Scope

Details

Suspicious Transactions Reports

- Verifying from the Compliance Officer the applicable policies and procedures to ensure that any of the staff that deals or has an administrative liability for dealing with the transactions, which may involve money laundering or terrorism financing, files an immediate report to the Compliance Officer of the company, if he/she comes to know about a suspicious operation, and freezes the transactions.

- Verifying from the Compliance Officer if there are any suspicious or unusual transactions notified by the staff and if the FIU of the Central Bank of the UAE is notified of it after verifying that it is suspicious or unusual.

- Obtaining STR and SAR records, it should be confirmed if such reports are urgently notified only to the FIU of the Central Bank of the UAE, (ensuring that the reports are not filed to another regulator).

- Verifying from the Compliance Officer the applicable procedures to ensure that the higher management, officers and staff do not notify or inform by any (written or phone) means the (customer, the beneficiary or any related profession) about their information, notifying the relevant authorities and verifying that the company has policies, procedures, regulations and controls to prevent informing the customer in this event

- Verifying if the examined samples imply any contact or refers to a communication with the customer to inform him/her/it that he/she/it is a suspect

- Verifying that STR and SAR are timely filed to the FIU of the Central Bank of the UAE, describing the nature of the transactions which raise suspicion, and verifying if the notified transactions are timely frozen.

- Verifying that the company has an activated account in “GO-AML” and the number of STR and SAR sent to the FIU during the year.

- Verifying the documents of the appointment or assignment of any of the company’s employees as a (Compliance Officer) and requesting the documentary evidence of the
appointment/assignment which were notified to the Insurance Authority

- Verifying through the administrative structure that the
(Compliance Office) filed his/her reports directly to the higher management of the company and that there are no other tasks assigned to the Compliance Officers

- Ensuring that the Compliance Officer is responsible for all obligations in Article 21 of Cabinet Resolution No 10 of 2019 on the Executive Regulations of Federal Law No 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations

- Verifying that the company asked the appointed external auditors to prepare and file a report on the compliance with Law on Anti-Money Laundering to the Insurance Authority by 30 April of the next year and that the findings of such report were received and addressed by the company.

- Verifying the qualifications of the (Compliance Officer),(including the professional certificates and the training courses attended by the (Compliance Officer)

- Verifying that the (Compliance Officer) files a biannual report to the higher management and the Insurance Authority.

1) Performing all obligations for “Know Your Customer”, customer due diligence and enhanced due diligence as set out in Cabinet Resolution No 10 of 2019 on the Executive Regulations of Federal Law No 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations:

a. For natural persons, as set out in the above Cabinet Resolution.

b. For corporate persons, as set out in the above Cabinet
Resolution.

c. For NGOs, as set out in the above Cabinet Resolution.

d. In the event of conducting transactions for another person or
entity, verifying the identity of such person or entity and obtaining the required information and documents, as set out in the above Cabinet Resolution.

2) Verifying from the staff of the company if all necessary information and documents of the customers, including the ultimate beneficiary owners, are obtained prior to establishing any business relationships, whether the customer is a natural or corporate person, and if such information is regularly updated

3) Verifying from the Company if the applicable procedures establish the identity of the beneficiaries, which are not the customer, obtaining and recording full information there, and ensuring whether:

a) The company determines and verifies the identity of this party prior to conducting any payment transactions

b) In the event of identifying the beneficiary as a corporate person or taking a legal arrangement with high risk, the customer due diligence procedures of the company shall include procedures based on premises to determine and verify the real identity of the beneficiary of the insurance policy upon payment

4) Ensuring through the staff of the company whether the customer due diligence procedures are adopted:

a) The company takes measures based upon premises to understand the ownership and nature of the corporate person

b) The company ensures the nature and type of the business relationship, which is established with a natural or corporate person

c) The company controls on a continuous basis the business relationship with its customers,

to the effect that it verifies the transactions conducted to ensure that they are in accordance with KYC and the details of the customer business and its risks as well as the source of the funds, as required.

5) Verifying if the company enters into business with a customer by using a false name or with an unknown person or opening an account with a fictitious name and if the name of the account holder is in accordance with the identity card or a copy of the passport or the trade license and if the staff in charge verifies that such copies are authentic and signed.

6) Verifying from the staff of the company if the following procedures and terms are adopted and complied with:

a. Applying the due diligence procedures to the current customers, if:

(1) There is a substantial change in the nature or ownership of the customer

(2) There is doubt about the correctness or accuracy of the information of the customer

(3) A big transaction is about to be concluded with or for the customer

(4) There is another reason that may be held adequate by the company

b. If the company is unable to identify the customer by a reliable and independent source of information, the company must:

1) End any relation with the customer immediately.

2) Consider the need for filing suspicious transaction reports to the competent unit.

