Skip to main content
  • 2.2. Role of the Second Line of Defense

    The second line of defense (e.g., compliance employees) provides policy advice, guidance, assurance, oversight, and challenge to the first line of defense. While employees in Financial Crime Operations Units (possibly in the first line of defense) can investigate suspicious transactions and document the resultant investigation, the ultimate filing of the STR or SAR must be made by the Compliance Officer or the MLRO (in the second line of defense). To this end, the second line of defense is charged with overseeing the investigations programme comprised of both automated and manual monitoring processes. The second line of defense is also charged with monitoring risks facing the LFI, such as noncompliance with UAE laws and regulations, and reporting directly to senior management on the LFI’s risk exposure, including through financial crime-related metrics. Specifically, the second line of defense and first line of defense (as applicable) should generate financial crime-related metrics (e.g., STRs or SARs filed, alert backlogs) to provide senior management with an adequate overview of the LFI’s compliance program, including the timeliness and quality of the LFI’s handling and resolution of transaction monitoring alerts and the STR or SAR filing process. The second line of defense should retain records of all information relating to transaction monitoring and suspicious activity reporting for a period of no less than five (5) years as provided in Article 24 of the AML-CFT Decision.

    • 2.2.1. Role of the Compliance Officer / MLRO

      According to Article 21 of the AML-CFT Decision, LFIs are required to appoint a Compliance Officer with the appropriate competencies and experience to perform the necessary tasks to:

       Detect transactions relating to any crime as defined in Article 1 of the AML-CFT Decision.
       Review, scrutinize, and study records; receive data concerning suspicious transactions; and make decisions to either notify the FIU or maintain the transaction with a documented rationale for maintaining the transaction while upholding confidentiality requirements.
       Review the internal rules and procedures relating to combating the crime and their consistency with relevant laws and regulations; assess the extent to which the LFI is committed to the application of these rules and procedures; propose what is needed to update and develop these rules and procedures; prepare and submit semi-annual reports on these points to senior management; and send a copy of that report to the relevant supervisory authority with senior management remarks and decisions.
       Prepare, execute, and document ongoing training and development programs and plans for the LFI’s employees on money laundering and the financing of terrorism and financing of illegal organisations, and the means to combat them.
       Collaborate with the supervisory authority and FIU, provide them with all requested data, and allow their authorized employees to view the necessary records and documents that will allow them to perform their duties.
       

      According to CBUAE’s Guidelines, the Compliance Officer is the LFI’s money laundering reporting officer (“MLRO”) charged with reviewing, scrutinizing, and reporting STRs and other reports pertaining to suspicious activity. In this capacity, the Compliance Officer or MLRO is ultimately responsible for the detection of transactions related to money laundering and financing of terrorism and illegal organisations; for reporting suspicions to the FIU; implementing the appropriate actions following an STR, SAR, or other report filing (e.g., ensuring the STR or SAR subject is input into the relevant list for close monitoring or internal watchlists/blacklists; changing the customer risk rating; etc.); and for cooperating with the relevant authorities on AML/CFT matters. The Compliance Officer or MLRO is ultimately responsible to ensure that an appropriate programme exists in the LFI and that the LFI effectively deploys a risk-based approach to detect and report suspicious activity.

      The Compliance Officer or MLRO should also act as the primary point of contact with law enforcement agencies for their requests and investigations. The Compliance Officer or MLRO is responsible for liaising with regulators and external bodies on financial crime issues in order to share knowledge, report cases, develop best practices, and where possible, to improve coordination within the financial sector.