Book traversal links for The Standards for the Regulations Regarding Licensing and Monitoring of Exchange Business
The Standards for the Regulations Regarding Licensing and Monitoring of Exchange Business
N 35/2018 STAPreface
Pursuant to Article 11 of the amendments to notice number 01/2014, the Central Bank of the UAE is issuing “The Standards for the Regulations Regarding Licensing and Monitoring of Exchange Business (the Standards)”. The Standards set the baseline requirements for Exchange Houses currently operating in the UAE, including new entrants, which must be maintained to continue their business in a fully compliant manner.
The Standards include the following sections:
- A.Licensing and Continuing Obligations;
- B.Management and Governance;
- C.Risk Management and Security;
- D.Anti-Money Laundering Compliance;
- E.Customer Protection;
- F.Appendices; and
- G.Version Control Table.
Exchange Houses, operating in the UAE, are required to comply with all requirements of the Standards at all times. Non-compliance charges will be levied on Exchange Houses for violations in accordance with Appendix 4 of the Standards.
Board of Directors (or the Owner/Partners where there is no Board of Directors) of Exchange Houses is in ultimate control of their business and accordingly, is responsible to ensure the availability of adequate Policies, Procedures, Processes, Systems, Controls and Human Resources to run their business in compliance with all applicable Laws, Rules, Regulations, Notices and the Standards.
Any clarification or interpretation of the Standards may be sought from the Central Bank whose interpretation shall be final and binding on all Exchange Houses.
Exchange Houses may email all their queries regarding the Standards to: info.ehs@cbuae.gov.ae.
Complaints/grievances against employees/Examiners of the Central Bank of the UAE may be written to the Head of Examinations, Banking Supervision Department. Any information provided by the Licensed Person in this manner will be held confidential. The Central Bank may contact the Licensed Person if it is deemed necessary to collect further information as part of such investigations.
A. Licensing and Continuing Obligations Standards
Chapter 1: Scope of the License and Exchange Business
Introduction
The scope of Exchange Business is defined in the “Regulations regarding Licensing and Monitoring of Exchange Business issued in January 2014” (the Regulations) and all Licensed Persons are expected to operate within the scope of their license. Exceeding the scope of their license, by carrying out any activity other than those permitted by the Regulations, will be taken seriously by the Central Bank of the UAE (“the Central Bank”). This chapter provides the details of requirements related to the scope of Exchange Business and permitted activities that every Licensed Person must comply with at all times.
1.1 License to carry out Exchange Business
- 1.1.1Exchange Business can be carried out by a person, whether natural or juridical, only if such person is licensed in writing by the Governor of the Central Bank or by a person authorized by the Governor to do so in accordance with the Regulations and its subsequent amendments;
- 1.1.2The Licensed Person must carry out its activities in an utmost professional manner and in full compliance with all applicable Laws, Rules, Regulations, Notices and the Standards; and
- 1.1.3The Central Bank shall treat instances of non-compliance seriously and reserves the right to impose appropriate non-compliance charges in accordance with Appendix 4 of the Standards.
1.2 Scope of Exchange Business (Permitted Activities of Exchange Business)
The scope of Exchange Business is defined under Article 1.1(c) of the Regulations, which is explained in Paragraphs 1.2.1 to 1.2.4 of this Chapter.
1.2.1Foreign Currency Exchange (Article 1.1.(c).1 of the Regulations)
- a)The Licensed Person is permitted to buy and sell foreign currencies and traveller’s cheques from/to customers, whether natural persons or juridical persons, who are physically present in the UAE;
- b)The Licensed Person is not permitted to import or export foreign currencies from/to foreign entities without obtaining a Letter of No Objection from the Banking Supervision Department. Please refer to Paragraph 4.17 of Chapter 4 for further information; and
- c)The Licensed Person may open Hedge accounts with a well regulated financial institution, whether inside or outside the UAE, for hedging its foreign exchange positions as part of mitigating the risk of exchange rate fluctuations subject to the following conditions:
- •A Letter of No Objection from the Banking Supervision Department must be obtained prior to opening Hedge accounts;
- •The Licensed Person must submit a duly completed “Foreign Account Application (FAA) Form” (Refer to Appendix 5 for FAA Form) along with the required supporting documents to the Banking Supervision Department in order to obtain a Letter of No Objection to open a Hedge account with a foreign financial institution. The Licensed Person must use the same FAA Form to apply for the Letter of No Objection to open a Hedge account with a financial institution located within the UAE;
- •The Hedge account must be used strictly for mitigating the foreign exchange risk and not for any type of activities that may result in speculation; and
- •The accounting for hedge transactions must be in accordance with the requirements of applicable International Financial Reporting Standards and must be fully automated.
1.2.2Remittance Operations (Article 1.1.(c).2 of the Regulations)
- a)The Licensed Person is permitted to execute remittance transactions in local or foreign currencies on behalf of its customers, whether natural persons or juridical persons, who are physically present in the UAE provided that the Licensed Person is in possession of either a Category B or Category C license (Refer to Paragraph 2.2 of Chapter 2 for various license categories);
- b)The Licensed Person may enter into necessary arrangements with banks, licensed/regulated financial institutions (local or foreign) or instant money transfer service providers to execute remittances subject to the conditions of Paragraphs 1.2.2 (c) to (f) below;
- c)A Letter of No Objection from the Banking Supervision Department must be obtained to open accounts with foreign banks or foreign financial institutions (including establishing remittance relationships with exchange houses operating outside the UAE) for executing remittances. The Licensed Person must apply for the Letter of No Objection by submitting a duly completed FAA Form (Refer to Appendix 5 for this Form) along with the required supporting documents to the Banking Supervision Department;
- d)A Letter of No Objection from the Banking Supervision Department must be obtained, by submitting a duly completed FAA Form (Refer to Appendix 5 for this Form), to open accounts with financial institutions operating in the Financial Free Zones of the UAE (e.g.: DIFC, ADGM);
- e)A Letter of No Objection from the Banking Supervision Department must be obtained, by submitting a duly completed FAA Form (Refer to Appendix 5 for this Form), to enter into a remittance arrangement with any instant money transfer service provider;
- f)The Licensed Person, who is a Master Agent (i.e. Main or Principle Agent) of an instant money transfer service provider, must obtain a Letter of No Objection from the Banking Supervision Department in order to appoint another Licensed Person to act as its Sub-Agent to offer the products or services of such instant money transfer service provider;
- g)The remittance transactions executed by the Licensed Person on behalf of entities operating in the Financial Free Zones of the UAE must be in accordance with relevant laws related to such Free Zones;
- h)A Licensed Person is not permitted to execute remittance instructions received from other Licensed Persons without obtaining a Letter of No Objection from the Banking Supervision Department when the remittance instructions are made on behalf of such other Licensed Persons’ customers; and
- i)The Licensed Person is not permitted to act as a routing agent between its foreign correspondents without obtaining a Letter of No Objection from the Banking Supervision Department.
1.2.3Payment of Wages using WPS (Article 1.1.(c).3 of the Regulations)
- a)The Licensed Person is permitted to execute wage payments through the Wages Protection System (i.e. WPS) on behalf of legal entities operating in the UAE provided that the Licensed Person is in possession of a Category C license. Please refer to Paragraph 2.2 of Chapter 2 for various license categories;
- b)The monthly turnover of wages paid using WPS by the Licensed Person shall be restricted against the value of its bank guarantee favouring the Central Bank and its risk grading awarded by the Central Bank. Please refer to Paragraph 2.4.5 of Chapter 2 for further information;
- c)The monthly turnover of wages, in the context of Paragraph 1.2.3 (b) of this Chapter, means the total value of the Salary Information File (SIF) uploaded to and accepted by the System of Wages Protection during a month;
- d)The Licensed Person must provide WPS services only to clients who are located within the same Emirate where the Licensed Person has branches. In this context, a client with multiple branches spread across different Emirates of the UAE may also utilise the WPS service offered by a Licensed Person who has branches in the same Emirate where the Main Office or Head office of such client is located;
- e)The Licensed Person must cease the disbursement of wages in cash through WPS on or before 30th September 2018. The disbursement of wages, thereafter (i.e., with effect from 1st October 2018), must be executed only via payroll cards or through a bank account of the individual receiving the wages or salaries;
- f)The Licensed Person may enter into arrangements with banks or other appropriate service providers in order to distribute payroll cards after obtaining a Letter of No Objection from the Banking Supervision Department;
- g)The Licensed Person must arrange to deliver Payroll cards directly to each employee of its clients and obtain acknowledgements thereof at all times;
- h)Payroll cards must not be reloaded with any value or money other than the salary/wages of the employee as per the Salary Information File (SIF) uploaded to and accepted by the System of Wages Protection;
- i)The Licensed Person must comply with the Central Bank Rules in relation to the WPS (i.e. Rules of the UAE Wage Protection System issued by the Central Bank) at all times; and
- j)The Licensed Person must carry out Enhanced Due Diligence, in accordance with Paragraph 16.11.2 of Chapter 16, for each legal entity before entering into any WPS arrangement.
1.2.4Special Products or Services (Article 1.1.(c).4 of the Regulations)
- a)The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department if it intends to sell/offer any product or service which does not fall under various activities mentioned under Paragraphs 1.2.1 to 1.2.3 of this Chapter;
- b)The Banking Supervision Department shall periodically issue the list of such products or services (called “the Special Product Matrix”) to all Licensed Persons;
- c)The Licensed Person may choose any product or service from the Special Product Matrix and then request for the Letter of No Objection from the Banking Supervision Department prior to selling/offering such product or service;
- d)The Licensed Person must seek the Letter of No Objection from the Banking Supervision Department for all its existing special products or services provided that they appear in the Special Product Matrix. The Licensed Person is not required to seek Letters of No Objection for those products or services in the Special Product Matrix on a condition that such products or services were approved by the Central Bank previously;
- e)The Licensed Person must request a Letter of No Objection from the Central Bank in order to offer any new product or service that is not listed in the Special Product Matrix. The Licensed Person must submit below information/documents to the Central Bank in such cases:
- •A request for the Letter of No Objection; and
- •Description of the product or service, profile of the partner, a confirmation that the Enhanced Due Diligence has been carried out on the partner, detailed process flow, settlement process, targeted customers and a risk assessment report.
- f)The Banking Supervision Department shall issue the Letter of No Objection for a special product or service, based on the merit of each application, subject to the following conditions:
- •The Licensed Person must be in possession of either a Category B or Category C license. Please refer to Paragraph 2.2 of Chapter 2 for various license categories;
- •The Licensed Person must fulfil the paid-up capital and bank guarantee requirements in accordance with the conditions contained in the Special Product Matrix; and
- •The risk grading of the Licensed Person must be acceptable to the Central Bank. Please refer to Paragraph 5.3.5 of Chapter 5 for further details on risk grading.
- g)The Licensed Person must not solicit its customers or any other party for selling loan products of local or foreign banks; and
- h)The Licensed Person must not be involved in or assist its customers or any other party for opening bank accounts with local or foreign banks.
Chapter 2: Legal Forms, Capital and Bank Guarantee Requirements
Introduction
The paid-capital of a Licensed Person and its bank guarantee favouring the Central Bank are calculated based on the category of its license, its legal form and the value of remittances. This chapter provides information about the minimum amount of paid-up capital to be maintained by a Licensed Person and the method of calculating its minimum bank guarantee to be provided in favour of the Central Bank.
2.1 Permitted Legal Forms
- 2.1.1Applicant applying for a new license for Exchange Business must specifically mention the details of the legal form of the proposed entity in the application for new license. Please refer to Paragraphs 3.1.8 (b) and (c) of Chapter 3 for further information.
2.2 License Categories
- 2.2.1There are three categories of license based on the scope of Exchange Business that the Licensed Person is permitted to carry out in accordance with Paragraph 1.2 of Chapter 1:
- a)Category A License:
The Licensed Person, in possession of a ‘Category A’ license, is permitted to carry out only foreign currency exchange business in accordance with Paragraph 1.2.1 of Chapter 1;
- b)Category B License:
The Licensed Person, in possession of a ‘Category B’ license, is permitted to carry out the following two activities only:
- •Foreign currency exchange (Refer to Paragraph 1.2.1 of Chapter 1); and
- •Remittance operations (Refer to Paragraph 1.2.2 of Chapter 1).
- c)Category C License:
The Licensed Person, in possession of a ‘Category C’ License, is permitted to carry out the following three activities:
- •Foreign currency exchange (Refer to Paragraph 1.2.1 of Chapter 1);
- •Remittance operations (Refer to Paragraph 1.2.2 of Chapter 1); and
- •Payment of Wages using WPS (Refer to Paragraph 1.2.3 of Chapter 1).
- a)Category A License:
- 2.2.2The Licensed Person, in possession of either a “Category B” or “Category C” license, may choose to sell/offer special products or services in accordance with Paragraph 1.2.4 of Chapter 1.