Performing all obligations for “Know Your Customer”, customer due diligence and enhanced due diligence, as set out in Cabinet Resolution No 10 of 2019 of the Executive Regulations of Federal Law No 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations

1) Verifying that the company has a process for identifying the customers and/ or the real beneficiaries from the politically exposed persons (PEP) and ensuring that:

a. Suitable risk management regulations are applied to determine whether the customer or the real beneficiary is a PEP or not.

b. The approval of the higher management is obtained for establishing or proceeding with a business relationship, if the customer or the real beneficiary is a PEP.

c. The source of the wealth and assets of the real beneficiary is determined by any available reasonable means.

d. It during the business relationship conducts enhanced due diligence.

2) In the event of large documents, as specified in Article 6 of Cabinet Resolution No 10 of 2019 above, verifying that the documents of the financial situation of the customer, the source of the funds and the net income as well as the names of the banks, which the customer deals with, are kept and maintained over the past three years.

3) Ensuring that the company provides, in addition to the due diligence procedures, the due diligence under Cabinet Resolution No 10 of 2019 above.

4) Ensuring that the insurance company takes reasonable measures to identify the beneficiary or the beneficial owner of the life insurance and Family Takaful insurance policies. If he/she is identified as a PEP, the company shall inform the higher management prior to paying to the beneficiaries or prior to exercising any rights thereof, do a comprehensive examination of all business relationships and consider notifying a STR to the Unit

- The number of the years of maintaining the documents (in the event of a court case and after the end of the court case or in the event that there is no legal action)

- The existing transaction details (type, sum, etc.), including whether an STR or SAR is notified

- The method of maintaining the data (in soft or hard files)

- The existing system for document maintenance

- If the system includes the dates of the commencement and end of the business relationship

- In the event of notifying STR or SAR whether the database contains a request from the FIU and what is the timeframe of dealing with such requests

- The minimum requirements for storing (soft and hard) records, which may include the safety and the availability of the data in the event of a crisis

The company relays on a risk-based approach, which includes:

- Assessing the risks of money laundering and financing of terrorism faced by the company, including

a. The type of the company’s customers (and the purpose of the relationship)

b. The products and services provided by the Company (and their objective)

c. The technology used by the company (and the objective of this use) to provide such products and services

- Establishing the required procedures for mitigating such risks

- The existing classification and description of the risks of the business relationship, taking into consideration at least four risk factors of this business relationship: customer risk, product risk, operational risk and competent department risks

Ensuring that the policies and procedures:

- Are authenticated and approved for anti-money laundering and combating terrorism financing.

- Include specified actions and standards for identifying the customers with high risk.

- Include a specified and periodic mechanism for updating the lists of terrorism in Cabinet Resolution No 20 of 2019 and informing the regulator if the case is identified

- Include the standards for notifying STR or SAR, (including the notification timeframe).

- Require a timeframe for the regular update of the policies and procedures

- Performing by the internal auditor a regular audit of the procedures for anti-money laundering and combating terrorism financing, which are adopted by the departments of the company

- Verifying if the company adopts a policy for periodically reviewing the sufficient customer due diligence and enhanced due diligence for the customers and ultimate beneficiary owner and ensures a continuous update of the information, particularly, about the customers with high risk.

- Verifying that the company adopts a process for periodically and regularly updating the tests of AML diligence.

Verifying that:

- An independent internal control unit exists in the company and inquiring from the internal auditor about the way of ensuring compliance with the policies, procedures, regulations and controls for anti-money laundering and combating terrorism financing.

- The internal auditor files his/her reports to the audit committee.

- Verifying from the Compliance Officer that there are confidential information agreements with the related professions, with which the company deals.

- Verifying from the compliance officer that the information about the company is disclosed only as far as required in the investigations or the court cases, which are subject to the applicable legislations of the State

- The company adopts and adheres to procedures for anti-money laundering and combating terrorism financing applicable to all of its branches inside and outside the UAE.

- If the requirements for anti-money laundering and combating terrorism financing in the host country are less strict than the UAE requirements, the company applies all UAE requirements save for anything not permitted under the laws and regulations of the host country.

- In the event that the branch or the subsidiary, which operates abroad, is unable to adhere to the highest standards, the company notifies the Insurance Authority of the matter and adheres to the additional directives dedicated by the Authority.

- Verifying if the training of the (Compliance Officer) and all staff remains updated and suitable for the activities of the company and the different customer types, and if the training is provided on a regular and continuous basis

- Ensuring that the (Compliance Officer) does a periodic examination of all (newly appointed staff – current staff)

- Verifying that a high level scientific training is provided to the(compliance officer)

- Reviewing and updating the AML procedures on a regular basis

- Verifying that the (Compliance Officer) ensures a continuous examination of all databases of the customers of the company and compares such examination with the terrorist lists in the law and legislations in force