CFT Policy must affirm the roles and responsibilities of the Board of Directors (if any) and of the Owner/Partners/Shareholders in relation to implementing a robust compliance program across the business of the Licensed Person;
4. 16.3.4Effective AML/CFT Procedures must also be implemented for employees to follow while they carry out their day to day responsibilities in order to ensure that ML/FT risks are mitigated in the day to day operations of the Licensed Person;
5. 16.3.5The AML/CFT Policy and Procedures must be based on the UAE’s existing AML/CFT Laws, Regulations, Notices and the Standards as well as international best practices and guidance notes from the FATF, MENAFATF, EGMONT Group and other similar bodies;
6. 16.3.6The AML/CFT Policy and Procedures must be approved by the Manager in Charge, the Compliance Officer and by the Board of Directors (or by the Owner/Partners where there is no Board of Directors);
7. 16.3.7The AML/CFT Policy and Procedures must be reviewed and updated, annually at a minimum, to make it consistent with all applicable Laws, Regulations, Notices, the Standards and other international best practices and to make it effective in mitigating the existing as well as emerging ML/FT risks;
8. 16.3.8Copies of the AML/CFT Policy and Procedures must be held in all licensed premises and must be accessible to all employees at all times; and
9. 16.3.9The AML/CFT Policy and Procedures must be circulated among all employees upon the completion of periodical reviews.

1. 16.4.1The Licensed Person must appoint a Compliance Officer who must be given the specific responsibility of managing its AML/CFT compliance function;
2. 16.4.2The Compliance Officer of the Licensed Person must:
   1. a)be a member of Senior Management;
   2. b)report directly to the Board of Directors (or to the Owner/Partners where there is no Board of Directors);
   3. c)be provided with sufficient resources including time, systems, tools and support staff depending on the nature, size and complexity of its business; and
   4. d)be provided with unrestricted access to all information related to products or services, business partners, correspondent agents, remittance partners, customers and transactions.
3. 16.4.3The following are some of the major responsibilities of the Compliance Officer (the list is not exhaustive):
   1. a)Design an appropriate AML/CFT compliance program for the Licensed Person to remain compliant with applicable AML/CFT Laws, Regulations, Notices, the Standards and international best practice at all times;
   2. b)Establish and maintain appropriate AML/CFT policies, procedures, processes and controls;
   3. c)Ensure day-to-day compliance of the business against internal AML/CFT policies and procedures;
   4. d)Act as the key contact point regarding all AML/CFT related matters/ queries from the Central Bank and any other competent authorities;
   5. e)Receive suspicious transaction alerts from employees and analyze them to take appropriate decisions to report all suspicious cases to the FID;
   6. f)On-going monitoring of transactions to identify high-risk, unusual and suspicious customers/transactions;
   7. g)Submit Suspicious Transaction Reports to the FID in a timely manner;
   8. h)Cooperate with and provide the FID with all information it requires for fulfilling their obligations;
   9. i)Develop and execute AML/CFT training programs considering all relevant risks of ML/FT and financing illicit organizations including the ways/means for addressing them;
   10. j)Provide necessary reports to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) on all AML/CFT issues, on a quarterly basis at a minimum;
   11. k)Arrange to retain all necessary supporting documents for transactions, KYC, monitoring, suspicious transaction reporting and AML training for the minimum period for record retention as per Paragraph 16.24 of this Chapter;
   12. l)Conduct regular gap analysis between the Licensed Person’s existing AML/CFT Procedures and current Laws, Regulations, Notices and the Standards of the UAE in order to determine the extent of the Licensed Person’s level of compliance;
   13. m)Propose actions required to address gaps, if any; and
   14. n)Prepare Bi-Annual Compliance Reports in accordance with Paragraph 16.25 of this Chapter.
4. 16.4.4The Compliance Officer must have the following qualifications and experience at a minimum:
   1. a)If the Licensed Person is in possession of a Category A License:
      • •A minimum of three (3) years of experience in AML/CFT compliance, audit or risk management within any financial institution(s).
   2. b)If the Licensed Person is in possession of either a Category B or Category C License:
      • •A minimum of eight (8) years of experience in AML/CFT compliance, audit or risk management within any financial institution(s); or
      • •A minimum of five (5) years of experience in AML/CFT compliance, audit or risk management within any financial institution(s) and possess a specific certification related to AML/CFT compliance.
   3. c)Examples of specific certifications related to AML/CFT compliance includes ACFCS, CFE, ICA Diplomas, CAMS or any other certification associated with financial crime control or AML/CFT compliance which is acceptable to the Central Bank; and
   4. d)The Compliance Officer, in all above cases, must possess sound knowledge of all applicable AML/CFT Laws, Regulations, Notices, the Standards and other relevant international best practices.
5. 16.4.5Grace Period to comply with Paragraph 16.4.4 of this Chapter:
   1. a)A Licensed Person, who has obtained the license to carry out Exchange Business prior to the date of issuing the Standards, must comply with the requirements of Paragraph 16.4.4 of this Chapter on or before 31^st December 2018; and
   2. b)Regardless of the grace period under Paragraph 16.4.5 (a) of this Chapter, the Central Bank reserves the right to instruct any Licensed Person to comply with the requirements of Paragraph 16.4.4 of this Chapter at any time prior to 31^st December 2018, if it deems it necessary.
6. 16.4.6Employment Type and Residential Status of the Compliance Officer:
   1. a)The Compliance Officer must be a full time employee of the Licensed Person;
   2. b)The Compliance Officer must not engage in any part time employment or act as a consultant outside the business of the Licensed Person;
   3. c)The Compliance Officer must be a resident in the UAE; and
   4. d)A foreign national must be under the employment visa of the Licensed Person when employed as a Compliance Officer.
7. 16.4.7Conflict of Interest in Multiple Roles:
   1. a)The role of Compliance Officer must not be combined with any other functions of the Licensed Person.
8. 16.4.8Reporting Lines and Independence:
   1. a)The Compliance Officer must directly report to the Board of Directors (or to the Owner/Partners where there is no Board of Directors); and
   2. b)The Compliance Officer must have authority to act without any interference from the Manager in Charge or other employees of the Licensed Person.
9. 16.4.9Prior Approval for Appointment:
   1. a)A Letter of No Objection must be obtained for appointing a Compliance Officer by submitting the following documents to the Banking Supervision Department:
      • •Letter from the authorized signatory of the Licensed Person seeking the Letter of No Objection from the Central Bank;
      • •Duly completed APA Form (Refer to Appendix 5 for this Form) along with all required supporting documents; and
      • •Undertaking letter from an authorized signatory of the Licensed Person confirming the binding commitment of the Compliance Officer and the Licensed Person to comply with Paragraphs 16.4.6, 16.4.7 and 16.4.8 of this Chapter.
   2. b)The Central Bank shall conduct a fit and proper test on the proposed Compliance officer of the Licensed Person. The Central Bank reserves the right to:
      • •interview the proposed Compliance Officer as part of the fit and proper test, if it deems it necessary; and
      • •issue or decline the approval for the proposed Compliance Officer.
   3. c)In case the prior approval is rejected by the Central Bank, the Licensed Person must propose a new Compliance Officer within the timeline provided by the Central Bank in the Letter of Rejection. If a specific timeline is not provided in the Letter of Rejection, then the Licensed Person must propose a new Compliance Officer within a period of one hundred and eighty (180) calendar days from the date of Letter of Rejection; and
   4. d)Full details of the Compliance Officer must be provided to the FID via email to: cbuaeamlscu@cbuae.gov.ae (Refer to Notice Number 1401/2010 issued by the Central Bank on 16^th March 2010).
10. 16.4.10Resignation of the Compliance Officer and Notification to the Central Bank:
    1. a)The Licensed Person must notify the Banking Supervision Department, within five (5) working days, in case the Compliance Officer resigns or vacates the office in any other manner with reason thereof via email to: info.ehs@cbuae.gov.ae;
    2. b)The Licensed Person must appoint a permanent replacement, within a period of one hundred and eighty (180) calendar days from the date when the position of the Compliance Officer falls vacant, after obtaining a Letter of No Objection from the Banking Supervision Department (Refer to Paragraph 16.4.9 of this Chapter for more information); and
    3. c)The Alternate Compliance Officer must be available to ensure the continuity of the AML/CFT compliance function during the period when the Compliance Officer’s position is vacant.
11. 16.4.11Outsourcing of Compliance Function:
    1. a)The Licensed Person must not outsource the role of the Compliance Officer nor the entire compliance function under any circumstances. However, the Licensed Person is permitted, under certain circumstances, to outsource some specific AML compliance tasks after obtaining the Letter of No Objection from the Banking Supervision Department. Please refer to Paragraph 9.1.2 (a) of Chapter 9.
12. 16.4.12Removal of the Compliance Officer:
    1. a)The Central Bank reserves the right to remove the Compliance Officer of a Licensed Person at its sole discretion;
    2. b)The Licensed Person, in such cases, must comply with Paragraph 16.4.10 (b) of this Chapter; and
    3. c)The Central Bank reserves the right to communicate or not to communicate reasons to the Licensed Person for its decision to remove the Compliance Officer.