- 2.2.1There are three categories of license based on the scope of Exchange Business that the Licensed Person is permitted to carry out in accordance with Paragraph 1.2 of Chapter 1:
2.3 Minimum Paid-up Capital
- 2.3.1Category A License
The Licensed Person’s minimum paid-up capital must be AED 2 million. In case the legal form is a Limited Liability Company, the minimum paid-up capital must be AED 50 million.
- 2.3.2Category B License
The Licensed Person’s minimum paid-up capital must be AED 5 million. In case the legal form is a Limited Liability Company, the minimum paid-up capital must be AED 50 million.
- 2.3.3Category C License
The Licensed Person’s minimum paid-up capital must be AED 10 million. In case the legal form is a Limited Liability Company, the minimum paid-up capital must be AED 50 million.
- 2.3.1Category A License
2.4 Bank Guarantee
- 2.4.1The Licensed Person must provide a bank guarantee favouring the Central Bank from a bank licensed in the UAE, provided that the value of the bank guarantee at any point in time shall not be less than the higher of the following:
- a)100% of the minimum paid-up capital for each category of license as detailed under Paragraph 2.3 of this Chapter; or
- b)5% of the monthly remittance average value of the previous financial year, with a maximum of AED 75 million (Seventy Five Million UAE Dirhams).
- 2.4.2The Licensed Person must submit a Certificate of Remittance Value, issued by the External Auditor, to the Supervision & Examination Division of the Banking Supervision Department within two (2) months from the end of every financial year. This certificate must be submitted on the “Certificate of Remittance Value (CRV) Form” provided by the Central Bank (Refer to Appendix 5 for CRV Form);
- 2.4.3The Licensed Person must increase the value of bank guarantee favouring the Central Bank as required under Paragraph 2.4.1 (b) of this Chapter upon receiving a letter from the Central Bank demanding an additional bank guarantee. The additional bank guarantee must be submitted to the Central Bank prior to the deadline stipulated in the letter;
- 2.4.4The bank guarantee favouring the Central Bank must be in the prescribed format provided by the Licensing Division. All original bank guarantees must be delivered directly to ‘the Licensing Division, Banking Supervision Department, Central Bank of the UAE, Abu Dhabi’;
- 2.4.5The monthly turnover of wages to be paid using WPS is restricted, as below, based on the value of the bank guarantee and the risk grading of the Licensed Person awarded by the Central Bank (Please refer to Paragraph 1.2.3 (b) of Chapter 1 for further information):
a) Low risk - Thirty (30) times the value of the bank guarantee b) Medium risk - Twenty (20) times the value of the bank guarantee c) High risk - Ten (10) times the value of the bank guarantee d) Very High Risk - Not permitted to carry out payment of wages using WPS e) Unacceptable Risk - Not permitted to carry out payment of wages using WPS - 2.4.6The Central Bank reserves the right to determine the risk grading of the Licensed Person based on predefined parameters and findings contained in the Transmittal Letter issued after every examination. The decision of the Central Bank in this regard shall be final; and
- 2.4.7The risk grading awarded to the Licensed Person and the details of predefined parameters, on which the risk grading is based, will be highlighted in the Transmittal Letter issued by the Central Bank after the examination (Refer to Paragraph 5.3 of Chapter 5).
- 2.4.1The Licensed Person must provide a bank guarantee favouring the Central Bank from a bank licensed in the UAE, provided that the value of the bank guarantee at any point in time shall not be less than the higher of the following:
2.5 Permitted Shareholding (i.e. Ownership) Structure
- 2.5.1The ownership in a Licensed Person by the UAE National(s) who is a/are natural person(s), directly or indirectly via a company, must be not less than 60% at any point in time.
2.6 Status of Existing Licensed Persons
- 2.6.1An existing Licensed Person, who currently does not comply with the minimum paid-up capital and bank guarantee requirements as per Paragraphs 2.3 and 2.4.1 of this Chapter, must:
- a)increase its paid-up capital and bank guarantee to comply with the requirements of Paragraphs 2.3 and 2.4.1 of this Chapter on or before 29th September 2019 in three (3) equal annual instalments subject to the conditions under Paragraphs 2.6.1 (c) and 2.6.2 of this Chapter;
- b)provide its action plan along with a letter of undertaking to the Central Bank within fourteen (14) calendar days from the date of issuance of the Standards confirming their binding commitment to comply with the requirements of Paragraph 2.6.1 (a) of this Chapter; and
- c)comply with the following deadlines in phased manner for increasing the paid-up capital and bank guarantee as required under Paragraph 2.6.1 (a) of this Chapter:
- •1st instalment of the increase (i.e. 33.33% of the amount to be increased) must be made on or before 29th September 2017;
- •2nd instalment of the increase (i.e. 33.33% of the amount to be increased) must be made on or before 29th September 2018; and
- •3rd instalment of the increase (balance of the amount to be increased) to be in full compliance must be made on or before 29th September 2019.
- 2.6.2If 5% of the monthly remittance average value based on the actual values during the financial year 2016 exceeds the value of its existing bank guarantee favouring the Central Bank, the Licensed Person must immediately comply with Paragraph 2.4.1 (b) of this Chapter regardless of the grace period granted and timelines set under Paragraphs 2.6.1 (a) and (c) of this Chapter. The Central Bank will advise the Licensed Person about the additional bank guarantee in writing. The additional bank guarantee must be submitted to the Central Bank in accordance with Paragraph 2.4.4 of this Chapter prior to the deadline stipulated in the correspondence from the Central Bank;
- 2.6.3If the Licensed Person fails to or is unable to provide the additional bank guarantee in accordance with Paragraph 2.6.2 of this Chapter, the Licensed Person must limit its monthly remittance average value to twenty (20) times the value of its existing bank guarantee favouring the Central Bank;
- 2.6.4Existing Licensed Persons who are not willing to increase the minimum paid-up capital and bank guarantee to comply with the requirements of Paragraph 2.6.1 of this Chapter must contact the Licensing Division of the Banking Supervision Department to confirm their license status within thirty (30) calendar days from the date of issuance of the Standards. The Central Bank reserves the right to direct such Licensed Persons to:
- a)seek the Central Bank’s approval to downgrade its Exchange Business license to a category where the minimum paid-up capital and bank guarantee requirements are lower; and/or
- b)seek the Central Bank’s approval to change the legal form where the minimum paid-up capital and bank guarantee requirements are lower; or
- c)surrender its Exchange Business license to the Central Bank.
- 2.6.5In case the current paid-up capital or/and the value of existing bank guarantee is/are higher than the value required under Paragraphs 2.3 and 2.4.1 of this Chapter, the Licensed Person must obtain a Letter of No Objection from the Central Bank in order to reduce the respective value to the required minimum level;
- 2.6.6Regardless of the grace period granted and timelines set under Paragraphs 2.6.1 (a) and (c) of this Chapter, the Licensed Person must comply with Paragraphs 4.1, 4.18 and 4.19 of Chapter 4 at all times; and
- 2.6.7The Central Bank reserves the right to revoke the license to conduct Exchange Business in case the Licensed Person fails and/or shows inability to comply with Paragraphs 2.6.1 to 2.6.4 of this Chapter.
- 2.6.1An existing Licensed Person, who currently does not comply with the minimum paid-up capital and bank guarantee requirements as per Paragraphs 2.3 and 2.4.1 of this Chapter, must:
2.7 Opening of Additional Branches
- 2.7.1A Licensed Person, who is in compliance with the minimum paid-up capital and bank guarantee requirements as per Paragraphs 2.3 and 2.4.1 of this Chapter, is not required to further increase its paid-up capital or bank guarantee for obtaining the Central Bank approval to open additional branches;
- 2.7.2The Central Bank reserves the right to instruct Licensed Persons, who do not comply with the minimum paid-up capital and bank guarantee requirements as per Paragraphs 2.3 and 2.4.1 of this Chapter, to increase their paid-up capital and bank guarantee prior to obtaining the Central Bank approval to open additional branches regardless of the deadlines set under Paragraph 2.6.1(c) of this Chapter;
- 2.7.3In all cases, the Licensed Person must comply with Paragraphs 4.1, 4.18 and 4.19 of Chapter 4 at all times; and
- 2.7.4The Central Bank approval to open additional branches shall be issued subject to its prevailing licensing policy and the risk grading awarded to the Licensed Person after the Central Bank Examination.
Chapter 3: Licensing
Introduction
Exchange Business can be carried out by a person, whether natural or juridical, only if such person is licensed by the Central Bank in accordance with the Regulations and its subsequent amendments. This chapter provides information related to the process for obtaining an Exchange Business license from the Central Bank.
3.1 Application Process and Documentary Requirements for a License
- 3.1.1Any person, natural or juridical, may submit a new application to the Central Bank for any category of license mentioned under Paragraph 2.2 of Chapter 2 using “Licensed Person’s Application (LPA) Form” (Refer to Appendix 5 for LPA Form) and with necessary supporting documents;
- 3.1.2All documents provided to the Central Bank as part of the application for a license must be in Arabic or English;
- 3.1.3Documents in languages other than Arabic or English must be accompanied by Arabic or English legal translations;
- 3.1.4All figures in the financial statements, business plans or other projected reports must be expressed either in AED or in US Dollars;
- 3.1.5The applicant is permitted to appoint a duly authorised representative, such as a law firm or a professional consultancy firm, to prepare and submit the license application on behalf of the applicant. In such cases, the applicant continues to retain the full responsibility for the accuracy and completeness of information/documents provided and is required to certify the application form accordingly;
- 3.1.6The Central Bank may liaise directly with the applicant or the applicant’s duly appointed representative when processing the application for seeking any clarification or information;
- 3.1.7Applicants may contact the Licensing Division of the Banking Supervision Department for a pre-application meeting to discuss their business plans, application process and requirements;
- 3.1.8The following forms and documents must be submitted to the Central Bank for obtaining a license:
- a)Formal application letter signed by the applicant(s) which must specifically state the category of the license for which they are applying (refer Paragraph 2.2 of Chapter 2 for various license categories);
- b)Duly completed LPA Form (Refer to Appendix 5 for this Form);
- c)Comprehensive business plan which must consist of the following information regarding the proposed entity:
- •Name of the proposed entity;
- •Legal form of the proposed entity;
- •Initial amount of paid-up capital that will be injected into the business. Please refer to Paragraph 2.3 of Chapter 2 for the minimum requirements of paid-up capital;
- •Name(s) of the Owner/Partners/Shareholders and the ownership structure;
- •Justification and reasons for applying to obtain a license to conduct Exchange Business and the value it will add to the financial industry;
- •Proposed number of branches and their locations that are planned to be opened during the first three (3) years;
- •Projected financial statements (Balance Sheet, P&L and cash flow statements) for the first three (3) years with assumptions;
- •Applicant's business strategy, business model, primary corridors if planning for remittance activity, description of proposed products/services and other marketing plans;
- •An assessment report on the potential risks that may be faced by the proposed entity and suggested measures to mitigate such risks; and
- •Emiratization plans in line with the Central Bank’s requirements.
- d)In case the proposed Shareholder(s) is/are a juridical person(s), a Board resolution from such juridical person(s), confirming the decision to become shareholder in the proposed entity;
- e)In case the proposed Shareholder is a juridical person, the certificate of incorporation issued by the competent authority in its country of incorporation, commercial license/registration or any other similar official document;
- f)In case the proposed shareholder(s) is/are part of a Group of Companies/Businesses, copies of the audited financial statements of that Group, for the immediately preceding three (3) years;
- g)A letter of undertaking from the Owner/ all Partners/ all Shareholders of the proposed entity to comply, in case the application is approved, with the paid-up capital and bank guarantee requirements stated under Paragraphs 2.3 and 2.4 of Chapter 2;
- h)Letter of undertaking as per Article 3 (d) of the Regulations;
- i)A Draft version of Memorandum and Articles of Association of the proposed entity;
- j)Duly completed “Authorised Person’s Appointment (APA) Form” (Refer to Appendix 5 for APA Form) for the Manager in Charge (detailed CV must be included with a brief description);
- k)List of proposed members of the Board (i.e. Directors on the Board) if it is applicable (detailed CV must be included with a brief description for each Board member);
- l)Paid-up capital certificate of deposit from a bank licensed in the UAE;
- m)Copy of the required initial approvals from the Department of Economic Development; and
- n)A copy of the tenancy agreement and the address of premises to carry out the business of the proposed entity.
