Book traversal links for 3.2.1.4.1 CDD Updating
3.2.1.4.1 CDD Updating
Effective from 16/6/2021LFIs are required to ensure that the CDD information they hold on all customers is accurate, complete, and up-to-date. This is particularly crucial in the context of customers that are companies, which, by their very nature, can change their fundamental identity overnight. With the stroke of a pen, a company engaged in a low-risk business and owned by reputable UAE residents can move its activities to a high-risk sector and can transfer ownership to nationals of a high-risk foreign jurisdiction. For example:
• | Mr. Y and Sons is a highly-reputable dealer in uncut diamonds that has been banking with Bank C for more than 40 years. Bank C's account manager reads in the newspaper that Mr. Y has recently passed away and calls on Mr. Y's sons to express his condolences. During the course of the conversation, the account manager asks which son will be in charge of the business going forward. They inform him that they have just sold the business to a consortium of investors who wished to remain anonymous but who were represented by a global law firm with offices in the Free Zone. Once it has become aware of this fact, Bank C should rapidly identify the new beneficial owners of the customer. If it cannot do so promptly, it should suspend activity on the account. |
LFIs should update CDD for all customers on a risk-based schedule, with CDD on higher-risk customers being updated more frequently. EDD on all customers should involve more frequent CDD updates.
CDD updates should include a refresh of all elements of initial CDD, and in particular should ascertain that:
• | The customer's beneficial owners remain the same; | |||
• | The customer continues to have an active status with a company registrar; | |||
• | The customer has the same legal form and is domiciled in the same jurisdiction; | |||
• | The customer is engaged in the same type of business, and in the same geographies; |
In addition to a review of the customer's CDD file, the LFI should also review the customer's transactions to determine whether they continue to fit the customer's profile and business, and are consistent with the business the customer expected to engage in when the business relationship was established. This type of transaction review is distinct from the ongoing transaction monitoring discussed in section 3.2.1.4.2 below. The purpose of the review is to complement transaction monitoring by identifying behaviours, trends, or patterns that are not necessarily subject to transaction monitoring rules. For example:
• | Bank C is conducting its scheduled CDD review for Company A, a commercial real estate brokerage firm. When reviewing the customer's transactions over the past year, Bank C notices that Company A has begun making fairly regular payments to a counterparty in Country 1. Previously, Company A had engaged in extremely limited cross-border activity. The payments do not exhibit any red flags and therefore were not flagged by Bank C's automated transaction monitoring system. Bank C contacts Company A and learns that it is has recently entered into a referral agreement with a private bank in Country 1. The bank refers customers looking to invest in the real estate sector, in Country 2, to Company A and in return receives a percentage of any commission Company A makes on a resulting sale. Bank C decides to conduct additional due diligence to learn more about the customer base referred to Company A by the bank in Country 1. |
The techniques used for transaction review will vary depending on the client. For lower-risk clients, a review of alerts, if any, is likely to be sufficient. For higher risk clients, a more intensive review may be necessary. For clients with a large volume of transactions, LFIs may use data analysis techniques to identify unusual behaviour.
If the review finds that the customer's behaviour or information has materially changed, the LFI should risk- rate the customer again. New information gained during this process may cause the LFI to believe that EDD is necessary, or may bring the customer into the category of customers for which EDD is mandatory (i.e. customers that are PEPs, or owned or controlled by PEPs, or their family members or associates; and customers that are based in high-risk jurisdictions).
LFIs may consider requiring that the customer update them as to any changes in its beneficial ownership or business activities. Even if this requirement is in place, however, LFIs should not rely on the customer to notify it of a change, but should still update CDD on a schedule appropriate to the customer's risk rating.