1. 16.5.1The Licensed Person must appoint an Alternate Compliance Officer to strengthen the AML/CFT compliance function subject to the following conditions:
   1. a)The Alternate Compliance Officer must be a full time employee of the Licensed Person;
   2. b)The Alternate Compliance Officer must not engage in any part time employment or act as a consultant outside the business of the Licensed Person;
   3. c)The Alternate Compliance Officer must be a resident in the UAE;
   4. d)A foreign national must be under the employment visa of the Licensed Person when employed as an Alternate Compliance Officer;
   5. e)The Alternate Compliance Officer must directly report to the Compliance Officer or to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) during the absence of the Compliance Officer;
   6. f)The Alternate Compliance Officer must have authority to act without any interference from the Manager in Charge or other employees of the Licensed Person;
   7. g)If the Licensed Person is in possession of either a Category B or Category C License, the role of its Alternate Compliance Officer must not be combined with any other function of the Licensed Person; and
   8. h)If the Licensed Person is in possession of a Category A License, the role of its Alternate Compliance Officer may be combined with any other function of the Licensed Person which does not create any conflict of interest.
2. 16.5.2Prior Approval for the Appointment:
   1. a)A Letter of No Objection must be obtained for appointing an Alternate Compliance Officer by submitting the following to the Banking Supervision Department:
      • •Letter from the authorized signatory seeking the Letter of No Objection from the Central Bank;
      • •Duly completed APA Form (Refer to Appendix 5 for this Form) and supporting documents; and
      • •Undertaking letter from the authorized signatory of the Licensed Person confirming the binding commitment of the Alternate Compliance Officer and the Licensed Person to comply with Paragraphs 16.5.1 (a) to (g) of this Chapter.
   2. b)The Central Bank shall conduct a fit and proper test on the proposed Alternate Compliance officer of the Licensed Person. The Central Bank reserves the right to:
      • •interview the proposed Alternate Compliance Officer as part of the fit and proper test, if it deems it necessary; and
      • •issue or decline the approval for the proposed Alternate Compliance Officer.
   3. c)In case the prior approval is rejected by the Central Bank, the Licensed Person must propose a new Alternate Compliance Officer within the timeline provided by the Central Bank in the Letter of Rejection. If a specific timeline is not provided in the Letter of Rejection, then the Licensed Person must propose a new Alternate Compliance Officer within a period of one hundred and eighty (180) calendar days from the date of Letter of Rejection; and
   4. d)Full details of the Alternate Compliance Officer must be provided to the FID via email to cbuaeamlscu@cbuae.gov.ae (Refer to Notice Number 1401/2010 issued by the Central Bank on 16^th March 2010).
3. 16.5.3Resignation of the Alternate Compliance Officer and Notification to the Central Bank:
   1. a)The Licensed Person must notify the Banking Supervision Department, within five (5) working days, in case the Alternate Compliance Officer resigns or vacates the office in any other manner with reasons thereof via email to: info.ehs@cbuae.gov.ae; and
   2. b)The Licensed Person must appoint a permanent replacement, within a period of one hundred and eighty (180) calendar days from the date when the position of the Alternate Compliance Officer falls vacant, after obtaining a Letter of No Objection from the Banking Supervision Department (Refer to Paragraph 16.5.2 of this Chapter for more information).
4. 16.5.4Removal of the Alternate Compliance Officer:
   1. a)The Central Bank reserves the right to remove the Alternate Compliance Officer of a Licensed Person at its sole discretion;
   2. b)The Licensed Person, in such cases, must comply with Paragraph 16.5.3 (b) of this Chapter; and
   3. c)The Central Bank reserves the right to communicate or not to communicate reasons to the Licensed Person for its decision to remove the Alternate Compliance Officer.

1. 16.6.1The Compliance Officer, Alternate Compliance Officer and other employees of the AML/CFT Compliance Department must undergo a minimum of forty eight (48) hours external training in AML/CFT compliance every year; and
2. 16.6.2Participation in any one or a combination of the following is acceptable in relation to CPD programs in this context:
   1. a)AML/CFT conferences or meetings or workshops whether inside or outside the UAE;
   2. b)face to face training by external agencies whether inside or outside the UAE;
   3. c)training by industry associations or regulatory bodies; and
   4. d)Web based training.

1. 16.7.1The Licensed Person must carry out KYC process for its customers in order to confirm who its customers are, and to ensure that the funds involved in their transactions are originating from legitimate sources and used for legitimate purposes;
2. 16.7.2The Licensed Person must apply an appropriate KYC Process for its customers depending on the ML/FT risks associated with each customer or transaction; and
3. 16.7.3There are three different types of KYC Processes that must be applied based on the ML/FT risk associated with a customer. These are:
   1. a)Customer Identification (CID) Process;
   2. b)Customer Due Diligence (CDD) Process; and
   3. c)Enhanced Due Diligence (EDD) Process.

1. 16.8.1The Customer Identification (CID) process, in accordance with Paragraphs 16.8.2 to 16.8.5 of this Chapter, must be applied for natural persons who carry out “foreign currency exchange” transactions of value between AED 3,600 and AED 35,999.75. Please refer to Paragraph 16.13.1 of this Chapter for KYC process to be applied for natural persons who repeatedly exchange foreign currency of value below AED 3,600 per transaction;
2. 16.8.2The Customer Identification process is the verification of the original identification documents of the customer who is a natural person and systematically recording basic customer information in the Point of Sale system;
3. 16.8.3The Licensed Person must not accept any identification document (ID) other than one from the below list (in the order of preference) with an exception provided under Paragraph 16.13.2 of this Chapter:
   1. a)Emirates ID; or
   2. b)Passport with valid visa; or
   3. c)GCC National ID for GCC nationals.
4. 16.8.4Customer’s full legal name, residential status, mobile number, nationality, date of birth, ID type (whether Emirates ID, Passport or GCC national ID) and ID number must be recorded in the Point of Sale system;
5. 16.8.5The following customer information must be printed on the transaction receipt:
   1. a)Full legal name;
   2. b)Residential status (whether UAE Resident or UAE Non-Resident);
   3. c)Mobile number;
   4. d)Nationality;
   5. e)ID type (whether Emirates ID or Passport or GCC national ID); and
   6. f)ID number.

