Skip to main content
Entire section Custom print Text Only Rich Text Print

Article (4)

IA-BOD-RES 10/2019
  1. Financial Institutions and Designated Non-Financial Businesses and Professions shall identify, evaluate and understand their crime risks, in a manner commensurate with the nature and size of their business and shall abide by the following:
     
    1. Observing all relevant risk factors such as risks of Clients, countries or geographical areas, products, services, operations and their delivery channels before determining the overall risk level and the appropriate level of risk reduction measures to be applied Client.
       
    2. Documenting and continually updating risk assessments and providing them upon request.
       
  2. Financial Institutions and Designated Non-Financial Businesses and Professions shall undertake to reduce the risks identified under Clause no 1) of this Article, taking into account the results of the national risk assessment, through the following:
     
    1. Developing internal policies, controls and procedures commensurate with the nature and size of its business approved by the senior management, which enable it to manage the identified risks and follow up their implementation and strengthen them if necessary, in accordance with Article no. (20) of this Resolution.
       
    2. Taking enhanced due diligence measures to manage high risks when identified, including the following for example:
       
      1.  Obtaining and verifying further information as information on the identity of the Client, the beneficial owner, his/ her profession, and the amount of funds and information available through public databases and open sources.
         
      2. Obtaining additional information about the purpose of the business relationship or the reasons for the operations expected or actually performed.
         
      3. Updating Client Due Diligence (CDD) information in a more regular manner about the Client and the beneficial owner.
         
      4. Applying reasonable measures to determine the source of funds and wealth of the Client and the beneficial owner.
         
      5. Increasing the degree and level of continuous monitoring of the business relationship in order to determine whether they look unusual or suspicious, and to select patterns of operations that need further examination and review.
         
      6. Make the first payment through an account in the Client's name at a financial institution subject to similar due diligence standards.
         
      7. Obtain senior management approval to start or continue the business relationship with the Clientclient.
         
  3.  If the requirements indicated in clauses nos. (1) and (2) of this Article are met, the Financial Institutions and Designated Non-Financial Businesses and Professions may apply simplified due diligence measures to manage and reduce risks when low risks are identified, unless there is a suspicion of a crime has been committed. Simplified due diligence measures must be commensurate with low risk elements, including the following for example:
     
    1. Verifying the Clientclient’s identity and the real beneficiary owner after starting the business relationship.
       
    2. Updating Clientclients’ data at intervals.
       
    3. Reducing the rate of continuous monitoring rate and examination operations.
       
    4.  Inferring the purpose and nature of the business relationship from the type of the established transactions or business relationship, without the need to collect information or undertake specific procedures.

 

This article has been amended by Cabinet Resolution No. (24) of 2022. You are viewing the latest version. To view the previous version, click the version box below.
Version 1(effective from 10/02/2019 to 01/04/2022)

 

  1. Financial institutions and DNFBPs are required to identify, assess, and understand their crime risks in concert with their business nature and size, and comply with the following:
     
    1. Considering all the relevant risk factors such as customers, countries or geographic areas; and products, services, transactions and delivery channels, before determining the level of overall risk and the appropriate level of mitigation to be applied.
       
    2. Documenting risk assessment operations, keeping them up to date on on-going bases and making them available upon request.
       
  2. Financial Institutions and DNFBPs shall commit to take steps to mitigate the identified risks mentioned as per Clause (1) herein, taking into consideration the results of the National Risk Assessment, by the following:
     
    1. Developing internal policies, controls and procedures that are commensurate with the nature and size of their business and are approved by senior management, to enable them to manage the risks that have been identified, and if necessary, to monitor the implementation of such policies, controls and procedures and enhance them as per Article (20) of the present Decision.
       
    2. Applying CDD measures to enhance high risks management once identified. Examples include:
       
      1. Obtaining more information and investigating this information such as information relating to the Customer and Beneficial Owner identity, or information relating to the purpose of the business relationship or reasons of the transaction.
         
      2. Updating the CDD information of the Customer and Beneficial Owner more systematically.
         
      3. Taking reasonable measures to identify the source of the funds of the Customer and Beneficial Owner.
         
      4. Increasing the degree and level of ongoing business relationship monitoring and examination of transactions in order to identify whether they appear unusual or suspicious.
         
      5. Obtaining the approval of senior management to commence the business relationship with the Customer.
         
  3. In case the requirements stipulated in Clauses (1 and 2) above are met, the Financial Institutions and DNFBPs shall be permitted to apply simplified CDD measures to manage and limit the identified low risks, unless there is suspicion of a committed Crime. The simplified CDD measures should be commensurate with the low risk factors. These include the following, as examples:
    1. Verifying the identity of the Customer and Beneficial Owner after establishing the business relationship.
       
    2. Updating the Customer’s data based on less frequent intervals.
       
    3. Reducing the rate of ongoing monitoring and transaction checks.
       
    4. Concluding the purpose and nature of the business relationship based on the type of transactions or the business relationship that has been established, without the need to gather information or performing specific procedure.