- 3.1.9The applicant must submit documents as per Paragraphs 3.1.8 (a) to (h) of this Chapter to initiate the application process;
- 3.1.10The Central Bank, upon review of all documents as per Paragraphs 3.1.8 (a) to (h) of this Chapter, will notify the applicant if the initial approval has been granted or its application has been rejected by the Board of the Central Bank;
- 3.1.11The applicant is required to submit documents under Paragraphs 3.1.8 (i) to (n) of this Chapter only after receiving the initial approval of the Central Bank;
- 3.1.12The proposed Manager in Charge will be called in for an interview by a special committee of the Central Bank as part of a fit and proper test. The Central Bank reserves the right to issue or decline the approval for the appointment of the proposed Manager in Charge;
- 3.1.13The Central Bank, upon review of all documents as per Paragraphs 3.1.8 (i) to (n) of this Chapter and the Bank Guarantee as per Paragraph 2.4 of Chapter 2, will notify the applicant in writing if the license to carry out the business has been granted or not;
- 3.1.14After obtaining the license to carry out Exchange Business from the Central Bank, the Licensed Person must submit the following to the Banking Supervision Department before commencing the business:
- a)A copy of the notarized Memorandum and Articles of Association;
- b)Auditors certification that paid-up capital has been injected into the business;
- c)Undertaking letter from the Owner/Shareholders/Partners whereby the Licensed Person agrees to comply with paid-up capital ratio and liquidity requirements as per Paragraphs 4.1, 4.18 and 4.19 of Chapter 4;
- d)Duly completed APA Form (Refer to Appendix 5 for this Form) and an approval request for the appointment of the Compliance Officer and Alternate Compliance Officer. Please refer to Paragraphs 16.4.9 and 16.5.2 of Chapter 16 for further details;
- e)Contact details (such as mobile number, phone number, fax number and email) of the main/head office, Manager in Charge and Compliance Department or Officer;
- f)Application for a Letter of No Objection to appoint External Auditors as per Paragraph 7.3.2 (b) of Chapter 7;
- g)Business Continuity Plans;
- h)Copy of the insurance policy;
- i)Description of the IT systems, detailed back up and disaster recovery plans;
- j)Application for connectivity to the Central Bank reporting systems; and
- k)Any other information as may be specified by the Central Bank.
- 3.1.15The Licensed Person must submit documents under Paragraphs 3.1.14 (a) to (b) of this Chapter to the Licensing Division and the remaining documents to the Supervision & Examination Division of the Banking Supervision Department; and
- 3.1.16The Licensed Person must inform the Supervision & Examination Division and the FID (i.e. the Financial Intelligence Department which was formerly known as the AMLSCU) at least ten (10) days in advance about the date of commencement of its business.
3.2 Approval Process and Timelines
- 3.2.1The Central Bank reserves the right, within sixty (60) days of receiving a license application, to:
- a)require the applicant to provide additional documents/information that the Central Bank deems necessary to evaluate the application; or
- b)reject incomplete applications.
- 3.2.2The applicant may withdraw its application at any time during the process by notifying the Central Bank in writing;
- 3.2.3After the review of a license application, the Central Bank may advise the applicant in writing whether:
- a)the license has been granted unconditionally; or
- b)the license has been granted subject to conditions; or
- c)the application has been rejected.
- 3.2.4The Central Bank will notify the applicant of the outcome of the license application within a period not exceeding twenty (20) working days from date of issuing such decision by the Board of Directors of the Central Bank. Such notice shall include the following:
- 3.2.5A license certificate is issued to the applicant once the Central Bank decides to grant the license stating the effective start date of the license. The name of the Licensed Person is then added into the “Central Bank Register of Exchange Houses”; and
- 3.2.6The Licensed Person must obtain prior approval of the Central Bank if it intends to add any permitted activity or to discontinue the current permitted activities (Refer to Paragraph 1.2 of Chapter 1 for the list of permitted activities) by submitting an application at least sixty (60) days before the date of such change.
- 3.2.1The Central Bank reserves the right, within sixty (60) days of receiving a license application, to:
3.3 Rejecting an Application
- 3.3.1The Board of Directors of the Central Bank reserves the right, at any point in time, to reject an application for new license or an application from an existing Licensed Person to change the category of license considering the interest of the public or if the applicant/Licensed Person fails/refuses to fulfill the licensing conditions and requirements as set out in Paragraph 3.1 of this chapter;
- 3.3.2The Board of Directors of the Central Bank reserves the right, before issuing the rejection decision, to request the applicant to fulfill the licensing requirements and conditions within a specified period of time; and
- 3.3.3The applicant shall be notified in writing of the Board’s decision on its application, whether approved or rejected, within a period not exceeding twenty (20) working days from date of issuance of the Board of Director’s decision. Such notice shall include the following:
- a)Content of the decision; and
- b)Reasons for rejection if any.
3.4 Validity of a License
- 3.4.1The license shall be valid for a fixed period of time from its date of issue and renewed thereafter upon an application from the Licensed Person (Refer to Paragraph 4.14 of Chapter 4).
3.5 Maintain the License
- 3.5.1The Licensed Person must maintain adequate levels of financial resources in accordance with Paragraphs 2.3 of Chapter 2 and 4.1, 4.18 and 4.19 of Chapter 4 at all times;
- 3.5.2The Licensed Person must maintain resources, systems and controls that are, in the opinion of the Central Bank, adequate for the scale and complexity of its activities and mitigating risks of financial crime;
- 3.5.3The Licensed Person must appoint External Auditors, subject to obtaining a Letter of No Objection from the Central Bank in accordance with Paragraph 7.3.2 of Chapter 7;
- 3.5.4The Licensed Person’s books of accounts and other records must be available within the UAE at all times and for examination by the Central Bank or persons appointed by the Central Bank;
- 3.5.5The Licensed Person must comply with the minimum record-keeping requirements covered under Paragraph 16.24 of Chapter 16;
- 3.5.6The Licensed Person must act in an open and cooperative manner with the Central Bank at all times;
- 3.5.7The Licensed Person must comply with the regulatory reporting requirements covered in Appendix 3 of the Standards;
- 3.5.8The Licensed Person must comply with any other specific requirements or restrictions imposed by the Central Bank on the scope of its license; and
- 3.5.9When granting a license, the Central Bank specifies the regulated services that the Licensed Person is permitted to offer. The Licensed Person must operate within the scope of its license at all times. The Central Bank reserves the right to vary existing requirements or impose additional restrictions or requirements, to address specific risks associated with the business of a Licensed Person.
3.6 Revocation or Suspension of License
- 3.6.1The Board of Directors of the Central Bank reserves the right to suspend or revoke a license issued to a Licensed Person by issuing a written notice in the following cases:
- a)If the Licensed Person ceased to comply with or has breached one or more of the conditions or restrictions imposed on its license;
- b)If the Licensed Person has breached applicable Laws, Rules, Regulations, the Standards or any Notice issued by the Central Bank;
- c)If the Licensed Person has failed to take any measures or procedures determined or prescribed by the Central Bank;
- d)If the Licensed Person did not commence its Exchange Business within six (6) months from the issue date of license;
- e)If the business or operations were ceased for a consecutive period exceeding three (3) months;
- f)If the Central Bank considers, at its own discretion, that the full or partial withdrawal, revocation or suspension of the license, was necessary for achieving its objectives and in discharging its functions;
- g)If the Licensed Person has submitted an application for full or partial withdrawal, cancelation or suspension of the license;
- h)If the Licensed Person’s liquidity or solvency is at risk or the Licensed Person becomes bankrupt;
- i)If the paid-up capital of the Licensed Person falls below the minimum amount required in accordance with the Regulations/the Standards issued by the Central Bank;
- j)If the Licensed Person has merged with another Licensed Person or institution without obtaining a Letter of No Objection from the Central Bank; and
- k)If the Licensed Person’s officers, employees or representatives refused to cooperate with Central Bank officers, Representatives, Examiners or abstained from providing unhindered access to information, statements, documents or records.
- 3.6.2The Central Bank shall notify the Licensed Person, with reasons in writing, about its decision to withdraw, cancel, suspend or revoke the license within a period of not exceeding twenty (20) working days from date of issuance of the Board of Director’s decision. The notice shall include the following at a minimum:
- a)Content of the decision;
- b)Reasons for the decision, if any; and
- c)Effective date of the decision.
- 3.6.1The Board of Directors of the Central Bank reserves the right to suspend or revoke a license issued to a Licensed Person by issuing a written notice in the following cases:
3.7 Opening of New Branches
- 3.7.1The Licensed Person is not permitted to open new branches without obtaining a license from the Central Bank;
- 3.7.2The Licensed Person has to submit an application signed by its authorized signatory to the Licensing Division of the Banking Supervision Department in order to obtain licenses to open new branches; and
- 3.7.3The Central Bank, at its sole discretion, shall issue licenses to open new branches based on the level of compliance of the Licensed Person with applicable Laws, Rules, Regulations, Notices and the Standards and based on the prevailing policy of the Central Bank in issuing such approvals.
3.8 Re-location of Licensed Premises
- 3.8.1The Licensed Person is not permitted to relocate its licensed premises without obtaining the Letter of No Objection from the Central Bank;
- 3.8.2The Central Bank shall issue a Letter of No Objection to relocate the licensed premises based on the level of compliance of the Licensed Person with applicable Laws, Rules, Regulations, Notices and the Standards, and based on the prevailing policy of the Central Bank;
- 3.8.3The Licensed Person must display a notice outside the current location two (2) weeks prior to the relocation of the licensed premises for the information to customers mentioning therein the address of the new location, proposed date of opening and the new contact number; and
- 3.8.4The Licensed Person must operate its business from the existing location, unless otherwise agreed by the Central Bank in writing, until it receives all necessary licenses (such as the license issued by the Central Bank, Department of Economic Development etc.) for such relocation.
3.9 Temporary Closure of Licensed Premises
- 3.9.1The Licensed Person may close its licensed premises in case of any unforeseen incidents (example: a fire, system failure, etc.), due to natural disasters or for some specific purposes (examples: to carry out repairs or any maintenance) subject to the following conditions:
- a)The Licensed Person must notify the Central Bank of the closure immediately upon closing the licensed premises with reasons thereof;
- b)The licensed premises shall not be closed for a period of more than one (1) month; and
- c)A notice must be displayed outside the premises stating the reasons for the closure, expected re-opening date, mobile number of the contact person and contact details of the nearest branch of the Licensed Person, if any.
- 3.9.2The Licensed Person must obtain a Letter of No Objection from the Central Bank to keep the licensed premises closed for a period exceeding one (1) month subject to the following conditions:
- a)The maximum period of closure shall not exceed three (3) months;
- b)Liabilities towards customers must be cleared prior to the closure;
- c)A notice must be displayed outside the premises with the reasons for the closure, expected re-opening date, mobile number of the contact person and contact details of the nearest branch of the Licensed Person, if any.
- 3.9.3The Licensed Person must discuss with the Central Bank about the status of its licensed premises before the expiry of the previously approved period of temporary closure (i.e. three months); and
- 3.9.4The Licensed Person must obtain the Letter of No Objection from the Central Bank in order to close a licensed premises permanently.
- 3.9.1The Licensed Person may close its licensed premises in case of any unforeseen incidents (example: a fire, system failure, etc.), due to natural disasters or for some specific purposes (examples: to carry out repairs or any maintenance) subject to the following conditions:
Chapter 4: Continuing Obligations
Introduction
The Licensed Person is expected to carry out its business in compliance with all applicable Laws, Rules, Regulations, Notices and the Standards. This chapter provides clarifications on some of the continuing obligations of a Licensed Person. The Licensed Person is advised to carefully review Article 9.1 of the Regulations and comply with all requirements at all times.
4.1 Total Assets to Paid-up Capital Ratio [Article 9.1 (a) of the Regulations]
- 4.1.1The total assets of the Licensed Person must not exceed ten (10) times the amount of its paid-up capital. In other words, the total assets to the paid-up capital ratio must not exceed 10:1 at any point in time; and
- 4.1.2The Licensed Person must comply with the following standards in relation to the calculation of this ratio:
- a)Gross value of assets must be taken for the calculation, i.e. no netting-off of assets and liabilities will be permitted unless it is in accordance with International Financial Reporting Standards;
- b)Total assets must not include any post-dated-cheques and/or amounts held as unclaimed funds with the Licensed Person as per Paragraph 18.2.1 (e) of Chapter 18;
- c)Statutory reserve may be added to the paid up capital provided that the Licensed Person has the obligation to maintain such a reserve as per the prevailing Commercial Companies Law of the UAE;
- d)Accumulated losses, including current year losses, must be deducted from the paid-up capital; and
- e)Where there are subsidiaries or other foreign offices, the Licensed Person must also comply with Paragraph 4.1.1 of this Chapter based on the consolidated financial statements.
4.2 Manager in Charge [Article 9.1 (b) of the Regulations]
- 4.2.1Appointment of the Manager in Charge must be made only after obtaining a Letter of No Objection from the Banking Supervision Department. Refer to Paragraph 6.4 of Chapter 6 for additional standards in this regard;
- 4.2.2The Licensed Person must implement an appropriate Succession Plan to manage its business during the temporary absence, such as leave or vacation, of the Manager in Charge. The Succession Plan must also fulfil the requirements of Paragraph 6.4.7 (b) of Chapter 6;
- 4.2.3The Manager in Charge must be an authorised signatory granted with Power of Attorney from the Licensed Person or its Owner/Partners/Board of Directors to manage its day to day business; and
- 4.2.4The employment contract of the Manager in Charge must contain a clause for treating any violation on the part of the Manager in Charge as a criminal offence if it is proven that the Manager in Charge has signed or made any incorrect or misleading statement to the Central Bank.