1. 16.9.1The Customer Due Diligence (CDD) process, in accordance with Paragraphs 16.9.2 to 16.9.11 of this Chapter, must be applied for a natural person who carries out the following transactions:
   1. a)Foreign currency exchange transactions, either one off or multiple in ninety (90) calendar days, of value between AED 36,000 and AED 99,999.75; and
   2. b)Money transfers, whether inward or outward, of value between AED 1 and AED 74,999.75.
2. 16.9.2Customer Due Diligence (CDD) is the process where additional information about the customer, who is a natural person, is collected via a customer onboarding process in accordance with Paragraph 16.9.3 of this Chapter;
3. 16.9.3The Licensed Person must create a customer profile by recording the customer information in its Point of Sale system and then provide a permanent “Unique Identification Number (UIN)” to the customer. The customer must be allowed to carry out transactions at the branch(es) of the Licensed Person only by using the Unique Identification Number. The Licensed Person must also comply with Paragraph 16.13.12 of this Chapter at all times;
4. 16.9.4The following customer information, at a minimum, must be captured in the Point of Sale system in addition to the verification of the original ID in accordance with Paragraph 16.8.3 of this Chapter:
   1. a)Full legal name;
   2. b)Residential status (whether UAE Resident or UAE Non-Resident);
   3. c)Address in the UAE (for UAE Residents);
   4. d)Temporary address in the UAE and the permanent address in the home country (for UAE Non-Residents);
   5. e)Mobile number;
   6. f)Email, if available;
   7. g)Date of Birth;
   8. h)Nationality;
   9. i)Country of Birth;
   10. j)ID type (whether Emirates ID or Passport or GCC national ID);
   11. k)ID number;
   12. l)ID place of issue;
   13. m)ID issue date;
   14. n)ID expiry date;
   15. o)Profession; and
   16. p)Expected annual activity (i.e. expected annual value and number of transactions for future transaction monitoring).
5. 16.9.5Area or district, city, Emirate or state or province and country must be recorded in the Point of Sale system as part of the address. The Licensed Person is expected to record the P.O Box number, house number/name, apartment or room number, building number/name, street name in the system wherever practically possible;
6. 16.9.6A copy of the ID must be retained from the original identification document which must be certified (i.e. certified copy) as “Original Sighted and Verified” under the signature of the employee who carries out the customer due diligence process;
7. 16.9.7The UIN given to a customer by a Licensed Person must be unique in nature and the same UIN must not be assigned to more than one customer. The same customer must not be given more than one UIN by a Licensed Person. Appropriate validation rules must be implemented in the system to comply with this requirement;
8. 16.9.8The customer profile must be reviewed and updated either annually or upon the expiry of the Identification Document whichever comes first. The original ID as per Paragraph 16.8.3 of this Chapter must be verified and its certified copy must be held in the records during the review of a customer profile;
9. 16.9.9Information on the “source of funds” and “purpose of transaction” must be captured in the Point of Sale system for each transaction that undergoes the CDD process;
10. 16.9.10The below customer information must be printed on the transaction receipt, at a minimum:
    1. a)Unique Identification Number (UIN) of the customer;
    2. b)Full legal name of the customer;
    3. c)Address in the UAE (required when the customer is a UAE Resident) - P.O Box number and street (if available), city, Emirate;
    4. d)Permanent address in the home country (required only when the customer is a UAE NonResident) - P.O Box number and street (if available), city, state or province, country;
    5. e)Mobile number;
    6. f)Nationality;
    7. g)ID type (whether Emirates ID or Passport or GCC national ID);
    8. h)ID number;
    9. i)ID place of issue;
    10. j)ID issue date;
    11. k)Method of payment (whether cash or cheque, etc.);
    12. l)Source of funds;
    13. m)Purpose of transaction; and
    14. n)Beneficiary’s name and bank account details (wherever applicable).
11. 16.9.11The receipt must be signed by the customer and must be retained in the records along with all KYC supporting documents in accordance with Paragraph 16.24 of this Chapter.

1. 16.10.1During the Enhanced Due Diligence for natural persons, the source of funds and purpose of transaction must be verified and confirmed in accordance with Paragraphs 16.10.2 to 16.10.5 of this Chapter in addition to the CDD process as per Paragraph 16.9 of this Chapter;
2. 16.10.2Below are the thresholds for the Enhanced Due Diligence for natural persons:
   1. a)Foreign currency exchange transactions of value equal to or above AED 100,000:- Evidence for the source of funds (example: bank statements) must be collected for verification in case the customer pays cash. Complete information of the purpose of the transaction must be collected. Appropriate evidence must be collected for the verification of the purpose of transaction in case there is any doubt or suspicion about the information provided by the customer;
   2. b)Outward money transfers of value equal to or above AED 75,000:- Evidence for the source of funds (example: bank statements) must be collected for verification if the customer pays cash. Complete information on the purpose of the transaction must be collected. Appropriate evidence must be collected for the verification of the purpose of transaction in case there is any doubt or suspicion about the information provided by the customer; and
   3. c)Inward money transfers of value equal to or above AED 75,000:- Full information for the source of funds and the purpose of transaction must be collected and recorded. Appropriate evidences must be collected for the verification of the purpose of transaction in case there is any doubt or suspicion about the information provided by the customer.
3. 16.10.3The following customer information must be printed on the transaction receipt, at a minimum:
   1. a)Unique Identification Number (UIN) of the customer;
   2. b)Full legal name of the customer;
   3. c)Address in the UAE (required when the customer is a UAE Resident) - P.O Box number and street (if available), city, Emirate;
   4. d)Permanent address in the home country (required only when the customer is a UAE NonResident) - P.O Box number and street (if available), city, state or province, country;
   5. e)Mobile number;
   6. f)Nationality;
   7. g)ID type (whether Emirates ID or Passport or GCC national ID);
   8. h)ID number;
   9. i)ID place of issue;
   10. j)ID issue date;
   11. k)Method of payment (whether cash or cheque, etc.);
   12. l)Source of funds;
   13. m)Purpose of transaction; and
   14. n)Beneficiary’s name and bank account details (wherever applicable).
4. 16.10.4The receipt must be signed by the customer and must be retained in the records along with all KYC supporting documents in accordance with Paragraph 16.24 of this Chapter; and
5. 16.10.5The Licensed Person must give special attention to transactions by natural persons who are visitors in the UAE. The Licensed Person may decide to perform the Enhanced Due Diligence on such customers regardless of their transaction value in case there is any doubt or suspicion about the information provided by such customers.

