16.2.1The Licensed Person must identify, assess and understand the money laundering and financing of terrorism (ML/FT) risks associated with its business on a regular basis;
16.2.2The Licensed Person must implement a ML/FT risk assessment methodology as appropriate to the nature, size and complexity of its business;
16.2.3Money laundering and terrorist financing risks associated with the following parameters of the Licensed Person must be assessed at a minimum:
16.2.4The Licensed Person must identify and assess ML/FT risks based on additional parameters that may be relevant to the nature, size and complexity of its business before entering into any business relationships;
16.2.5In assessing ML/FT risks, the Licensed Person must have the following in place:
a)Documented risk assessment methodology, process and findings;
b)Determine the level of overall risk, acceptable level of risk and mitigating measures to be applied to minimise the impact of risks;
c)Keep risk assessments up-to-date through periodic reviews; and
d)Establish appropriate mechanisms to provide information on risk assessments to the Central Bank and to Examiners, whenever required.
16.2.6The Licensed Person should also be guided by the results of the National Risk Assessment in conducting its own ML/FT risk assessments which will be issued by the competent authority in the UAE in future; and
16.2.7The Licensed Person must identify and assess the ML/FT risks that may arise in relation to the development of new products and services including new delivery mechanisms and the use of new or developing technologies for both new and existing products, as follows:
a)Undertake the risk assessment prior to the launch or use of such products, services and technologies;
b)Take appropriate measures to manage and mitigate risks;
c)Notify the Banking Supervision Department of the product and its risks, risk mitigation measures; and
d)Obtain a Letter of No Objection from the Banking Supervision Department prior to launching the product.