4.3 Alterations [Article 9.1 (c) of the Regulations]
- 4.3.1The Licensed Person is not permitted to alter the following without obtaining a Letter of No Objection from the Banking Supervision Department with an exception provided under Paragraph 4.3.2 of this Chapter:
- a)Legal status of the business;
- b)Ownership or Ownership structure;
- c)Location of the licensed premises or offices;
- d)Paid-up capital; and
- e)Value of the bank guarantee favouring the Central Bank.
- 4.3.2The Licensed Person may increase its paid-up capital and the value of bank guarantee favouring the Central Bank without obtaining the Letter of No Objection from the Banking Supervision Department in order to comply with the requirements of Paragraphs 2.6.1 (c) and 2.6.2 of Chapter 2. The Licensed Person must notify the Banking Supervision Department upon making such alterations.
- 4.3.1The Licensed Person is not permitted to alter the following without obtaining a Letter of No Objection from the Banking Supervision Department with an exception provided under Paragraph 4.3.2 of this Chapter:
4.4 Merger, Amalgamation and Joint Venture Arrangements [Article 9.1 (d) of the Regulations]
- 4.4.1A Letter of No Objection from the Banking Supervision Department must be obtained in order for the Licensed Person to merge, amalgamate or enter into a joint venture with any other person, whether natural or juridical;
- 4.4.2The Licensed Person is not permitted to enter into any agreement to manage or to be managed by any other person, whether natural or juridical, without obtaining the Letter of No Objection from the Banking Supervision Department. All such management agreements must be in line with the UAE Laws and all applicable Regulations; and
- 4.4.3The Licensed Person is not permitted to transfer, rent/lease out the license for a remuneration or otherwise to any other party, whether it is a natural or juridical person.
4.5 Licensed Premises and Products [Article 9.1 (e) of the Regulations]
- 4.5.1The Licensed Person is not permitted to carry out its activities including the KYC Process from any place outside the premises approved by the Central Bank apart from an exception under Paragraph 4.5.7 of this Chapter;
- 4.5.2Paragraph 4.5.1 of this Chapter shall not deter the Licensed Person from conducting site visits as part of completing Enhanced Due Diligence in accordance with Paragraph 16.11.2 (d) of Chapter 16;
- 4.5.3The Licensed Person is not permitted to carry out its activities from any temporary counters, extension counters or in a client’s office, client’s residence or from any place outside its approved premises;
- 4.5.4The Licensed Person, who participates in WPS, may distribute salaries in cash outside its licensed premises (i.e. at client’s premises) until payroll cards are introduced in accordance with Paragraph 1.2.3 (e) of Chapter 1 provided that the Licensed Person:
- a)has obtained the necessary approvals from the police authorities in the respective Emirates; and
- b)complies with all applicable Laws, Rules, Regulations and Notices in relation to security and safety.
- 4.5.5The Licensed Person is not permitted to engage in any business activities other than those in accordance with Paragraph 1.2 of Chapter 1;
- 4.5.6The Licensed Person must not lease out or rent out its licensed premises to any other party; and
- 4.5.7The Licensed Person may carry out the KYC Process for its customers, who are natural persons, outside the premises approved by the Central Bank subject to the following conditions:
- a)The KYC Process must be carried out directly by the employees of the Licensed Person;
- b)The Licensed Person must accept only Emirates ID of the customer as the identification document;
- c)Information of the Emirates ID must be extracted using a card reader obtained from the Emirates ID Authority; and
- d)A copy of the Emirates ID certified as “Original Sighted and Verified” under the signature of the employee who carries out the KYC Process must be retained. Alternatively, a print out of the extract of information obtained using the Emirates ID card and reader containing customer information must be retained. This print out must be certified as “Original Sighted and Verified” under the signature of an employee of the Licensed Person.
4.6 Trade Name [Article 9.1 (f) of the Regulations]
- 4.6.1The Licensed Person’s legal/trade name/trade mark must always contain the word “Exchange”;
- 4.6.2The legal/trade name must be approved by the Central Bank;
- 4.6.3The Licensed Person must not alter its legal/trade name without obtaining a Letter of No Objection from the Central Bank;
- 4.6.4The legal/trade name must not contain any undesirable word that will mislead the customers about the nature of business activities of the Licensed Person;
- 4.6.5Some examples of undesirable words are listed below (the list is not exhaustive):
- •Bank, Financial Institution, Finance, Financing;
- •Real Estate, Insurance, Investment;
- •Gold, Silver, Precious Stone, Commodity, Stock, Shares, etc.
- 4.6.6The legal/trade name must not infringe the copyrights or intellectual property rights of any other natural or juridical person;
- 4.6.7Full legal/trade name of the Licensed Person must be clearly and prominently displayed on the main signage of the licensed premises, letter heads, business cards, transaction receipts and all other marketing/branding materials; and
- 4.6.8The name of business partners, such as correspondent banks, remittance partners or the management company must not appear on the main signage of the licensed premises.
4.7 Official Receipts [Article 9.1 (h) of the Regulations]
- 4.7.1The official receipts must be given to customers for all types of transactions;
- 4.7.2The legal name of the Licensed Person, contact details (address, phone, email ID) of the branch that carries out the transaction, phone number for lodging customer complaints, website address (if any), etc. must be printed on all receipts;
- 4.7.3The below information must be printed on all transaction receipts at a minimum:
- a)The date and time (UAE local time) of the transaction;
- b)Product name (e.g.: Foreign currency buy or sell, outward remittance, inward remittance, WPS or the name of the special product or service, etc.);
- c)Relevant customer information as per Paragraphs 16.8.5, 16.9.10, 16.10.3 or 16.11.5 of Chapter 16, whichever is applicable;
- d)Foreign currency conversion rates against the local currency, if applicable;
- e)Transaction fees or charges, if applicable;
- f)The total value of the transaction in AED;
- g)Where it is a remittance transaction, the beneficiary details such as name of the beneficiary, beneficiary bank account details (account number and branch name) where applicable, destination country; and
- h)Where it is a remittance transaction, the name of the correspondent bank/correspondent financial institution/exchange house or the name of the instant money transfer service provider through which the remittance is routed.
- 4.7.4The terms and conditions related to the following must be printed on all receipts at a minimum:
- a)Cancellation and refund of the transaction including related charges and conversion rates applicable for the same;
- b)Charges and conversion rates that will be applied for amendments or re-issuance of money transfers;
- c)Back-end charges or any other bank charges at foreign correspondent banks for money transfers must be disclosed if it is deducted from the amount payable to the beneficiary; and
- d)Maximum period available for a customer to lodge a complaint from the date of transaction.
4.8 Display of Rates [Article 9.1 (h) of the Regulations]
- 4.8.1Rates must be displayed during working hours in a prominent place of the licensed premises and clearly visible to customers. The following rates must be displayed at a minimum:
- a)Buy and sell rate against the local currency (i.e. AED) for US Dollars, Euro, Pound Sterling, Japanese Yen and other major foreign currencies that the Licensed Person deals in; and
- b)Rates for major foreign currencies that the Licensed Person deals in against the local currency for remittances.
- 4.8.1Rates must be displayed during working hours in a prominent place of the licensed premises and clearly visible to customers. The following rates must be displayed at a minimum:
4.9 SMS Notification [Article 9.1 (j) of the Regulations]
- 4.9.1The SMS service must be integrated in the systems of the Licensed Person to notify parties involved in the money transfer transactions about the status of transactions as follows:
- a)SMS notifications must be sent to remitters of all outward remittances at the time of processing the payment instructions for transmitting to correspondents (such as foreign banks, exchange houses, etc.);
- b)SMS notification must be sent to remitters of all outward remittances in the case of outward instant money transfers;
- c)Two SMS notifications must be sent to beneficiaries of the agent specific inward remittance transactions. The first SMS at the time of receiving the payment instruction from the correspondent and the second SMS at the time of actual payment to the beneficiary;
- d)One SMS notification is sufficient, i.e. at the time of payment, in the case of inward instant money transfers which are not agent specific; and
- e)The Licensed Person must maintain a log in the system that shows the status of SMS notifications for each transaction.
- 4.9.1The SMS service must be integrated in the systems of the Licensed Person to notify parties involved in the money transfer transactions about the status of transactions as follows:
4.10 Encumbered Assets [Article 9.1 (k) of the Regulations]
- 4.10.1The Licensed Person is not permitted to encumber any of its assets without obtaining a Letter of No Objection from the Banking Supervision Department;
- 4.10.2The Licensed Person must obtain the Letter of No Objection from the Banking Supervision Department before providing deposits to be held under a lien or encumbrance or as collateral deposits to banks/financial institutions in order to:
- a)obtain bank guarantees favouring the Central Bank for licensing purposes;
- b)obtain remittance arrangements with local or foreign institutions (via cash deposits or guarantees); and
- c)obtain any other type of facilities from financial institutions or banks.
- 4.10.3Deposits for labour guarantee or utility services do not require the Licensed Person to obtain the Letter of No Objection from the Banking Supervision Department;
- 4.10.4Deposits of excess cash with a bank or financial institution for a fixed term/period by the Licensed Person must be available for liquidation immediately on demand; and
- 4.10.5The Licensed Person must not act as a guarantor or a facilitator of any other person, natural or juridical, to avail any credit facility for such person.
4.11 Profit Distribution [Article 9.1 (l) of the Regulations]
- 4.11.1Distribution of net annual profit for any financial year to the Owner/Partners/Shareholders must be made only after the audit of financial statements for that year, subject to the conditions under Paragraphs 4.11.2 to 4.11.5 of this Chapter;
- 4.11.2The distribution of net annual profit among Partners/Shareholders must be in accordance with the agreed profit sharing ratio;
- 4.11.3The annual audit of such financial statements must be carried out by an External Auditor appointed in accordance with the Paragraph 7.3.2 of Chapter 7;
- 4.11.4The Licensed Person must ensure sufficient liquidity in the business at all times in accordance with Paragraph 4.18 of this Chapter; and
- 4.11.5The share of profit must be paid off to the Owner/Partners/Shareholders within fifteen (15) calendar days from the date of decision to distribute such profit. If not, the Central Bank reserves the right to treat such amounts as the current account balance of the Owner/Partners/Shareholders (Refer to Paragraph 4.12 of this Chapter).
4.12 Borrowing, Lending or Maintaining Current Accounts [Article 9.1 (m) of the Regulations]
- 4.12.1The Licensed Person is not permitted to borrow from or lend money to or maintain a current account in the name of its owners, shareholders, partners, directors, managers, controllers, group companies, subsidiaries or customers; and
- 4.12.2Salary advance by a Licensed Person to its employees is permitted subject to the following conditions:
- a)The maximum advance must not exceed the total of immediately preceding six (6) months’ gross salary of the employee; and
- b)Such advance must be made only towards employee’s housing expenses, medical expenses, education/training fees, air tickets or on other humanitarian grounds such as death/illness of an immediate family member.
4.13 Remittances Intermediate Account [Articles 9.1 (n) and (o) of the Regulations]
- 4.13.1“Designated Remittance Intermediate Account” with a Bank:
- a)A Licensed Person who is in possession of a Category B or C license must maintain an account with a Bank licensed by the Central Bank of the UAE to be used exclusively as a “Designated Remittance Intermediate Account”;
- b)The Licensed Person who conducts remittance business must deposit the funds received from its remittance customers directly into the “Designated Remittance Intermediate Account” before the end of banking hours on the next business day (i.e. the next business day following the day on which the funds were received); and
- c)The Licensed Person must use the funds available in the “Designated Remittance Intermediate Account” solely for the purpose of settling the customers’ remittances with the foreign correspondents (i.e. correspondent banks, exchange houses, financial institutions or instant money transfer service providers).
- 4.13.2Accounting Treatment:
- a)All outward remittance transactions must be initially recorded in a separate ledger account (in the General Ledger) titled as “Remittance Intermediate Account”;
- b)The Remittance Intermediate Account must be a separate control account in the General Ledger. The Licensed Person may maintain multiple sub accounts (either currency wise, country wise or correspondent wise at the discretion of the Licensed Person) under the above stated control account;
- c)Outward remittance transactions must be transferred to the respective ledger accounts of foreign correspondents (in the General Ledger) as and when the remittance instructions are issued (i.e. upon payment order transmission) to foreign correspondents;
- d)The remittance instructions must be issued to foreign correspondents only after prefunding the account, if the settlement is on a prefund basis; and
- e)An amount equal to the liabilities towards the remittance customers (i.e. the balance in the Remittance Intermediate Account in relation to unprocessed transactions) must be available at all times in the form of local currency, balances in the Designated Remittance Intermediate Account and foreign banks to cover the liabilities towards the remittance customers.
- 4.13.3Agreed-Upon Procedures (AUP) on the Remittance Intermediate Account:
- a)External Auditors must perform Agreed-Upon Procedures (AUP) on the Remittance Intermediate Account and report their findings on a monthly basis to the Board of Directors (or to the Owner/Partners where there is no Board of Directors). Please refer to Appendix 6 for the minimum required Agreed-Upon Procedures to be performed by the External Auditor in this regard.
- 4.13.4Exception:
- a)Standards related to the Remittance Intermediate Account are not applicable to remittance arrangements through instant money transfer service providers who do not require any prefunding by the Licensed Person to pay beneficiaries at the destination.