1. 16.11.1The EDD process, in accordance with Paragraphs 16.11.2 to 16.11.11 of this Chapter, must be applied for a customer at the time of onboarding (i.e. prior to entering into any business relationship), if it is a legal entity. The EDD must include verification of the identity of the legal entity (i.e. its licenses, incorporation documents, etc.) and identification of its ultimate beneficial owners;
2. 16.11.2The Licensed Person must verify appropriate documents and retain copies to confirm information under Paragraph 16.11.3 of this Chapter. The following process must be followed at a minimum while onboarding a legal entity as a customer:
   1. a)An appropriate KYC Questionnaire of the Licensed Person must be completed and signed by the legal entity;
   2. b)Ownership structure of the legal entity must be collected including the purpose and nature of the intended business relationship;
   3. c)Collect copies of valid permissions/licenses of the entity from competent authorities to carry out the business (examples: certificate of incorporation, trading license or equivalent, license issued by the Central Bank or other competent authorities where applicable, etc.). Certify these copies as “Original Sighted and Verified” by the employee of the Licensed Person who carries out the KYC process after the verification of originals;
   4. d)Licensed Person must carry out a ML/FT risk assessment on business activities of the legal entity by visiting its business location. Also, carry out a risk assessment of its customers;
   5. e)Original identification documents (in accordance with Paragraph 16.8.3 of this Chapter) of Ultimate Beneficial Owners (UBO) must be verified and retain the copies after certification by the employee of the Licensed Person as “Original Sighted and Verified”;
   6. f)Collect the list of authorized signatories and verify their original identification documents (copies to be certified as “Original Sighted and Verified” and must retain in the records);
   7. g)Assess and record the expected annual activity (annual value and number of transactions for future transaction monitoring);
   8. h)Authorization letter must be taken for representatives of the legal entity who carry out transactions on its behalf;
   9. i)Verify original identification documents of representatives, who have authorization to carry out transactions, in accordance with Paragraphs 16.8.3 and 16.9.6 of this Chapter (copies to be certified as “Original Sighted and Verified” and must retain in the records). Such representatives must be UAE residents. The relationship of such representative with the legal entity must be established;
   10. j)Apply sanction checks and internet searches on the name of the legal entity, Ultimate Beneficial Owners, group companies, subsidiaries and the names of representatives of the legal entity who are authorized to carry out transactions on its behalf;
   11. k)Apply FPEP checks on Ultimate Beneficial Owners and where the Ultimate Beneficial Owner is a FPEP, the Licensed Person must collect the information about the source of wealth of such UBO; and
   12. l)Both the Manager in Charge and the Compliance Officer must approve the business relationship with legal entities. Where an Ultimate Beneficial Owner is FPEP, the business relationship with such legal entity must be established only after obtaining approval of the Board of Directors (or of the Owner/Partners where there is no Board of Directors).
3. 16.11.3The following information about the customer, which is a legal entity, must be recorded in the Point of Sale system, at a minimum, to create the customer profile and the “Unique Identification Number” (UIN) after completing the Enhanced Due Diligence process under Paragraphs 16.11.1 and 16.11.2 of this Chapter:
   1. a)Full legal name of the entity;
   2. b)Residential status (whether incorporated/operating within the UAE or outside the UAE);
   3. c)Address (P.O Box, Shop No., Building name, Street, City, Emirate, Country);
   4. d)Phone numbers;
   5. e)Fax number;
   6. f)Email;
   7. g)Date of establishment;
   8. h)ID type (whether trade license or the equivalent);
   9. i)Trade license (or the equivalent) number;
   10. j)Trade license (or the equivalent) place of issue;
   11. k)Trade license (or the equivalent) issue date;
   12. l)Trade license (or the equivalent) expiry date;
   13. m)Type of business of the entity;
   14. n)Names and ID details, such as ID types and ID numbers, of Ultimate Beneficial Owners of the entity;
   15. o)Names and ID details, such as ID types and ID numbers, of persons authorized to carry out transaction on behalf of the entity; and
   16. p)Expected annual activity (i.e. expected annual value and number of transactions for future transaction monitoring).
4. 16.11.4The Licensed Person must collect appropriate documents to verify and confirm the source of funds, purpose of transaction and the commercial/economic reason for each transaction by legal entities;
5. 16.11.5The following customer information must be printed on the transaction receipt, at a minimum:
   1. a)Unique Identification Number assigned to the entity (UIN);
   2. b)Full legal name of the entity;
   3. c)Address (P.O Box, Shop No., Building name, Street, City, Emirate, Country);
   4. d)Phone number;
   5. e)Name and ID number of the person representing the legal entity to carry out transactions on its behalf;
   6. f)Country of incorporation;
   7. g)ID type (whether trade license or the equivalent);
   8. h)Trade license (or the equivalent) number;
   9. i)Trade license (or the equivalent) place of issue;
   10. j)Trade license (or the equivalent) issue date;
   11. k)Trade license (or the equivalent) expiry date;
   12. l)Method of payment (whether cash or cheque, etc.);
   13. m)Source of funds;
   14. n)Purpose of transaction; and
   15. o)Beneficiary name and bank account details (wherever applicable).
6. 16.11.6The receipt must be signed by the representative of the legal entity who carries out the transaction on its behalf and must be retained in the records along with all KYC supporting documents in accordance with Paragraph 16.24 of this Chapter;
7. 16.11.7The Enhanced Due Diligence must be repeated and the customer profile, including the supporting evidence as per Paragraph 16.11.2 of this Chapter, must be updated annually at a minimum. The Licensed Person must ensure that copies of valid licenses are available in the records at all times. The Enhanced Due Diligence must also be repeated whenever there is a change in the profile of the customer, such as any change in the ownership of an entity;
8. 16.11.8The Enhanced Due Diligence in accordance with Paragraph 16.11.2 of this Chapter must also be undertaken before entering into below types of business relationships:
   1. a)Foreign correspondent banking arrangements, such as those with banks, exchange houses or any other financial institutions, for the purpose of money transfer services;
   2. b)Money transfer arrangements with instant money transfer service providers;
   3. c)Hedging arrangements with local or foreign institutions;
   4. d)Arrangements to import or export banknotes from/to foreign institutions, such as Banks, exchange houses or other financial institutions outside the UAE; and
   5. e)Arrangements with local or foreign entities to offer special products/services.
9. 16.11.9All business relationships under Paragraph 16.11.8 of this Chapter must be approved by the Compliance Committee of the Licensed Person;
10. 16.11.10While undertaking Enhanced Due Diligence as per Paragraph 16.11.8 of this Chapter on entities located outside the UAE, the Licensed Person may:
    1. a)visit the business locations of entities which are located in high risk countries in order to carry out risk assessment as per Paragraph 16.11.2 (d) of this Chapter (i.e. no site visit is required when such entities are located in low or medium risk countries);
    2. b)apply 20% (instead of 5% as per the definition under Appendix 1) in order to identify the Ultimate Beneficial Owners provided that it is a regulated banking institution and 10% (instead of 5% as per the definition under Appendix 1) in all other cases; and
    3. c)collect copies of the identification documents of Ultimate Beneficial Owners on a risk sensitive basis which are certified as “Original Sighted and Verified” by the Compliance Officer of such foreign entities, in case the verification of original documents by the Licensed Person is practically impossible.
11. 16.11.11The Licensed Person must not enter into any business relationship with a Shell Company or a Shell Bank.

1. 16.12.1The Licensed Person must not accept societies such as Co-operative Societies, Charitable Societies, Social or Professional Societies as customers unless they produce a certificate signed by H.E Minister of Community Development confirming their identities and permitting them to collect donations or to make money transfers out of the UAE;
2. 16.12.2Enhanced Due Diligence in line with 16.11 must be carried out before entering into any business relationship with societies; and
3. 16.12.3Business relationships with societies must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors) of the Licensed Person.

