Bearer negotiable instruments are financial instruments of whatever form, whether in the form of a bearer document, such as traveler’s cheques, promissory notes and cheques, payment orders, or other forms that can be attractive to illicit actors as alternatives to cash. Bearer negotiable instruments provide the opportunity to move large amounts of funds in bearer form without the bulkiness of cash. They are transferable documents that provide unconditional guarantees of cash payments either on demand or at a future date. The individual who issues a negotiable instrument is known as the ‘payer’ or ‘issuer,’ and the person who receives a negotiable instrument is known as the ‘bearer’ or ‘payee’.

Bearer negotiable instruments often include the instruction 'pay to the bearer', meaning the bearer would be the person in physical possession of the instrument. The risk, in this scenario, is that the holder is a criminal and/or not the intended payee of the negotiable instrument. Bearer negotiable instruments are also unique in that they can also be easily transferred from one party to another, which effectively obscures the paper trail on the ‘payer’ or ‘issuer’, and enables illicit actors to distance the proceeds of crime from the illegitimate source. LFIs should seek to mitigate these risks by continuing accepting cash and third party cheques as long as the due diligence measures regarding the person presenting the cheque have been duly conducted by the LFI.

Prepaid cards can be used as an alternative to cash in that they provide access to funds that have been paid in advance. Funds can be claimed or transferred through an electronic device, such as through a card, code, electronic serial number, mobile identification number, or personal identification number within either an "open" or "closed" loop system:

Prepaid cards can be abused by illicit actors seeking to launder money and finance terrorist activities. For instance, both open and closed loop prepaid cards can be utilized in conjunction with, or as a replacement to, bulk cash smuggling. Specifically, drug traffickers have been known to convert cash derived from narcotic sales to prepaid debit cards, which they then use to purchase goods and services or send to narcotic suppliers, who in turn use the cards to withdraw cash from an ATM. In addition, funds can be loaded onto prepaid cards in support of terrorist activities, such as purchasing various products and services whether buying a terrorist a plane ticket or providing other resources (e.g. car rental or hotel) to support a terrorist group.

When assessing the risks associated with prepaid cards, LFIs should consider the specific risks posed by the features and functionalities of the monetary instrument. If the cardholder is anonymous, or if the holder or purchaser provides false information on their identity for instance, the money laundering and financing of terrorism and illegal organisations risks are higher. In addition, LFIs should evaluate the risks associated with cash access, and the volume and velocity of funds that can be loaded and retrieved on prepaid cards. Further risk factors include type and frequency of loads and transactions, geographic location where the transaction activity occurs, value limits, distribution channels, and the nature of funding sources.

Cash-intensive businesses are businesses that experience a high volume of cash flows. However, because cash-based transactions are inherently difficult to trace, as discussed above, cash-intensive businesses may potentially be used as vehicles for money laundering and the financing of terrorism and illegal organisations. Businesses that generate a large volume of cash revenue may be susceptible to abuse by illicit actors that integrate the proceeds of crime into the banking system under the guise of legitimate business. In particular, they may exploit cash-intensive businesses for money laundering and the financing of terrorism and illegal organisations by using cash-intensive business to:

Cash-intensive businesses span across various industry sectors. Most of these businesses are operating a legitimate business; however, some aspects of these businesses may be vulnerable to money laundering or the financing of terrorism and illegal organisations. Examples of cash-intensive businesses include but are not limited to the following:

In addition, please consult the CBUAE’s Guidance for Licensed Financial Institutions providing services to the Real Estate and the Precious Metals and Stones sector³ for further information.

LFIs may expand on the above by considering additional factors when identifying cash-intensive businesses in their customer base. For example LFIs can define cash-intensive businesses based on specific criteria, such as a proportion or more of the business’ revenue is in cash or the business has a monthly revenue in cash above a certain threshold. In either scenario, the definition of cash-intensive business should be determined by the LFI, justified by a sound methodology that considers various factors including risk and characteristics, documented in the LFI’s policies and procedures, and approved by the LFI’s senior management.

The LFI should monitor whether the cash-intensive business appears to generate unusual transactions compared to the business’ expected activity and profile, and with other similar cash-intensive businesses. For example, a small business making significantly larger amounts of cash deposits than other businesses of a similar size in the same industry should be reviewed for potential money laundering activity. The extent of the vulnerability presented by cash-intensive businesses may be particularly severe due to large volumes of cash transactions, limited record keeping, and high customer turnover. LFIs should therefore understand the nature and purpose of the business relationship and expected activity of the customer in order to identify types of transactions that appear to be unusual, potentially suspicious, and/or inconsistent with the customer’s profile and stated purpose of the account.