- 4.13.1“Designated Remittance Intermediate Account” with a Bank:
4.14 Renewal of License [Article 9.1 (r) of the Regulations]
- 4.14.1Application for the renewal of a license must be submitted to the Licensing Division of the Banking Supervision Department at least two (2) months prior to the date of expiry of the license; and
- 4.14.2In case, the Licensed Person exhibits major non-compliance with applicable Laws, Rules, Regulations, Notices and the Standards, then the Central Bank reserves the right to refuse the renewal of the license or to renew it for a period shorter than one (1) year.
4.15 Display of Licenses and List of Permitted Activities
- 4.15.1A copy of the license issued by the Central Bank must be displayed in all licensed premises at a prominent location in addition to the commercial or trading license issued by the competent authority of the respective Emirate; and
- 4.15.2The Licensed Person must also visibly display a list of its permitted activities (i.e. whether the Licensed Person offers Foreign Currency Exchange, Remittance Operations or Payment of Wages using WPS) at a prominent location inside as well as outside (closer to the main door) of all licensed premises.
4.16 Display of Working Hours
- 4.16.1The working hours of branches/Head Office or Management Office must be visibly displayed at a prominent location inside as well as outside (closer to the main door) of the respective licensed premises.
4.17 Banknotes Import and Export from/to Foreign Institutions
- 4.17.1The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department for establishing relationship with any foreign institution for importing and/or exporting of banknotes;
- 4.17.2The Banking Supervision Department shall issue the Letter of No Objection based on the merit of each application from the Licensed Person provided that the following requirements are satisfied:
- a)Minimum paid-up capital of the Licensed Person and the bank guarantee favouring the Central Bank is:
- •AED 50 million in case of Limited Liability Companies; and
- •AED 10 million in other cases.
- b)The risk grading awarded to the Licensed Person by the Central Bank must be either Low or Medium.
- a)Minimum paid-up capital of the Licensed Person and the bank guarantee favouring the Central Bank is:
- 4.17.3The Licensed Person must provide the following information/documents along with the application for the Letter of No Objection:
- •The full legal name and address of the foreign institution;
- •Draft copy of the bilateral agreement;
- •Nature of the intended business, whether it is import or export of banknotes or both;
- •Purpose of importing banknotes from the respective foreign institution;
- •Source of banknotes exported to the respective foreign institution;
- •Separate list of currencies to be imported and/or exported from/to the respective foreign institution and the projected annual value for each currency for next three (3) years;
- •Expected number of shipments (separately for import and export) per year and projected value of each shipment in local currency for next three (3) years;
- •Confirmation that the Enhanced Due Diligence has been carried out on the respective foreign institution; and
- •List of similar existing arrangements and the current yearly volume and value of business in each currency for each entity.
- 4.17.4Import or export of banknotes must be made only from/to an institution which is a licensed financial institution from a well regulated jurisdiction;
- 4.17.5The Licensed Person must carry out the Enhanced Due Diligence, in accordance with Paragraph 16.11.2 of Chapter 16, on such foreign institutions before requesting for the Letter of No objection from the Banking Supervision Department;
- 4.17.6The Licensed Person must have appropriate agreements with such foreign institutions containing suitable clauses to cover all risks associated with importing and exporting of banknotes;
- 4.17.7The Licensed Person must complete the settlement for each shipment, whether import or export, within a period of seven (7) business days from the date of receiving/dispatching the shipment;
- 4.17.8The validity of the Letter of No Objection issued by the Banking Supervision Department is for a maximum period of three (3) years. The Central Bank reserves the right to restrict the validity of such Letter of No Objection for a period less than three (3) years depending on the risk grading of the Licensed Person; and
- 4.17.9The Central Bank reserves the right, if it deems appropriate, to restrict the use of imported banknotes to be sold via own branches of the Licensed Person to its retail customers and not for supplying to other Licensed Persons or Financial Institutions that are operating inside or outside the UAE.
4.18 Liquidity of the Business
- 4.18.1Current assets of a Licensed Person must be at least 1.2 times of the current liabilities at all times;
- 4.18.2Current assets in this context consists of the following items from the Balance Sheet:
- a)Cash in hand (i.e. local and foreign currency stocks);
- b)Balances with banks (i.e. local and foreign bank balances);
- c)Receivables from the other financial institutions (local and foreign);
- d)Cheques which are within the validity period of six (6) months from the date of issue (i.e. valid cheques) received from the customers; and
- e)Unencumbered fixed deposits with banks or financial institutions with a remaining maturity period of less than three (3) months.
- 4.18.3Item (c) of Paragraph 4.18.2 of this Chapter must be recoverable and are not dormant or inactive during the past thirty (30) calendar days;
- 4.18.4For the computation of the current assets, the following items must not be considered:
- a)Post-dated cheques;
- b)Pre-payments;
- c)Mandatory deposits such as deposits for utility services, labor guarantee, etc.;
- d)Deposits under lien of any kind;
- e)Deposits which cannot be liquidated upon demand; and
- f)Debit balances in the current account of the owners, directors, controllers, managers, employees, customers, etc., if any (Refer to Paragraph 4.12 of this Chapter).
- 4.18.5Current liabilities in this context consists of the following items from the Balance Sheet:
- a)Liabilities towards customers for any outward remittances (local and foreign including the amount of unclaimed funds);
- b)Sundry Creditors;
- c)Accruals;
- d)Liabilities towards the beneficiaries of the inward remittances if the funds are received by the Licensed Person;
- e)Liabilities related to WPS;
- f)Amounts payable to banks and other financial institutions upon demand or payable within three (3) months - local and foreign;
- g)Any valid cheques issued by the Licensed Person which is not netted off against the bank balance; and
- h)Credit balances in the current account of the owners, directors, controllers, managers, employees, customers, etc., if any (Refer to Paragraph 4.12 of this Chapter).
- 4.18.6For the computation of current liabilities, the following items must not be considered:
- a)Post-dated cheques;
- b)Any kind of provisions including the provision for gratuity, leave salary, air tickets for the employees, annual maintenance contracts, etc.; and
- c)Amounts payable after three (3) months to banks and other financial institutions - local and foreign.
4.19 Equity and Minimum Paid-up Capital Requirements
- 4.19.1Total Equity of the Licensed Person must not fall below the minimum required paid-up capital as stipulated in Paragraph 2.3 of Chapter 2;
- 4.19.2Total Equity includes:
- a)Paid-up Capital;
- b)Statutory/Legal Reserves;
- c)General Reserves or any other Reserves of similar nature;
- d)Current year profits or losses (i.e. profits to be added and losses to be deducted); and
- e)Retained earnings/accumulated profits or losses (i.e. retained earnings/profits to be added and losses to be deducted).
- 4.19.3Debit balance in the current account of the owner/partners/shareholders, if any, must be deducted from the Total Equity;
- 4.19.4Where the Total Equity falls below the minimum required paid-up capital, the Licensed Person must inject additional paid-up capital to balance the equity position after obtaining a Letter of No Objection from the Banking Supervision Department. Such injection of additional paid-up capital must be made within six (6) months from the date when the equity falls below the minimum required paid-up capital; and
- 4.19.5In the case of a newly established business, the Licensed Person is entitled for a grace period of one (1) year from the date of commencement of the business before being required to inject additional paid-up capital to comply with the requirements of Paragraph 4.19.4 of this Chapter, unless specifically instructed by the Central Bank to do so.
4.20 Authorized Signatories
- 4.20.1The authorized signatory who signs correspondence (i.e. letters, requests for various purpose etc.) with the Central Bank must possess a Power of Attorney (PoA) from the Licensed Person or its Owner/Partners/Shareholders with exemptions under Paragraphs 4.20.3 and 4.20.4 of this Chapter, unless such person is the sole owner of the Licensed Person;
- 4.20.2The Central Bank will not act on or respond to any correspondence signed by parties other than authorized signatories having Power of Attorney in accordance with Paragraph 4.20.1 of this Chapter;
- 4.20.3The Compliance Officer of the Licensed Person may sign responses to ‘Search’ or ‘Search and Freeze’ notices from the Central Bank. The Suspicious Transaction Reports (STR) must be signed by the Compliance Officer at all times;
- 4.20.4The Licensed Person or its authorized signatory may delegate the authority to other employees of the Licensed Person to sign the periodical returns/reports (such as monthly, quarterly, bi-annual or annual returns) to be submitted to the Central Bank. The Licensed Person and its authorized signatory shall retain the responsibility for the accuracy of all such returns even after the delegation;
- 4.20.5The Licensed Person or its Board of Directors (or the Owner/Partner where there is no Board of Directors) must not grant a Power of Attorney of any kind to any party other than a full time employee, Director of the Board, Partner or a Shareholder of the Licensed Person; and
- 4.20.6The Licensed Person or its Board of Directors (or the Owner/Partner where there is no Board of Directors) must not authorize any party other than a full time employee, Director of the Board, Partner or a Shareholder of the Licensed Person to act as an authorized signatory of its local or foreign bank account.
4.21 Reporting to the Central Bank
- 4.21.1The Licensed Person may refer to Appendix 3 of the Standards for the list of returns/reports to be submitted to the Central Bank;
- 4.21.2The Licensed Person must submit all returns/reports to the Central Bank on or before the reporting deadlines; and
- 4.21.3The Licensed Person must obtain access to the Central Bank reporting portals, such as Daily Remittances Reporting System, IRR System (Integrated Regulatory Reporting System), Suspicious Transaction Reporting System, etc. for the submission of periodical online reports.
4.22 Business Plans and Budgets
- 4.22.1A short term business plan, called the “Budget”, must be agreed and approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors) at the beginning of each financial year;
- 4.22.2A comparison of actual performance against budgets must be performed at the end of every financial year, at a minimum, and variances must be analysed to identify the events that led to the actual performance deviating from the budget; and
- 4.22.3The Licensed Person must also have a long term business plan, preferably for a period of three to five (3 to 5) years, approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors).
4.23 UAE National Employment Programs or Emiratisation
- 4.23.1The Licensed Person must ensure that the number of their UAE National employees is not less than 10% of the total number of employees or one UAE national employee in each office/branch, whichever is higher;
- 4.23.2All UAE National employees must be registered with Ministry of Labor and General Pension and Social Security Authority;
- 4.23.3The Licensed Person may deduct the number of ancillary staff (such as drivers, office boys, cleaning staff, security staff, etc.) from the total number of employees for the computation of 10% of the total number of employees; and
- 4.23.4The Central Bank reserves the right to issue Regulations regarding Emiratisation in the Financial Industry from time to time. The Licensed Persons must comply with such future Regulations as and when the same are issued.
4.24 Opening of Subsidiaries and Offices
- 4.24.1The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department to invest in or to open subsidiaries or offices of any kind, whether outside or inside the UAE; and
- 4.24.2The paid-up capital of the Licensed Person after netting off investments in such subsidiaries or offices must not fall below the minimum required paid-up capital as stipulated in Paragraph 2.3 of Chapter 2.
4.25 Investigations and Litigation
- 4.25.1The Licensed Person must immediately inform the Banking Supervision Department if it becomes aware that the Licensed Person or its Owner/Partners/Shareholders, Director of the Board, employees or subsidiaries is/are the subject of an investigation of criminal nature by a local or foreign investigating agency;
- 4.25.2The Licensed Person must immediately inform the Banking Supervision Department if it becomes aware that it is a party to any litigation whether civil or criminal in nature; and
- 4.25.3The Licensed Person must maintain appropriate registers and records related to such investigations and litigations.
4.26 Compliance with Laws and Regulations
The Standards for the Regulations Regarding Licensing and Monitoring of Exchange Business - 4.26.1The Licensed Person must comply with all applicable Laws (examples: Labor Law, Commercial Companies Law, etc.), Rules and Regulations of the UAE in addition to the Standards and Notices issued by the Central Bank at all times.
4.27 Responses to the ‘Search’ or ‘Search and Freeze’ Notices
- 4.27.1The Licensed Person must respond to the ‘Search’ or ‘Search and Freeze’ notices from the Central Bank and other Enforcement Authorities within the time frame provided in such notices; and
- 4.27.2Appropriate evidence must be held in a separate file in order for the Central Bank Examiners to confirm the status of compliance with this requirement.
4.28 AED Settlement via UAEFTS
- 4.28.1The Licensed Person must settle all transactions within the UAE in AED only via UAEFTS;
- 4.28.2The Licensed Person may request the Banking Supervision Department for access to UAEFTS; and
- 4.28.3The Central Bank will provide access to UAEFTS only if the systems of the Licensed Person meets the UAEFTS requirements.
4.29 Gifts and Entertainments
- 4.29.1The Licensed Person, its Owner/Partners/Shareholders, Directors on the Board, management or employees must not offer gifts (whether in cash or in kind) and entertainments to or attempt to influence employees of the Central Bank in any manner.
4.30 Pricing Changes
- 4.30.1The Licensed Person must seek a Letter of No Objection from the Central Bank and provide a solid business case to support the pricing initiative prior to introducing new pricing or increasing pricing for products related to their licensed activities.