1. 16.13.1The Licensed Person must apply the CID process in accordance with Paragraph 16.8 of this Chapter for a natural person who repeatedly exchanges foreign currency (example: once in a week) of value below AED 3,600 per transaction;
2. 16.13.2The Licensed Person may accept a Seaman’s Pass/ID in order to complete the KYC Process, instead of acceptable IDs listed under Paragraph 16.8.3 of this Chapter, from natural persons who carry out the following transactions:
   1. a)Foreign currency exchange transactions of aggregate value up to AED 35,999.75 per week; and
   2. b)Money transfer transactions of aggregate value up to AED 27,000 per week.
3. 16.13.3The Licensed Person, while accepting transactions under Paragraph 16.13.2 of this Chapter, must apply the CID process in accordance with Paragraph 16.8 of this Chapter for foreign currency exchange transactions and the CDD process in accordance with Paragraph 16.9 of this Chapter for money transfer transactions (except Paragraph 16.8.3 of this Chapter) at a minimum;
4. 16.13.4The Licensed Person must apply the EDD process that is effective and proportionate to the ML/FT risks, including obtaining the approval of the Manager in Charge and the Compliance Officer, for establishing business relationships or one-off transactions with:
   1. a)FPEPs (Refer to Paragraph 16.20 of this Chapter);
   2. b)customers from high risk jurisdictions as identified by FATF and/or similar bodies;
   3. c)unusually complex transactions or those which have no clear economic or legal purpose;
   4. d)UAE Non-Resident customers; and
   5. e)transactions which the Licensed Person considers as high risk.
5. 16.13.5The Licensed Person must conduct the EDD process for a customer, irrespective of the value of transaction, if it has reasonable ground to suspect that the customer is engaging in money laundering or terrorist financing. In case the suspicion continues to exist even after the EDD, the Licensed Person must immediately report such cases to the FID in accordance with Paragraph 16.21 of this Chapter;
6. 16.13.6The Licensed Person must also conduct the EDD on its existing customers, if:
   1. a)there is a material change in the nature or ownership of a customer who is a juridical person;
   2. b)there is doubt about the reliability or adequacy of information previously obtained in relation to the customer; or
   3. c)there is any other reason that the Licensed Person deems it appropriate.
7. 16.13.7If it is unable to verify the customer’s identity using reliable and independent sources of data or information, the Licensed Person must:
   1. a)immediately terminate any relationship with the customer; and
   2. b)consider whether it should make a suspicious transaction report to the FID.
8. 16.13.8The Licensed Person must be able to demonstrate to the Central Bank Examiners that the KYC Process that has been applied is appropriate in view of its risks related to the money laundering, terrorist financing or related financial crimes;
9. 16.13.9The Licensed Person must carry out the CDD process for every pre-paid card customer in addition to introducing appropriate velocity controls to monitor the activity of the customer based on the number of cards purchased (whether non-reloadable or reloadable) or number of times reloaded (where it is a reloadable card). These transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts;
10. 16.13.10The customer using automated machines (i.e. Kiosks) for executing transactions must have the Unique Identification Number (UIN) issued by the Licensed Person. In such cases, the Licensed Person must ensure that the customer is not given privileges to add new beneficiaries for conducting money transfers via such Kiosks directly. The Licensed Person must also set a maximum limit, which shall not exceed AED 3,600 per transaction for money transfers via such machines. In any case, the total value of money transfers by a customer via such machines shall not exceed AED 10,000 per month. All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts;
11. 16.13.11The Licensed Person must comply with the instructions and conditions that are stated in the Letter of No Objection issued by the Banking Supervision Department for special products or services;
12. 16.13.12The Licensed Person must implement appropriate measures/controls to ensure that the Unique Identification Number issued to a customer is being used only by that customer at all times. The Licensed Person may consider the following to comply with this requirement:
    1. a)Verification of the original ID as per Paragraph 16.8.3 of this Chapter prior to accepting transactions from a customer; or
    2. b)Issue ID/Membership/Loyalty Cards that contain the basic customer details (such as name, date of birth, nationality, UIN etc.) including a recent photograph and such original cards must be verified prior to accepting transactions from customers; or
    3. c)Introduce appropriate biometric systems.
13. 16.13.13 Natural persons, who do not have a valid visa to stay in the UAE, must not be permitted to carry out transactions unless they are in the grace period upon cancellation or expiry of the residence permit or on amnesty;
14. 16.13.14The Licensed Person must understand the purpose and intended nature of the business relationship and obtain further information in higher risk situations;
15. 16.13.15 The Licensed Person must have measures/controls in place for conducting on-going due diligence to determine whether transactions are consistent with the profile of the customer;
16. 16.13.16 The Licensed Person must comply with wire transfer rules as specified in FATF Recommendation 16 for originating institution, beneficiary institution and intermediary institution, as applicable, notwithstanding the amount involved; and
17. 16.13.17 The Licensed Person must apply the following KYC process for a customer who exchanges low denomination currency notes to larger ones:
    1. a)Customer Due Diligence (CDD) process, in accordance with Paragraph 16.9 of this Chapter, must be applied for a natural person when the value of such transaction is between AED 36,000 and AED 99,999.75;
    2. b)Enhanced Due Diligence (EDD) process, in accordance with Paragraph 16.10 of this Chapter, must be applied for a natural person when the value of such transaction is equal to or above AED 100,000;
    3. c)Enhanced Due Diligence (EDD) process, in accordance with Paragraph 16.11 of this Chapter, must be applied in case the customer is a legal entity irrespective of the value of such transaction; and
    4. d)If there are any reasonable grounds to suspect money laundering and/or terrorist financing, the Licensed Person must file a Suspicious Transaction Report (STR) with the FID, irrespective of the value of such transaction. Please refer to Paragraph 16.21.2 of this Chapter for more information on suspicious transaction reporting.