The following sections examine common features of cash-intensive businesses that impact risk. LFIs should consider the specific risks posed by these features to determine whether the customer is considered as high-risk and should be subject to enhanced due diligence (“EDD”) measures. LFIs should incorporate this assessment into their AML/CFT program and update their policies, procedures, and processes with the aim to detect illicit activity and manage illicit financing risks.

³ Available at https://www.centralbank.ae/en/cbuae-amlcft

As required by Article 4.1 of AML-CFT Decision, the enterprise risk assessment must reflect the presence of higher-risk customers, including cash-intensive business customers, in an LFI’s customer base. These assessments should in turn be reflected in the LFI’s inherent risk rating. In addition, the LFI’s controls risk assessment should take into consideration the strength of the controls that the LFI has in place to mitigate the risks posed by its cash-intensive business customers, including the preventive measures discussed below.

The LFI is expected to assess the risk of each customer to identify those that require EDD and to support its entity risk assessment. In assessing the risks of a cash-intensive business, LFIs should consider:

Questions that an LFI may ask to determine the risk profile of a cash-intensive business include, but are not limited to:

⁷ Available at: https://www.namlcftc.gov.ae/en/high-risk-countries.php
⁸ Available at: https://baselgovernance.org/basel-aml-index
⁹ Available at: https://www.transparency.org/en/cpi/2020/index/nzl

Where the LFI determines a customer to be higher-risk, Article 4.2(b) of AML-CFT Decision requires that the LFI apply EDD. EDD is also required for specified higher-risk customer types, no matter their risk rating:

EDD measures should be designed to mitigate the specific risks identified with particular customers. Examples of EDD measures are described below in Section 3.2.

Under Article 8 of AML-CFT Decision, LFIs are required to identify and verify the identity of all customers. As stipulated in the Guidelines on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations for Financial Institutions, the identification and verification of the identity of customers is a fundamental component of an effective ML/FT risk management and mitigation program. Please see Section 6.3.1 of the above-mentioned Guidelines for further information on customer identification.

The majority of cash-intensive businesses will be legal persons. Article 9 of AML-CFT Decision requires all financial institutions to identify the beneficial owners of a legal person customer by obtaining and verifying the identity of all individuals who, individually or jointly, have a controlling ownership interest in the legal person of 25% or more. Where no such individual meets this description, the LFI should identify and verify the identity of the individual(s) holding the senior management position in the entity.

The beneficial owner of a legal person must be an individual. Another legal person cannot be classified as the beneficial owner of a customer, no matter what percentage it owns. LFIs should continue tracing ownership all the way up the ownership chain until it discovers all individuals who own or control at least 25% of the LFI’s customer. When the LFI has identified qualifying beneficial owners, it should perform CDD on each individual beneficial owner, in accordance with the requirements of Article 8.1(a) of AML-CFT Decision (10). If no individual qualifies as a beneficial owner, LFIs should identify the individual(s) holding the position of senior management officer(s) within the customer. This option should be used only as a last resort, however, and when the LFI is confident that no one individual, or small group of individuals, exercises control over the customer. Please see the CBUAE's Guidance for LFIs providing services to Legal Persons and Arrangements¹⁰ for more information on identification of beneficial owners.

¹⁰ Available at https://www.centralbank.ae/en/cbuae-amlcft.

Under article 8 of AML-CFT Decision, for all customer types, LFIs are required to understand the purpose for which the account or other financial services will be used, and the nature of the customer’s business. This step requires the LFI to collect information that allows it to create a profile of the customer and of the expected uses to which the customer will put the LFI’s products and services. This element of CDD will have important implications for the customer risk rating.

It is critical that LFIs have processes and controls in place to ensure that they are able to identify cash-intensive business customers. In line with a risk-based approach, LFIs should interview the customer, review the customer’s business license, request recent financial statements (audited if available), tax returns or additional information, search company databases and assess the primary business activity, products, and services offered by the customer to understand the full scope of the customer’s business.