Chapter 5: Central Bank Examinations
Introduction
The Central Bank reserves the right to undertake an examination at a Licensed Person at any time when it deems it appropriate. This chapter provides information on the Central Bank examinations and responsibilities of the Licensed Person in relation to such examinations.
5.1 Types and Scope of Examinations
- 5.1.1The type and scope of an examination will be determined by the Central Bank on a case by case basis. There are three types of examinations and they are discussed under Paragraphs 5.1.2 to 5.1.4 of this Chapter:
- 5.1.2Full Scope Examination
- a)A full scope examination is primarily meant to cover all aspects of the business of a Licensed Person such as financial and non-financial in addition to the compliance with all applicable Laws, Rules, Regulations, Notices and the Standards;
- b)The time frame to complete a full scope examination is usually between seven to fourteen (7 to 14) business days depending on the nature, size and complexity of the business of the Licensed Person; and
- c)Findings of a full scope examination will be communicated to the Licensed Person through an appropriate Transmittal Letter.
- 5.1.3Fast Track Examination
- a)A fast track examination is a quick examination which will be completed within a short period of two to three (2 to 3) business days depending on the nature, size and complexity of the business of the Licensed Person;
- b)A fast track examination is meant to assess the level of compliance of a Licensed Person with high level requirements of all applicable Laws, Rules, Regulations, Notices and the Standards; and
- c)Findings of a fast track examination will be communicated to the Licensed Person through an appropriate Transmittal Letter.
- 5.1.4Special Examination
- a)The Central Bank reserves the right to undertake special examinations or surprise examinations at any time, if it deems necessary;
- b)The scope and the timeframe of special examinations will be decided by the Central Bank on a case by case basis; and
- c)The Central Bank reserves the right to decide whether findings of such examinations need to be communicated to the Licensed Person or not.
5.2 Preparation for the Examination
- 5.2.1The ultimate responsibility to prepare for the Central Bank examination lies with the Manager in Charge of the Licensed Person;
- 5.2.2The Licensed Person must give special attention to Paragraphs 5.2.2 (a) to (d) of this Chapter in relation to the preparation for an examination:
- a)The Licensed Person must prepare and keep all information or documents ready within the timeline provided by the Central Bank;
- b)The Licensed Person must provide appropriate work space within its premises and full assistance to the Central Bank Examiners in order to carry out the examination;
- c)The Manager in Charge or any other authorized person of the Licensed Person must be available at all times to answer the queries of the Central Bank Examiners; and
- d)The Compliance Officer and the Accountant must be present at the time when the Central Bank Examiners review their respective functions.
5.3 Transmittal Letter
- 5.3.1The Transmittal Letter is the official communication from the Central Bank to the Licensed Person which contains all findings of an examination;
- 5.3.2The objective of issuing a Transmittal Letter is to inform the Licensed Person about the areas of non-compliance noted by the Central Bank Examiners during an examination;
- 5.3.3Transmittal Letters are issued after full scope or fast track examinations provided that there are observations related to non-compliance with applicable Laws, Rules, Regulations Notices and the Standards;
- 5.3.4The Transmittal Letter is normally divided into several sections, such as, (a) Major Issues (b) Violations under the Regulations and the Standards (c) Violations under AML/CFT Regulations (d) Reporting Issues (e) Operational and Control Issues and (f) Other Issues; and
- 5.3.5The risk grading awarded to the Licensed Person, whether it is low, medium, high, very high or unacceptable, and details of predefined parameters based on which the overall risk grading is calculated will be indicated in the Transmittal Letter.
5.4 Response to the Transmittal Letter
- 5.4.1The Licensed Person must provide its response in writing for each finding in the Transmittal Letter within the time frame provided by the Central Bank;
- 5.4.2The response from a Licensed Person must include the detailed plan of action on how and when the findings of a Transmittal Letter will be resolved;
- 5.4.3If no specific time frame is provided by the Central Bank, then the Licensed Person must submit its response within thirty (30) calendar days from date of issue of the Transmittal Letter; and
- 5.4.4The response to the Transmittal Letter must be submitted in original hard copy under the signature of the authorized signatory of the Licensed Person to the Supervision & Examination Division of the Banking Supervision Department.
5.5 Action Plans and Follow-up Examinations
- 5.5.1The Central Bank shall review responses and action plans received from the Licensed Person; and
- 5.5.2The Central Bank reserves the right to conduct follow up examinations in order to assess the progress of the Licensed Person in resolving the examination findings.
5.6 Meetings
- 5.6.1The Central Bank reserves the right to call the Manager in Charge, Compliance Officer, Functional Heads, Directors of the Board or Shareholders/the Owner/Partners of the Licensed Person for a meeting to discuss the examination findings;
- 5.6.2Such meetings may be held either before the issue of Transmittal Letters (known as Exit Meetings) or after the issue of Transmittal Letters (known as Follow-up Meetings); and
- 5.6.3The Licensed Person must attend such meetings without fail.
B. Management and Governance Standards
Chapter 6: Management and Corporate Governance
Introduction
Corporate governance broadly refers to mechanisms and processes by which the Licensed Person is managed, controlled and directed. Governance structures and principles identify the distribution of powers and responsibilities within the management structure of a Licensed Person. This chapter provides standards on how to organize the Management and Governance framework of a Licensed Person.
6.1 Head Office
- 6.1.1The Licensed Person must have a Head Office within the UAE where the Manager in Charge and other functional heads must be based to carry out their responsibilities;
- 6.1.2All files and physical records of the Licensed Person, whether they are related to the incorporation, governance, customers, transactions, accounting, employees, etc., must be available in the Head Office or otherwise accessible during the Central Bank examination;
- 6.1.3The Central Bank expects the Licensed Person to maintain its Head Office at the same address as mentioned in the main license (or the first license) unless otherwise agreed by the Central Bank in writing;
- 6.1.4The Head Office must not be located in a free zone or any other place (such as inside an Airport) where the free entry is restricted for the Central Bank Examiners to visit such office at any time to conduct an examination; and
- 6.1.5The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department in order to re-locate the Head Office from its approved location to another location.
6.2 Management Office
- 6.2.1The Licensed Person may open a separate Management Office, after obtaining a Letter of No Objection from the Banking Supervision Department, to be used for the same purposes as mentioned under Paragraphs 6.1.1 and 6.1.2 of this Chapter in case the Head Office does not have sufficient space;
- 6.2.2The Licensed Person is not permitted to carry out Exchange Business from its Management Office unless otherwise approved by the Central Bank in writing; and
- 6.2.3Conditions under Paragraphs 6.1.4 and 6.1.5 of this Chapter are also applicable to the Management Office of a Licensed Person.
6.3 Organisational Structure
- 6.3.1The organizational structure of the Licensed Person must be approved by its Board of Directors (or by the Owner/Partners where there is no Board of Directors); and
- 6.3.2The organizational structure must reflect reporting lines of the Manager in Charge, Compliance Officer and other functional heads and must be free from any conflict of interests to ensure functional independence.
6.4 Appointment of the Manager in Charge
- 6.4.1The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department prior to the appointment of its Manager in Charge by submitting a duly completed APA Form (Refer to Appendix 5 for this Form) along with all required documents to the Banking Supervision Department;
- 6.4.2The Central Bank shall conduct a fit and proper test on the proposed Manager in Charge before issuing the Letter of No Objection. The Central Bank reserves the right to:
- a)interview the proposed Manager in Charge as part of the fit and proper test; and
- b)issue or decline the approval for the proposed Manager in Charge.
- 6.4.3In case the prior approval is rejected by the Central Bank, the Licensed Person must propose a new Manager in Charge within the timeline provided by the Central Bank in the Letter of Rejection. If a specific timeline is not provided in the Letter of Rejection, then the Licensed Person must propose a new Manager in Charge within a period of one hundred and eighty (180) calendar days from the date of Letter of Rejection.
- 6.4.4Minimum Qualification and Experience of the Manager in Charge:
- a)If the Licensed Person is in possession of a Category A License:
- •A minimum of five (5) years of experience within any financial institution(s), of which at least two (2) years in senior management position(s), such as head of a core function, Manager in Charge, General Manager/CEO or member of the Board of Directors; and
- •Sound knowledge of all applicable Laws, Rules, Regulations, Notices and the Standards related to Exchange Business in the UAE.
- b)If the Licensed Person is in possession of either a Category B or Category C License:
- •A minimum of eight (8) years of experience within any financial institution(s), of which at least four (4) years in a senior management position(s), such as head of a core function, Manager in Charge, General Manager/CEO or member of the Board of Directors;
- •Sound knowledge of all applicable Laws, Rules, Regulations, Notices and the Standards related to Exchange Business in the UAE; and
- •Preference may be given to those with a Bachelor degree or higher in any discipline.
- a)If the Licensed Person is in possession of a Category A License:
- 6.4.5Employment Type and Residential Status of the Manager in Charge:
- a)The Manager in Charge must be a full time employee of the Licensed Person;
- b)The Manager in Charge is not permitted to hold any position or responsibility or role in or on behalf of any other entity or business, whether inside or outside the UAE;
- c)The Manager in Charge must be a resident in the UAE; and
- d)Foreign national must be under the employment visa of the Licensed Person when employed as a Manager in Charge.
- 6.4.6Responsibilities of the Manager in Charge:
- a)The Manager in Charge is responsible for the effective management of all aspects/activities of a Licensed Person.
- 6.4.7Resignation of the Manager in Charge and notification to the Central Bank:
- a)The Licensed Person must notify the Banking Supervision Department, within five (5) working days, in case the Manager in Charge resigns or vacates the office in any other manner with reasons thereof via email to: info.ehs@cbuae.gov.ae;
- b)The Licensed Person must also provide, in the above notification email, the contact details of an alternate person (i.e. Interim Manager in Charge) who will be responsible for managing the business until the position of the Manager in Charge is permanently filled in; and
- c)A permanent replacement must be appointed after obtaining a Letter of No Objection from the Banking Supervision Department within a period of one hundred and eighty (180) calendar days from the date when the position of the Manager in Charge falls vacant (Refer to Paragraphs 6.4.1, 6.4.2 and 6.4.3 of this Chapter).
- 6.4.8Removal of the Manager in Charge:
- a)The Central Bank reserves the right to remove the Manager in Charge of a Licensed Person at its sole discretion;
- b)The Licensed Person, in such cases, must comply with Paragraphs 6.4.7 (b) and 6.4.7 (c) of this Chapter; and
- c)The Central Bank reserves the right to communicate or not to communicate the reasons to the Licensed Person for its decision to remove the Manager in Charge.
6.5 Functional Heads
- 6.5.1The Functional Heads must possess appropriate qualifications and experience required to carry out their responsibilities.
6.6 Appointment of a Compliance Officer and an Alternate Compliance Officer
- 6.6.1The Licensed Person must appoint a Compliance Officer and an Alternate Compliance Officer who will be primarily responsible for its AML compliance function; and
- 6.6.2The Licensed Person must refer to Paragraphs 16.4 and 16.5 of Chapter 16 for additional standards regarding the appointment of the Compliance Officer and the Alternate Compliance Officer.
6.7 Constitution of the Board of Directors and its Responsibilities
- 6.7.1The Licensed Person must appoint a Board of Directors, if required by the prevailing Commercial Companies Law of the UAE;
- 6.7.2Qualifications and Experience of Directors of the Board:
- a)A minimum of eight (8) years of experience within any financial institution(s), of which at least five (5) years in senior management position(s), such as head of a core function, Manager in Charge, General Manager/CEO or as member of the Board of Directors;
- b)Knowledge of all applicable Laws, Rules, Regulations, Notices and the Standards related to Exchange Business in the UAE;
- c)Preference may be given to those with a Bachelor degree or higher in any discipline; and
- d)The Licensed Person’s Shareholders, Partners and their immediate family members (i.e. father, mother, brother, sister, children or grandchildren, in laws, etc.) are eligible to become Directors on the Board regardless of their qualifications and experience (i.e. Paragraphs 6.7.2 (a) to (c) of this Chapter are not applicable in these cases).
- 6.7.3Residential Status of Directors of the Board:
- a)The majority of Directors of the Board (i.e. more than 50% of Directors of the Board) must be resident in the UAE.
- 6.7.4The Roles and Responsibilities of the Board of Directors:
- a)The Board of Directors is responsible for the oversight of all activities of the Licensed Person;
- b)The Board of Directors is also responsible to appoint and monitor the performance of the Manager in Charge in addition to the following:
- •Maintain honesty, integrity and transparency throughout the business activities;
- •Ensure that a robust and independent compliance function is established and maintained;
- •Ensure that appropriate AML/CFT compliance and other related policies are implemented;
- •Ensure that actions are taken by the relevant stakeholders to resolve internal/external audit findings and regulatory compliance issues including AML compliance in a timely manner;
- •Ensure that sufficient time, freedom, resources, systems and tools are available for the Manager in Charge and Compliance Officer to fulfil their responsibilities effectively;
- •Ensure that an internal audit function is established and maintained; and
- •Review the effectiveness of the internal audit function at the end of every year.