1. 16.14.1A transaction is treated as a third party transaction when it is carried out by a person (hereafter known as ‘the representative’) on behalf of another natural person or a legal entity (hereafter known as ‘the beneficial owner of funds’). The Licensed Person must not accept third party transactions except in cases that are mentioned under Paragraphs 16.14.2 to 16.14.6 of this Chapter;
2. 16.14.2The Licensed Person may accept the transaction by a natural person on behalf of another natural person subject to the following conditions:
   1. a)The representative must produce a duly executed Power of Attorney (PoA) from the beneficial owner of funds to carry out such transactions. Where there is no PoA, the beneficial owner of funds must issue a letter authorizing the representative to carry out transactions on his/her behalf. The beneficial owner of funds must visit the Licensed Person to sign such letter of authority, the validity of which shall not exceed two (2) years from the date of issue;
   2. b)The letter of authority must refer to the type of transactions (whether currency exchange or money transfer) which the representative is authorized to carry out on behalf of the beneficial owner of funds as well as the identification details of both parties. The letter must also include the beneficiary details in the case of a money transfer transaction;
   3. c)The signature of the beneficial owner of funds in the letter of authority must be verified against that in the passport or the Emirates ID;
   4. d)The representative and the beneficial owner of funds must both be resident in the UAE;
   5. e)Original identification documents of both parties must be collected and verified in addition to retaining the copies of such identification documents certified as “Original Sighted and Verified”;
   6. f)The beneficial owner of funds must undergo the CDD process in accordance with Paragraph 16.9 of this Chapter. The EDD process must be applied, when applicable, in accordance with Paragraph 16.10 of this chapter;
   7. g)All transactions must be recorded in the system against the Unique Identification Number of the beneficial owner of funds. Name and ID details of the representative must also be recorded in the Point of Sale system;
   8. h)The names of both parties must be subjected to the sanction/FPEP screening. In the case of money transfer transactions, the beneficiary’s name as well as the name of beneficiary bank must also be appropriately screened;
   9. i)The name of the representative must be printed separately on the transaction receipt in addition to the information of the beneficial owner of funds in accordance with Paragraph 16.9.10 or 16.10.3 of this Chapter, whichever is applicable; and
   10. j)All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts.
3. 16.14.3The Requirement under Paragraph 16.14.2 of this Chapter is not applicable, where the transaction is carried out by a natural person on behalf of another natural person who is either working as domestic helper (examples are: house maid, cook, servant, cleaner, etc.) or unable to visit the licensed premises due to the inherent nature of their work/living conditions, subject to the following conditions:
   1. a)The representative must produce a letter signed by the beneficial owner of the funds authorizing the representative to carry out transactions. This letter of authority must refer to the type of transactions (whether currency exchange or money transfer) which the representative is authorized to carry out on behalf of the beneficial owner of funds as well as the identification details of both parties. The letter must also include the beneficiary details in the case of a money transfer transaction;
   2. b)The total value of transactions, whether foreign currency exchange or inward/outward remittance, shall not exceed AED 24,000 during a rolling three hundred and sixty five (365) days from the date of the first transaction for each beneficial owner of funds;
   3. c)The representative and the beneficial owner of funds must both be resident in the UAE;
   4. d)Original identification documents of both parties must be collected and verified in addition to retaining the copies of such identification documents certified as “Original Sighted and Verified”;
   5. e)The representative must undergo the CDD process in accordance with Paragraph 16.9 of this Chapter. The EDD process must be applied, when applicable, in accordance with Paragraph 16.10 of this Chapter. The Licensed Person is expected to take all measures practically possible to confirm that such transactions are genuine without leaving any chance for doubt or confusion for misuse of this arrangement;
   6. f)All such transactions must be recorded in the system against the Unique Identification Number of the representative. The name and ID details of the beneficial owner of funds must also be recorded in the Point of Sale system. The SMS notifications in accordance with Paragraph 4.9 of Chapter 4 must go directly to the beneficial owner of funds;
   7. g)The names of both parties must be subjected to sanction/FPEP screening. In the case of money transfer transactions, the beneficiary’s name as well as the name of beneficiary bank must also be appropriately screened;
   8. h)The name of the beneficial owner of funds must be printed separately on the transaction receipt in addition to the information of the representative in accordance with Paragraph 16.9.10 or 16.10.3 of this Chapter, whichever is applicable;
   9. i)All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts; and
   10. j)In case of any doubt or confusion regarding the documents submitted or information provided by the representative, the Licensed Person must insist the beneficial owner of funds to personally visit the Licensed Person to complete the KYC process. If the beneficial owner of the funds refuses to visit the Licensed Person, the relationship must be terminated and the case must be reported to the FID immediately where necessary.
4. 16.14.4Transactions by a natural person on behalf of another legal entity in the UAE falls under the scope of the EDD Process under Paragraph 16.11 of this Chapter. The conditions under Paragraph 16.14.5 of this Chapter must be applied where the remittance transactions are for importing goods or payment for services;
5. 16.14.5Remittance transactions from legal entities in the UAE for importing goods or payment for services (i.e. trade related transactions), must only be accepted subject to the below conditions:
   1. a)Enhanced Due Diligence (Please refer to Paragraph 16.11 of this Chapter) must be completed for each legal entity before onboarding the customer;
   2. b)The Licensed Person must establish the commercial/economic reason for each remittance transaction;
   3. c)The Licensed Person must ensure that supporting documents, such as Invoices, are in the name of the legal entity in the UAE and the goods are destined for the UAE;
   4. d)The names of all parties involved in the transaction such as names of remitter (i.e. legal entity), its Owner/Partners/Shareholders, authorized person who carries out the transaction (i.e. the representative) and beneficiary must undergo sanction/FPEP screening for each transaction;
   5. e)Preference must be given to settle such transactions through a bank, either by cheque or via bank transfer, instead of accepting cash;
   6. f)The Licensed Person must collect the original Bill of Lading/Airway Bill for the post transaction (i.e. after executing such transactions) verification, whenever the same is issued. A copy of the original Bill of Lading/Airway Bill certified as “Original Sighted and Verified” under the signature of the employee who carries out the KYC Process must be retained;
   7. g)The Licensed Person must also track the movement of such goods using an appropriate container/vessel tracking system when the settlement of the underlying transaction is in cash. Appropriate logs and evidences must be maintained by the Licensed Person for such tracking;
   8. h)All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts; and
   9. i)The authorized person who carries out the transaction (i.e. the representative) on behalf of the legal entity must be a resident in the UAE.
6. 16.14.6Where a legal entity in the UAE (i.e. the remitter) which remits on behalf of another entity outside the UAE (i.e. beneficial owner of funds) who imports goods or pays for services, the Licensed Person must accept such transactions subject to the below conditions:
   1. a)The Licensed Person must undertake the EDD on the remitter which must be in accordance with Paragraph 16.11 of this Chapter;
   2. b)The Licensed Person must also undertake the EDD on the beneficial owner of funds;
   3. c)There must be at least one shareholder or partner common to both entities (i.e. legal entity in the UAE and the entity outside the UAE);
   4. d)In case, there is no shareholder or partner common to both entities, then there must be a legally valid agreement between the remitter and the beneficial owner of funds, authorizing the remitter to carry out such transaction;
   5. e)All documents related to the incorporation of the entity outside the UAE (i.e. beneficial owner of funds) and the agreement between both the parties must be appropriately attested by relevant authorities in the respective foreign country and in the UAE;
   6. f)The name of the beneficial owner of the funds and its Owner/Partners/Shareholders must be captured in the POS system in addition to the required information of the remitter as per Paragraph 16.11.3 of this Chapter. Names of all parties involved in the transaction such as names of the remitter, beneficial owner of funds, Owner/Partners/Shareholders of both entities, authorized person who carries out the transaction (i.e. the representative) and beneficiary must undergo sanction/FPEP screening for each transaction;
   7. g)The Licensed Person must establish the commercial/economic reasons for each remittance transaction;
   8. h)The Licensed Person must ensure that supporting documents, such as invoices, are in the name of the beneficial owner of funds and the goods are destined for the home country of the beneficial owner of the funds;
   9. i)Preference must be given to settle such transactions through bank, either by cheque or via bank transfer, instead of accepting cash;
   10. j)The name of beneficial owner of funds must be printed on the receipt in addition to the information of the remitter as per Paragraph 16.11.5 of this Chapter;
   11. k)The Licensed Person must collect the original Bill of Lading/Airway Bill for post transaction verification whenever it is issued. A copy of the original Bill of Lading/Airway Bill certified as “Original Sighted and Verified” under the signature of the employee who carries out the KYC Process must be retained;
   12. l)The Licensed Person must track the movement of goods via an appropriate container/vessel tracking system in all cases of such remittance transactions. Appropriate logs and evidences must be maintained by the Licensed Person for such tracking;
   13. m)All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts;
   14. n)In case of any doubt or confusion regarding the documents submitted or information provided by the beneficial owner of funds, remitter or representative, then the Licensed Person must exit the relationship and the case must be reported to the FID immediately; and
   15. o)The authorized person who carries out the transaction (i.e. the representative) on behalf of the legal entity in the UAE must be a resident in the UAE.
7. 16.14.7The Licensed Person must not accept any transactions from a natural person, who is acting in personal capacity, on behalf of any foreign entity or a natural person who is a UAE Non-Resident.

1. 16.15.1The Licensed Person must comply with the Cash Declaration Regulations dated 09^th January 2011 and any subsequent amendments thereto;
2. 16.15.2The Licensed Person must collect and retain the original DRIC if the customer exchanges the full amount as stated in the DRIC;
3. 16.15.3In case the customer exchanges only part of the total amount stated in the DRIC, then the actual amount of currency exchanged by the Licensed Person must be endorsed on the original DRIC under the signature of the employee who carries out the KYC process and under the official stamp of the Licensed Person. In such cases, the original DRIC can be returned to the customer, but its copy after endorsement must be retained with the Licensed Person;
4. 16.15.4In case the amount of any partial exchange is endorsed on a DRIC, the Licensed Person who accepts such DRIC must exchange only the balance of the amount of currencies to ensure that the total amount of currency exchanged by the customer using the same DRIC does not exceed the total value stated in the DRIC; and
5. 16.15.5The DRIC form collected from a customer must not be treated as evidence for the source of funds or the purpose of a transaction. Appropriate due diligence procedures must be conducted and supporting documents as evidence for the source of funds or purpose of transaction must be collected whenever and wherever necessary.

1. 16.16.1The Licensed Person must implement an appropriate recruitment and Know Your Employee process for hiring employees in accordance with Paragraph 8.2 of Chapter 8.