If an LFI determines that a customer or prospective customer has materially misrepresented itself or its business, it should not onboard the customer and should exit the relationship if one has been established. In addition, the LFI should consider filing a Suspicious Transaction Report (STR), Suspicious Activity Report (SAR) or other report types to the UAE FIU as discussed in section 3.3.2 below. The LFI may also consider adding the customer, its beneficial owners, directors, and its managers to internal watchlists.

High-risk customers should be treated as high risk no matter the financial services they use. Even so, the risk to which the LFI may be exposed can vary based on the purpose of the account and the types of financial products and services the customer wishes to use. LFIs should fully understand the uses to which the cash-intensive business intends to put the account and the expected activity on the account, to the extent that it can generally predict activity on the account and identify activity that does not fit the profile. To that end, the LFI should seek to assess the expected volume, frequency, and nature of cash transactions that the customer intends to conduct through its account, as this will be an important risk factor for identifying money laundering and financing of terrorism and illegal organisations risks associated with the cash-intensive business. In addition, the LFI may wish to consider whether the expected volume of cash coming through the account is consistent with the declared sales income and whether the expected volume of cash appears reasonable compared to other similar cash-intensive customers of the LFI (i.e., operating as similar business types in similar markets).

Under Article 7 of AML-CFT Decision, all customers must be subject to ongoing monitoring throughout the business relationship. Ongoing monitoring ensures that the account or other financial service is being used in accordance with the customer profile developed through CDD during onboarding, and that transactions are normal, reasonable, and legitimate.

Under Article 16 of AML-CFT Decision, LFIs must monitor activity by all customers to identify behaviour that is potentially suspicious and that may need to be the subject of a suspicious transaction report (“STR”) or suspicious activity report ("SAR") or other report types. As with all customer types, LFIs that use automated monitoring systems should apply rules with appropriate thresholds and parameters that are designed to detect common typologies for illicit behaviour. When monitoring and evaluating transactions, the LFI should take into account all information that it has collected as part of CDD, including the identities of beneficial owners. For example, a series of transactions between two unconnected companies may not be cause for an alert. But if the companies are all owned or controlled by the same individual(s), the LFI should investigate to make sure that the transactions have a legitimate economic purpose. In addition, higher-risk customers should be subject to more stringent transaction monitoring, with lower thresholds for alerts and more intensive investigation.

Monitoring systems can include manual monitoring processes and the use of automated and intelligence-led monitoring systems. In all cases, the appropriate type and degree of monitoring should appropriately match the ML/TF risks of the institution’s customers, products and services, delivery channels, and geographic exposure, and may therefore vary across an LFI’s business lines or units, where applicable. TM programs should also be calibrated to the size, nature, and complexity of each institution. Please consult the CBUAE’s Guidance for Licensed Financial Institutions on Transaction Monitoring and Sanctions Screening for further information.¹¹

The transaction monitoring system used by LFIs should be equipped to identify patterns of activity that appear unusual and potentially suspicious for cash-intensive business customers as well as unusual behaviour that may indicate that a customer’s business has changed in such a way as to require a high-risk rating. Some red flags for cash-intensive business customers are described below. If an LFI’s automated transaction monitoring system is not capable of alerting on these red flags, LFIs should have in place manual monitoring, such as management information systems.

¹¹ Available at https://www.centralbank.ae/en/cbuae-amlcft.

As required by Article 15 of the AML-CFT Law and Article 17 of AML-CFT Decision, LFIs must file a suspicious transaction report (“STR”) or suspicious activity report ("SAR") or other report types with the UAE Financial Intelligence Unit (“UAE FIU”) when they have reasonable grounds to suspect that a transaction, attempted transaction, or funds constitute, in whole or in part, regardless of the amount, the proceeds of crime, are related to a crime, or are intended to be used in a crime. STR filing is not simply a legal obligation; it is a critical element of the UAE’s effort to combat financial crime and protect the integrity of its financial system. STR filings assist law enforcement in detecting criminal actors and preventing the flow of illicit funds through the UAE financial system.

In addition to the requirement to file an STR when an LFI suspects that a transaction or funds are linked to a crime, LFIs should consider filing an STR in the following situations involving higher-risk customers:

Please consult the CBUAE’s Guidance for Licensed Financial Institutions on Suspicious Transaction Reporting¹² for further information.

¹² Available at https://www.centralbank.ae/en/cbuae-amlcft.