- 6.7.5The Resignation or Termination of Director of the Board:
- a)Upon the resignation or termination of a Director of the Board, a permanent replacement must be appointed within one hundred and twenty (120) calendar days from the date when the position of a Director of the Board falls vacant; and
- 6.7.6In case a Licensed Person does not have any obligation to appoint a Board of Directors as per the prevailing Commercial Companies Law of the UAE, its Owner or Partners must be responsible for carrying out the responsibilities under Paragraph 6.7.4 of this Chapter.
6.8 Board Meetings, Shareholders Meeting and other Meetings:
- 6.8.1Shareholders must meet at least once every year to approve the External Auditors’ report and financial statements for the previous financial year, annual budgets, appointment of External Auditors for the current financial year etc.;
- 6.8.2The Board of Directors must meet at regular intervals, in accordance with the provisions of the prevailing Commercial Companies Law of the UAE, with a pre-agreed agenda to discuss all aspects of the business activities with the Manager in Charge, Compliance Officer and other functional heads;
- 6.8.3Where the Licensed Person does not have a Board of Directors, the Owner/Partners, Manager in Charge, Compliance Officer and other functional heads must meet at least once in six (6) months to discuss all aspects of the business; and
- 6.8.4The minutes of above meetings must be available for the verification of the Central Bank Examiners.
6.9 Committees
- 6.9.1The Licensed Person, irrespective of its legal form or constitution, must constitute at least two committees as per Paragraphs 6.9.2 and 6.9.3 of this Chapter;
- 6.9.2An Audit Committee must be constituted in order to:
- a)recommend the name(s) of appropriate External Auditors for the approval of the Board of Directors (or of the Owner/ Partners where there is no Board of Directors) to carry out the annual financial audit;
- b)review and ensure that the Internal Audit Charter and the Internal Audit Plan are appropriate to the nature, size and complexity of the business prior to obtaining approval from the Board of Directors (or from the Owner/Partners where there is no Board of Directors);
- c)review all internal/external audit reports, management letters, etc.;
- d)review action plans to address findings of the internal/external reports; and
- e)provide updates about various matters mentioned under Paragraphs 6.9.2 (a) to (d) of this Chapter to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).
- 6.9.3A Compliance Committee must be constituted in order to:
- a)recommend the name(s) of appropriate External Auditors for the approval of the Board of Directors (or of the Owner/Partners where there is no Board of Directors) to perform an Agreed-Upon Procedures on the AML/CFT compliance function annually;
- b)review various ML/FT risks associated with the business and confirm that appropriate policies, procedures, controls, resources, etc. are in place to mitigate such risks;
- c)periodically review resources, systems and tools available to the Compliance Officer and ensure that they are appropriate to the nature, size and complexity of the business;
- d)review recommendations from the Annual Report of the Compliance officer;
- e)review findings of internal audit, independent review of the AML/CFT compliance function by External Auditors, the Central Bank examinations and all related action plans; and
- f)provide updates about various matters mentioned under Paragraphs 6.9.3 (a) to (e) of this Chapter to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).
- 6.9.4Composition of Committees:
- a)The Audit Committee must include the following members at a minimum:
- b)The Compliance Committee must include the following members at a minimum:
- •at least one Director of the Board or the Owner or at least one Partner;
- •Manager in Charge;
- •Compliance Officer;
- •Alternate Compliance Officer; and
- •Any other functional heads, if the Licensed Person deems it necessary.
- 6.9.5Committees must meet at least once in every quarter and minutes of such meetings must be available for the verification of the Central Bank Examiners.
Chapter 7: Accounts and Audit
Introduction
The Standards for the Regulations Regarding Licensing and Monitoring of Exchange Business The Licensed Person must maintain appropriate books of accounts that reflect the true and fair view of its financial position at any point in time. This chapter provides standards to be maintained on Accounting and Auditing functions of the Licensed Person.
7.1 Accountant
- 7.1.1Appointment of an Accountant
- a)The Licensed Person must appoint an Accountant who is primarily responsible to maintain appropriate books of accounts and prepare periodical financial reports for submission to the Central Bank;
- b)The job title of the Accountant may vary at the discretion of the Licensed Person, for example Accounts Manager, Chief Accountant, etc.; and
- c)The Accountant must possess sufficient knowledge and appropriate experience to deal with all issues related to the bookkeeping, financial accounting, reporting to the Central Bank and to manage the annual audit of the books of accounts by External Auditors.
- 7.1.2Accountant’s Responsibilities (the list is not exhaustive)
- a)Ensure accuracy and completeness in the bookkeeping and financial accounting;
- b)Arrange to submit accurate regulatory reports, such as monthly returns, quarterly returns, monthly remittance reports, audited financial statements, etc. within the submission deadlines to the Central Bank;
- c)Obtain statements related to remittances, foreign currency export/import, hedge accounts or special products/services from banks, remittance partners or other relevant institutions/partners to perform reconciliation of balances on a regular basis, preferably daily;
- d)Investigate differences identified during the reconciliation process and report all unreconciled items to the Manager in Charge immediately;
- e)Assess the amount of unclaimed funds as on the last day of every month; and
- f)Assess the liquidity position and capital adequacy on a regular basis to inform the Manager in Charge.
- 7.1.3Books of Accounts
- a)The Licensed Person must maintain comprehensive and accurate books of accounts and supporting records that reflect its correct liquidity/financial positions at all times;
- b)The books of accounts and other records must be available within the UAE at all times and for the examination by the Central Bank;
- c)The Licensed Person must introduce automated books of accounts in order to generate periodical Central Bank returns with the aid of suitable accounting software; and
- d)The systems of the Licensed Person must be capable of generating appropriate reports related to the foreign currency exchange and remittance transactions at any point in time and for any period. Such reports must provide the below information at a minimum:
- •Number, total value and average value of transactions for each product;
- •Number, total value and average value of foreign currency exchange transactions for each currency;
- •Number, total value and average value of outward/inward money transfers to/from each correspondent, country and for each currency; and
- •Number, total value and average value of outward/inward money transfers via instant money transfer service providers to/from each service provider, country and for each currency.
- 7.1.1Appointment of an Accountant
7.2 Internal Audit
- 7.2.1Appointment of Internal Auditor
- a)The Licensed Person must appoint an Internal Auditor who is responsible to carry out regular audits across all aspects of its business; and
- b)The Internal Auditor must possess sufficient knowledge and appropriate experience to deal with all issues related to internal audit.
- 7.2.2Scope of the Internal Audit
- a)The Licensed Person must have an Internal Audit Charter, that clearly states the purpose, scope and reporting lines of the Internal Auditor;
- b)The Internal Audit Charter must be reviewed by the Audit Committee and then approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors);
- c)The Internal Auditor must adhere to relevant auditing standards and code of ethics that are applicable to the internal audit profession;
- d)All business activities of the Licensed Person, core functions, non-core functions, branches, Head Office, Management Office (if any), reconciliation process, unreconciled items, unclaimed funds, liquidity, capital adequacy, etc. must be covered under the scope of internal audit in addition to the AML and regulatory compliance;
- e)The Internal Auditor must be given access to employees, data and records which may reasonably be required to fulfil all responsibilities;
- f)The Internal Auditor must be informed, on a timely basis, of any changes in the applicable Regulations, the Standards and the Licensed Person’s policies or procedures;
- g)The Internal Auditor must prepare the Annual Internal Audit Plan after discussing with the Audit Committee and obtain the approval of the Board of Directors (or of the Owner/Partners where there is no Board of Directors) at the beginning of each financial year;
- h)The Annual Internal Audit Plan must contain timelines for each internal audit, internal audit reporting deadlines, allocation of resources, areas to be audited, follow up audit plans etc.;
- i)Internal audits must be performed in accordance with the Annual Internal Audit Plan and the Board of Directors (or the Owner/Partners where there is no Board of Directors) must ensure that internal audit findings are addressed in a timely manner; and
- j)The Internal Audit Charter and Plan must be reviewed by the Audit Committee at the end of each year to assess the effectiveness of the internal audit function and a summary of such reviews must be presented to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).
- 7.2.3Internal Audit Reporting Lines
- a)The Internal Auditor must report directly to the Board of Directors (or to the Owner/Partners where there is no Board of Directors); and
- b)Copies of all internal audit reports and corrective actions taken by the Manager in Charge must be available for verification by the Central Bank Examiners.
- 7.2.4Independence and Conflict of Interest
- a)The Internal Auditor’s role must be handled by a dedicated resource and must not be combined with any other function of the Licensed Person; and
- b)The Internal Auditor must bring any matter affecting their independence such as creating any conflict of interest or limiting the scope of internal audit, restricting access to any information, etc. to the attention of the Board of Directors (or of the Owner/Partners where there is no Board of Directors).
- 7.2.1Appointment of Internal Auditor
7.3 External Audit
- 7.3.1Appointment of External Auditor
- a)The Licensed Person must appoint an External Auditor after obtaining a Letter of No Objection from the Banking Supervision Department for each financial year to audit its books of accounts and the financial statements;
- b)The Central Bank reserves the right to appoint an External Auditor at its sole discretion to audit the books of accounts of the Licensed Person for any financial year in the following cases:
- •The Licensed Person had failed to obtain the Letter of No Objection from the Banking Supervision Department to appoint an External Auditor; and
- •The Licensed Person had appointed an External Auditor contrary to instructions from the Banking Supervision Department.
- c)The Central Bank reserves the right to appoint additional External Auditors where it deems it appropriate, reasonable and necessary;
- d)In all cases of appointments as per Paragraphs 7.3.1 (a) to (c) of this Chapter, the audit fee payable to External Auditors must be paid by the Licensed Person; and
- e)The Central Bank reserves the right to instruct External Auditors to submit the audit report, financial statements and any other relevant information directly to the Central Bank if it deems it necessary.
- 7.3.2Approval Process to Appoint the External Auditor
- a)The Licensed Person must submit the request for the Letter of No Objection to the Banking Supervision Department on or before 31st May of each financial year; and
- b)The request letter must be signed by the authorised signatory of the Licensed Person and accompanied by the following documents:
- •duly completed Form BSD IIIA & IIIB which must be signed by the proposed External Auditor; and
- •a copy of the professional license of the proposed External Auditor.
- 7.3.3Rotation of External Auditors
- a)The Licensed Person is permitted to appoint the same External Auditor to audit its books of accounts and financial statements for a maximum period of six (6) consecutive financial years provided that the following conditions are fulfilled:
- •A Letter of No Objection from the Banking Supervision Department is obtained to appoint the same External Auditor for each financial year; and
- •The audit partner is changed after a maximum period of three (3) consecutive financial years.
- b)After six (6) consecutive financial years, the Licensed Person must appoint a different External Auditor for a minimum period of one (1) financial year after obtaining a Letter of No Objection from the Banking Supervision Department in accordance with Paragraph 7.3.2 of this Chapter;
- c)In case the External Auditor is unable to change the audit partner after a period of three (3) consecutive financial years as required under Paragraph 7.3.3 (a) of this Chapter, the Licensed Person must appoint a different External Auditor for a minimum period of one (1) financial year after obtaining a Letter of No Objection from the Banking Supervision Department in accordance with Paragraph 7.3.2 of this Chapter;
- d)An External Auditor appointed for a period of less than one (1) year, usually for a start-up business, will be considered as one (1) full financial year for the purpose of calculating the limit of six (6) consecutive financial years under Paragraph 7.3.3 (a) of this Chapter; and
- e)The limit of six (6) consecutive financial years shall be applied retrospectively, starting from the financial year 2012.
- a)The Licensed Person is permitted to appoint the same External Auditor to audit its books of accounts and financial statements for a maximum period of six (6) consecutive financial years provided that the following conditions are fulfilled:
- 7.3.4Auditors’ Report and Financial Statements
- a)Audited Financial Statements and the Auditors’ Report for any financial year must be submitted to the Banking Supervision Department on or before 31st March of the following year;
- b)External Auditors must expressly state their views on the following matters in the Auditors’ Report in addition to their audit opinion:
- •Whether the Licensed Person has kept regular books of accounts and it was available in the UAE during the audit;
- •Whether suitable accounting software has been implemented in accordance with Paragraphs 7.1.3 (c) and (d) of this Chapter; and
- •Whether there is any major breach of the Regulations or the Standards applicable to Exchange Business.
- c)Where the Licensed Person has Subsidiaries, whether inside or outside the UAE, the Consolidated Financial Statements and Auditors’ Report must be submitted to the Central Bank within six (6) months from the end of each financial year;
- d)External Auditors must directly report to the Banking Supervision Department, if there are any serious violations or breaches of applicable Laws, Rules, Regulations, Notices and the Standards or deficiencies/manipulations in the books of accounts which comes to its attention during the course of audit engagement; and
- e)An External Auditor issuing a report under Paragraph 7.3.4 (d) of this Chapter to the Banking Supervision Department, in good faith, shall bear no liability to the Licensed Person or to its Owner, Partners, Shareholders or any other party for the breach or alleged breach of confidentiality.