1. 16.17.1The Licensed Person must provide comprehensive AML/CFT compliance training to all employees including its Manager in Charge, functional heads, Directors of the Board and Owner/Partners/Shareholders. The Licensed Person is required to coordinate with the FID regarding such training;
2. 16.17.2The AML/CFT compliance training must be provided to all new joiners within thirty (30) calendar days from the date of joining. The new joiners must not be allowed to serve any customer independently until they have successfully completed such training. Refresher training must be provided to all employees at regular intervals;
3. 16.17.3The frequency of refresher AML/CFT compliance training may be determined based on the ML/FT risk exposure of each employee. Employees who deal directly with customers, products or services must be trained at least annually at a minimum;
4. 16.17.4Refresher training must also be provided whenever there are changes in the AML Laws, Regulations, Notices, the Standards or the Licensed Person’s AML policy/procedures;
5. 16.17.5Appropriate processes must be implemented to periodically assess the AML/CFT awareness of employees and repeat training must be planned based on the result of such assessment process;
6. 16.17.6Appropriate AML/CFT training registers must be maintained in order for the Central Bank Examiners to verify the training history of each employee;
7. 16.17.7Evidence for all trainings conducted such as, the training policy, training materials, training register, training plan, training schedules, assessment sheets, training certificates, etc. must be retained for the verification by the Central Bank Examiners;
8. 16.17.8The AML/CFT training materials must be reviewed and updated at regular intervals or whenever there are changes in the AML Laws, Regulations, Notices, the Standards and the Licensed Person’s AML Policy/ Procedures; and
9. 16.17.9The AML/CFT training materials must cover, at a minimum:
   1. a)Money laundering and terrorist financing, definitions, typologies as well as recent trends;
   2. b)ML/FT risks associated with the products and services offered by the Licensed Person;
   3. c)AML/CFT policies and procedures including the highlights on recent changes;
   4. d)The regulatory responsibilities and obligations of employees under AML/CFT Laws, Regulations, Notices and the Standards;
   5. e)Description of Know Your Customer process and its importance;
   6. f)Due Diligence measures and procedures for monitoring transactions;
   7. g)Sanction screening and FPEP screening procedures;
   8. h)Red flags to identify unusual transactions or transaction patterns or customer behaviours;
   9. i)Processes and procedures of making internal disclosures of unusual transactions;
   10. j)Roles of the Compliance Officer and Alternate Compliance Officer including their full contact details;
   11. k)Tipping off;
   12. l)Record retention policy;
   13. m)Reference to industry guidance and other sources of information;
   14. n)Emerging ML/FT risks and measures to mitigate such risks;
   15. o)Penalties for non-compliance with the AML/CFT Laws, Regulations, Notices and the Standards; and
   16. p)Disciplinary procedures to be applied on employees for not adhering to the AML Policy and Procedures.

1. 16.18.1The Licensed Person must continuously monitor transactions on a risk-sensitive basis which must consist of the following:
   1. a)Scrutinizing the transactions concluded by a customer to ensure that transactions are consistent with the Licensed Person’s knowledge of the customer, the customer’s business, risk profile, the source of funds and where necessary, source of the customer’s wealth; and
   2. b)Reviewing the records of a customer to ensure that documents and information collected using KYC measures and ongoing monitoring for the customer are kept up-to-date and relevant.
2. 16.18.2The Licensed Person must introduce automated systems and tools to support transaction monitoring appropriate to the nature, size and complexity of its business;
3. 16.18.3The monitoring systems must be configured to identify abnormal/unusual transactions, patterns of activities or behaviours of customers by defining sufficient number of rules and parameters within the system. Special attention must be given to third party transactions while defining rules and parameters;
4. 16.18.4Information related to the expected annual activity collected at the time of customer onboarding process must be used to assess any deviations or unusual behaviours/patterns;
5. 16.18.5All abnormal/unusual transactions must be investigated and supporting records must be retained for the minimum retention period as per Paragraph 16.24 of this Chapter; and
6. 16.18.6After investigation of abnormal/unusual transactions, if reasonable grounds are established to suspect money laundering, terrorist financing and/or financing of illicit organizations, such transactions must be reported to the FID immediately. Please refer to Paragraph 16.21.2 of this Chapter for further information.

1. 16.19.1Appropriate systems must be introduced for real time screening, as part of the KYC process, on all parties involved in a transaction against all applicable sanction lists (i.e. the UN sanction lists and the names contained in the ‘search notices’/‘search and freeze notices’ issued by the Central Bank);
2. 16.19.2Written processes and procedures for the escalation and clearing of potential sanction matches must be introduced;
3. 16.19.3The logs/records related to the clearing of potential sanction matches must be available in the system for five (5) years;
4. 16.19.4The UN sanction lists must regularly and automatically be updated within the Point of Sale/computer systems of the Licensed Person preferably without any manual intervention. Addition and deletion of names in the UN sanction lists must be immediately updated by the Licensed Person as and when such changes are announced by the UN Security Council. Appropriate logs must be maintained in the system to confirm such updates;
5. 16.19.5In case the name of a customer is an exact match (i.e. a true match) to a name or names in the UN sanction lists or ‘search and freeze notices’ issued by the Central Bank, the Licensed Person must immediately freeze the funds of that customer. The Licensed Person must immediately inform the FID along with the details of the customer and the amount of funds frozen for further instructions. The Licensed Person must not defreeze such amounts without obtaining a confirmation from the FID;
6. 16.19.6In case the name of a party to a transaction is an exact match to a name or names in ‘search notices’ issued by the Central Bank, the Licensed Person must immediately follow the instructions provided in such notices; and
7. 16.19.7Sanction screening must be applied in the below cases:
   1. a)In the case of foreign currency exchange transactions, the customer’s name must be screened against the sanction lists;
   2. b)In the case of money transfer transactions, the Remitter’s name and Beneficiary’s name as well as the name of beneficiary bank must be screened against sanction lists;
   3. c)Where the transactions are conducted by a legal entity, the name of the authorised person who carries out the transaction (i.e. the representative) must be screened against sanctions lists in addition to the name of the entity and its Ultimate Beneficial Owners. The Licensed Person, where applicable, must also comply with Paragraph 16.19.7 (b) of this Chapter; and
   4. d)The Licensed Person must also comply with the sanction screening requirements, in the case of third party transactions, as required by Paragraph 16.14 of this Chapter.

1. 16.20.1The Licensed Person must implement appropriate systems and tools to determine whether a customer, who is a natural person or the beneficial owner of a juridical person, is a FPEP or HIO or family members or associates of such a person. The Licensed Person must also carry out a periodic review of existing customers to determine if any of them is a FPEP or HIO or a family member or associate of such a person;
2. 16.20.2Where a natural person is found to be a FPEP or a family member or associate of a FPEP, the Licensed Person must carry out Enhanced Due Diligence to establish business relationship and to conduct transactions accordingly. In addition to this, the Licensed Person must also take reasonable measures to determine the source of funds and collect the information regarding the source of wealth of such customers, if it deems it necessary;
3. 16.20.3Where a natural person is found to be a HIO or a family member or associate of a HIO, the Licensed Person must assess the level of risks involved and must conduct Enhanced Due Diligence to take measures as appropriate, in case the risk is considered High for ML/FT;
4. 16.20.4Approval from the Compliance Officer and the Manager in Charge must be obtained before processing any transaction in the Point of Sale system for a natural person who is a FPEP and for high risk HIO;
5. 16.20.5The Licensed Person must refer to Paragraphs 16.11.2 (k) and (l) of this Chapter for requirements while entering into business relationships with juridical persons (i.e. legal entities) owned by FPEPs; and
6. 16.20.6All transactions by a FPEP or HIO or by an entity where the Ultimate Beneficial Owner is a FPEP or HIO must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts.

1. 16.21.1Internal disclosure requirements:
   1. a)The Licensed Person must implement procedures, controls, systems and tools for its employees to internally disclose all suspected cases of money laundering or terrorist financing directly to the Compliance Officer or to an appropriate member of the compliance department without any interference from the Manager in Charge or any other employee of the Licensed Person;
   2. b)All internal disclosures must be thoroughly investigated to confirm if there are reasonable grounds for suspicion;
   3. c)If the investigation of an internal disclosure does not reveal reasonable grounds for suspicion, then the Compliance Officer may decide either to close the case or keep it open for future monitoring; and
   4. d)The Compliance Officer must retain documentary evidence regarding all internal disclosures, details of investigations undertaken and reasons for closing a case or keeping the case open for future monitoring under watch list or for reporting to the FID.
2. 16.21.2External Reporting to the FID:
   1. a)As a primary requirement of submitting Suspicious Transaction Reports (STR), the Licensed Person must obtain access to the online STR reporting portal of the Central Bank. The Licensed Person may contact the FID or the Banking Supervision Department for appropriate guidance to obtain access to the STR reporting portal;
   2. b)The Compliance Officer must report all cases where there are reasonable grounds to suspect money laundering, terrorist financing and/or financing of illicit organizations to the FID including any attempted transactions by suspicious customers;
   3. c)Procedures and controls must be implemented to ensure timely reporting of suspected cases to the FID;
   4. d)The Licensed Person must comply with all directions of the FID in relation to STRs submitted to them;
   5. e)The Licensed Person must keep appropriate records of STRs reported to the FID; and
   6. f)The Licensed Person must freeze the funds involved in any suspicious transactions related to terrorism, terrorist organizations, foreign terrorist fighters or for terrorism purposes and immediately report to the FID without any delay.

1. 16.22.1Tipping off is prohibited and is a punishable criminal offence. The Licensed Person or its employees must not inform customers or any persons or third parties, either directly or indirectly, that their transactions are subject to monitoring, are under investigation or have been reported to the FID as suspicious transactions; and
2. 16.22.2The Compliance Officer must ensure that all employees of the Licensed Person are aware of the consequences of tipping off such as penalties and imprisonment. Sufficient AML/CFT training must be provided to all employees to avoid tipping off.

1. 16.23.1The Licensed Person must watch out for its employee’s behaviour, such as, an employee whose lifestyle cannot be supported by his/her salary or an employee who is reluctant to take a vacation or is associated with unusually large numbers of transactions, etc.

1. 16.24.1All documents/records related to transactions such as transaction receipts (except the receipts as per Paragraph 16.8.5 of this Chapter), KYC, Customer Due Diligence and Enhanced Due Diligence must be retained for a minimum period of five (5) years from the date of transaction;
2. 16.24.2Records, in the context of Paragraph 16.24.1 of this Chapter, include electronic communication and documentation as well as physical, hard copy communication and documentation;
3. 16.24.3Records retained by the Licensed Person must be sufficient to permit the reconstruction of individual transactions;
4. 16.24.4AML training registers, training plans, AML training materials and other evidence for providing AML training must be retained for a period of five (5) years from the date of training;
5. 16.24.5Supporting documents for the transaction monitoring and investigations carried out on unusual transactions must be retained for a minimum period of five (5) years;
6. 16.24.6All documents related to STRs including internal disclosures by employees must be retained for a minimum period of five (5) years from the date the STR was reported. In case the matter is subject to litigation in a court or under investigation by an enforcement agency, the supporting documents related to such transactions or STR must be retained until the final verdict is received from the court or until the Licensed Person is notified that the investigation is completed; and
7. 16.24.7Any other records to demonstrate compliance with the AML/CFT Laws, Regulations, Notices and the Standards must also be retained.

1. 16.25.1The Compliance Officer must prepare Bi-Annual Compliance Reports (i.e. reports for the six (6) months period ending on 30^th June and 31^st December of the respective financial year) in order to assess the effectiveness of the Licensed Person’s AML/CFT policies, procedures, systems and controls to prevent money laundering and terrorist financing;
2. 16.25.2Bi-Annual Compliance Reports must be submitted within one (1) month from the end of each reporting period to:
   1. a)the Compliance Committee; and
   2. b)the Board of Directors (or the Owner/Partners where there is no Board of Directors).
3. 16.25.3Bi-Annual Compliance Reports must cover at least the following:
   1. a)Assessment of ML/FT risks associated with the business of the Licensed Person and the effectiveness of its Policies, Procedures, Systems and Controls;
   2. b)Summary of the gap analysis between the AML/CFT Program of the Licensed Person and existing AML Laws, Regulations, Notices and the Standards as well as the actions taken by the Compliance Officer to bridge or resolve such gaps;
   3. c)Details of AML/CFT breaches highlighted in the most recent Central Bank examination report and the reports by Internal/External Auditors;
   4. d)The number of internal suspicious disclosures made by employees and the number of cases investigated, closed, kept open for future monitoring or reported to the FID as STRs during the reporting period;
   5. e)The number of suspicious transactions detected and reported to the FID via independent transaction monitoring by the Compliance Officer during the reporting period;
   6. f)Changes in the AML/CFT policies and procedures reviewed and the details of any AML/CFT policy or procedures newly introduced during the reporting period;
   7. g)Statistics on total employees, new joiners during the reporting period, number of employees trained and the number of employees not trained (if any) including reasons for not training employees;
   8. h)Areas where the AML/CFT training programme must be improved and proposals made to enhance the training;
   9. i)Recommendations to the Manager in Charge and the Board of Directors (or to the Owner/Partners where there is no Board of Directors) for the improvement of the AML/CFT function of the Licensed Person;
   10. j)Details of Compliance Officer’s requests for additional human resources, systems, controls, tools and technology changes for the attention of the Board of Directors (or of the Owner/Partners where there is no Board of Directors);
   11. k)An action plan to improve the AML/CFT compliance function for the next six (6) months along with the current status of similar action plan for previous six (6) months; and
   12. l)The conclusion of the Compliance Officer about the effectiveness of the existing AML/CFT function of the Licensed Person.
4. 16.25.4The Bi-Annual Compliance Report must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors); and
5. 16.25.5A copy of the Bi-Annual Compliance Report must be submitted to the Banking Supervision Department and the FID along with comments from the Board of Directors (or from the Owner/Partners where there is no Board of Directors) within four (4) months from the end of each reporting period.

1. 16.26.1The Compliance officer’s function must undergo regular audit by the Internal Auditor. Internal audit findings must be reported to the Board of Directors (or to the Owner/Partners where there is no Board of Directors);
2. 16.26.2External Auditors must perform Agreed-Upon Procedures on the AML/CFT Compliance function annually and report their findings directly to the Board of Directors (or to the Owner/Partners where there is no Board of Directors). The Licensed Person must submit a copy of this report to the Banking Supervision Department within four (4) months from the end of each financial year; and
3. 16.26.3The Board of Directors (or the Owner/Partners where there is no Board of Directors) must ensure that appropriate actions are taken by the Compliance Officer, Manager in Charge and other functional heads to resolve findings of internal and external auditors in a timely manner.

1. 16.27.1The Licensed Person must upload remittance data to the Central Bank Remittances Reporting System on a daily basis. Remittance data must be uploaded before the end of the next business day; and
2. 16.27.2The Licensed Person must also introduce appropriate systems and tools to enable immediate responses to the enquiries received from the Central Bank (example: Search or Freeze notices) and other competent authorities in the UAE.

1. 16.28.1The Licensed Person must pay special attention to any ML/FT risk that may arise from new or developing technologies, products or transactions that may favour anonymity and take measures to prevent the use of such products to launder money or finance terrorism.

1. 16.29.1Please refer to Paragraph 6.9.3 of Chapter 6 for the roles and responsibilities of the Compliance Committee.

1. 16.30.1The standards under this Chapter shall apply to all Licensed Persons and their branches, offices and subsidiaries operating in the UAE as well as their employees, Board of Directors, Owner/Partners/Shareholders; and
2. 16.30.2The standards under this Chapter also apply to all branches and subsidiaries of the Licensed Person operating in foreign jurisdictions where the AML/CFT compliance requirements are less stringent than that contained in this Chapter.

1. 16.31.1AML/CFT Standards of this Chapter must be read in conjunction with the following Laws and Regulations of the UAE:
   1. a)Federal Law number 4 of 2002 regarding Criminalization of Money Laundering;
   2. b)Federal Law Number 9 of 2014 regarding amendment of some provisions in Federal Law number 4 of 2002;
   3. c)Decree Number 38 of 2014 Regarding the Executive Bye Law of the Federal Law number 4 of 2002;
   4. d)Notice No. 24/2000 issued on 14^th November 2000 and its subsequent amendments;
   5. e)Notice No. 1401/2010 issued on 16^th March 2010; and
   6. f)Any other Notices, Circulars or Regulations issued hereafter by the Central Bank of the UAE on AML/CFT compliance.