- 7.3.5The Management Letter
- a)The Licensed Person must request the External Auditor to issue a Management Letter highlighting all deficiencies in its internal controls along with recommendations for the mitigation of such deficiencies;
- b)The Licensed Person must provide its comments for each finding in the Management Letter;
- c)In case the Management Letter was not issued by an External Auditor, a letter stating the same and the reasons thereof must be issued by the External Auditor; and
- d)A copy of the Management Letter or the letter as per Paragraph 7.3.5 (c) of this Chapter must be submitted to the Banking Supervision Department along with the Auditors’ Report and financial statements for each financial year.
- 7.3.1Appointment of External Auditor
Chapter 8: Human Resources
Introduction
The Standards for the Regulations Regarding Licensing and Monitoring of Exchange Business The Human Resources (HR) function plays a vital role in hiring and maintaining the appropriate employees for the Licensed Person. The Licensed Person may appoint a dedicated person to manage the HR function or combine the HR function with another suitable function subject to the conditions of Paragraphs 7.2.4 (a) of Chapter 7, 16.4.7 (a) and 16.5.1 (g) of Chapter 16. This chapter provides minimum standards to be maintained by the Licensed Person in relation to the HR function.
8.1 Human Resource Policy
- 8.1.1The Licensed Person must implement a Human Resource Policy approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors);
- 8.1.2The Human Resource Policy must cover the following at a minimum:
- a)Recruitment and Know Your Employee (KYE) Policy;
- b)Induction and trainings;
- c)Job descriptions and KPIs;
- d)Segregation of duties;
- e)Staff rotation;
- f)Working hours and overtime pay;
- g)Leave, holidays and vacation;
- h)Performance evaluation;
- i)Rights and responsibilities of employees; and
- j)The Disciplinary Process.
- 8.1.3The Human Resource Policy must be in line with all applicable Laws and Rules of the UAE. The Human Resource Policy must be reviewed at regular intervals.
8.2 Recruitment and Know Your Employee (KYE) Process
- 8.2.1The Licensed Person is responsible to establish and confirm the background of applicants prior to placing them in the employment; and
- 8.2.2The KYE Procedure must include the following at a minimum:
- a)Initial screening of CVs;
- b)Verification of applicants’ academic qualifications;
- c)Testing and interview;
- d)Employment history verification by contacting previous employers to confirm the employee’s work experience and to gather information on previous role(s);
- e)Police Clearance Certification from the police authorities of each respective Emirate if the applicant is already in the UAE. In other cases, Police Clearance Certificates must be obtained from the home country of the candidate, if available; and
- f)Sanction checks must be applied on applicants before placing them in the employment.
8.3 Job Descriptions
- 8.3.1Job descriptions must be precise and all employees must be provided with a copy of it in order for them to have clarity on their responsibilities; and
- 8.3.2A copy of the job description signed by the employee and the Licensed Person must be held in the personal file of the employee.
8.4 Segregation of Duties
- 8.4.1The Licensed Person must segregate duties to ensure that no single employee has unlimited access to data or is responsible to carry out major tasks, especially in areas such as payment authorization, information access, reconciliations, cash management, etc.
8.5 Staff Rotation
- 8.5.1The Licensed Person must rotate its employees at regular intervals among its different branches, among different sections within the same branch or within different roles in the same Department. However, this requirement is not applicable to the head of any function.
8.6 Succession Plan
- 8.6.1Succession Plan must be in place to ensure timely replacements of key personnel such as the Manager in Charge, Compliance Officer, Alternate Compliance Officer, Accountant, etc. immediately once such positions become vacant; and
- 8.6.2The Succession Plan must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors).
8.7 Code of Conduct:
- 8.7.1The Licensed Person must have a Code of Conduct for its employees which must include the following at a minimum:
- a)Guidelines for acceptable behaviour;
- b)Require employees to comply with policies & procedures of the Licensed Person and all applicable Laws, Rules, Regulations, Notices and the Standards;
- c)Confidentiality;
- d)Conflict of interest;
- e)Disciplinary procedures; and
- f)Right to appeal.
- 8.7.1The Licensed Person must have a Code of Conduct for its employees which must include the following at a minimum:
Chapter 9: Outsourcing of Functions
Introduction
Outsourcing is an arrangement whereby a third party performs a function as a whole or a part thereof, on behalf of the Licensed Person. This chapter provides standards in relation to outsourcing of functions considering its inherent vulnerabilities in relation to confidentiality, accessibility of information, etc.
9.1 Outsourcing of Functions
- 9.1.1The Licensed Person may outsource various functions, if necessary, with the exceptions under Paragraph 9.1.2 of this Chapter. The Licensed Person must fulfil the requirements of this Chapter at all times and also comply with any future Regulations in relation to outsourcing as and when issued by the Central Bank;
- 9.1.2The Licensed Person is not permitted to outsource the following functions under any circumstances:
- a)AML compliance function with the exception of document retention to an external party. However, the Licensed Person is permitted to outsource specific AML compliance tasks (examples: Enhanced Due Diligence, AML/CFT Training, Framing AML/CFT Controls, System Support etc.) after obtaining the Letter of No Objection from the Banking Supervision Department; and
- b)Permitted Activities of the Licensed Person (examples: buying and selling of foreign currencies, acceptance/execution/disbursement of money transfers of customers, etc.).
9.2 Responsibilities of the Licensed Person
- 9.2.1The ultimate responsibility/accountability of an outsourced function remains with the Licensed Person and the Board of Directors (or with the Owner/Partners where there is no Board of Directors);
- 9.2.2The Licensed Person must:
- a)ensure that it continues to satisfy all regulatory obligations with respect to an outsourced function;
- b)ensure that a dedicated employee, who is a subject matter expert, is appointed to manage the relationship between the Licensed Person and the Outsourcing Service Provider (i.e. “the Service Provider”) in the case of functions which are outsourced as per the conditions of this Chapter. Such dedicated employee may be allowed to manage the relationships for multiple outsourced functions provided that such multiple roles handled by the dedicated employee remains free from any conflict of interest;
- c)ensure that adequate mechanisms are implemented for monitoring the performance of the Service Provider;
- d)immediately inform the Banking Supervision Department of any material problems encountered with an outsourced function or the Service Provider; and
- e)continue to monitor the associated risks of outsourced functions and pay due attention to the security and effectiveness of internal controls implemented by the Service Provider to mitigate such risks.
9.3 Outsourcing Policy
- 9.3.1The Licensed Person must have an outsourcing policy approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors); and
- 9.3.2The outsourcing policy must cover the following aspects, at a minimum:
- a)Enhanced Due Diligence (EDD) process to be applied on the Service Provider;
- b)Responsibilities of the Licensed Person and the Board of Directors (or with the Owner/Partners where there is no Board of Directors) in relation to all outsourced functions;
- c)Annual risk assessment of outsourced functions;
- d)Control mechanisms to mitigate various outsourcing risks; and
- e)Requirement of a Service Level Agreement between the Licensed Person and the Service Provider.
9.4 Data Confidentiality
- 9.4.1The customer and transaction database must be held/stored within the UAE and held confidential at all times; and
- 9.4.2The Licensed Person must have contractual rights to take legal action against the Service Provider in the event of breach of confidentiality.
9.5 Access to Information
- 9.5.1The Licensed Person must ensure that the Central Bank and its Examiners have timely access to any information, that may be required to fulfil their responsibilities under the Regulations and the Standards, with respect to outsourced functions;
- 9.5.2The Licensed Person must ensure that its Internal and External Auditors have timely access to any relevant information that they may be required to fulfil their responsibilities; and
- 9.5.3Access must be given to the Central Bank and the Licensed Person’s Internal/External Auditors to conduct on-site reviews of outsourced functions at the Service Provider’s premises when it is necessary.
9.6 Business Continuity
- 9.6.1The Licensed Person must ensure that the Service Provider maintains and tests a plan to ensure the continuity of outsourced functions with a minimum disruption to the business in the event of unforeseen incidents;
- 9.6.2The Licensed Person must maintain and regularly review a contingency plan to enable it to set-up alternative arrangements, with minimum disruption to the business, should the outsourcing contract suddenly be terminated or the Service Provider fails;
- 9.6.3Such contingency plans must include various options, such as:
- a)the identification of alternative Service Providers;
- b)plans to in-source the outsourced functions; and
- c)any other practical interim arrangements.
9.7 Outsourcing Agreement
- 9.7.1The Licensed Person must have a Service Level Agreement with the Service Provider for each function to be outsourced;
- 9.7.2This agreement must address the issues identified below, at a minimum:
- a)Details of functions and activities to be outsourced;
- b)Responsibilities, contractual liabilities and obligations of the Service Provider and the Licensed Person;
- c)Reporting of issues and escalation mechanism;
- d)Mechanisms for monitoring and assessing the performance of the Service Provider;
- e)Designated persons for maintaining the relationship between both parties;
- f)Confidentiality of customer data and related conditions;
- g)Disputes resolution arrangements;
- h)Access to information;
- i)Business continuity in case the Service Provider temporarily or permanently fails to provide service; and
- j)Termination clause.
9.8 Termination
- 9.8.1Termination of the agreement by the Service Provider under any circumstances must be permitted only under a sufficient notice period within which the Licensed Person is able to identify another Service Provider or to in-source the function;
- 9.8.2The Licensed Person must retain the right to terminate the Service Level Agreement without any notice period under the following conditions:
- a)The Service Provider fails to provide quality services as agreed;
- b)The Service Provider is in breach of any sanction laws or any other applicable laws;
- c)Ownership of the Service Provider changes that has an impact on the interest of the Licensed Person or has a conflict of interest with the Licensed Person; and
- d)The Service Provider becomes insolvent or bankrupt or is under liquidation.
- 9.8.3The Service Level Agreement must provide for the return of all customer data to the Licensed Person in the event of the termination of such agreement without retaining any copies.
9.9 Letter of No Objection from the Central Bank
- 9.9.1The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department in order to outsource specific tasks of the AML Compliance function as mentioned under Paragraph 9.1.2 (a) of this Chapter; and
- 9.9.2The request for the Letter of No Objection must:
- a)be submitted to the Banking Supervision Department in writing and at least thirty (30) calendar days before the effective date of outsourcing the function; and
- b)be accompanied by the following documents:
- •the profile of the Service Provider;
- •a draft of the service level agreement between both parties;
- •a confirmation letter signed by the Authorized Signatory of the Licensed Person stating that an Enhanced Due Diligence Process has been applied on the Service Provider; and
- •a confirmation letter signed by the Owner/Partners/shareholders of the Licensed Person stating that ultimate responsibility/accountability of the outsourced function remains with the Licensed Person and the Board of Directors (or with the Owner/Partners where there is no Board of Directors).
C. Risk Management and Security Standards
Chapter 10: Risk Management
Introduction
Risk management refers to the practice of identifying potential risks in advance to measure, evaluate, record, mitigate and monitor risks in order to reduce the impact of such risks on the business of a Licensed Person. The Risk Management function must recognize the range of risks associated with the business and must mitigate them effectively. This chapter provides standards regarding an effective Risk Management Framework to be implemented by a Licensed Person.
10.1 Risk Management Function
- 10.1.1The ultimate responsibility for the formulation and implementation of an effective risk management framework lies with the Board of Directors (or with the Owner/Partners where there is no Board of Directors);
- 10.1.2The Licensed Person must maintain a Risk Management Policy approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors);
- 10.1.3The Licensed Person must designate a Risk Officer who must be given the overall responsibility of the risk management function;
- 10.1.4Depending on the nature, size and complexity of the business, the Licensed Person may appoint a dedicated Risk Officer or combine this role with another suitable function subject to the conditions under Paragraphs 7.2.4 (a) of Chapter 7, 16.4.7 (a) and 16.5.1 (g) of Chapter 16; and
- 10.1.5The Risk Management Policy must be reviewed annually and updated if necessary.
10.2 Risk Register
- 10.2.1The Risk Register is the record where the results of risk analysis, whether qualitative or quantitative, are logged including the mitigating measures and risk ownerships;
- 10.2.2The Licensed Person must maintain a risk register in the appropriate format with the following information at a minimum:
- 10.2.3The Risk Register must be reviewed at least quarterly to ensure that it is updated with upcoming, relevant risks and appropriate mitigating measures; and
- 10.2.4Periodical reports on actions initiated to mitigate various risks must be submitted to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).
10.3 Types of Risks
The risk management function at the Licensed Person must identify, evaluate, mitigate and monitor the following risks at a minimum:
- 10.3.1Operational Risk
- a)Operational risk is defined as the risk of loss, resulting from inadequate or failed processes, people and systems or from external events.
- 10.3.2Market Risk (Currency Rate Risk)
- a)Market risk is the risk that the value of an asset may decrease due to movements of market factors;
- b)The most important type of market risk for a Licensed Person is the risk of fluctuation in the foreign currency rates; and
- c)The Licensed Person must ensure that all market forces are continuously evaluated for prudent management of market risk.
- 10.3.3Counterparty Risk
- a)The risk that the other party to an agreement may default is the counterparty risk. The Licensed Person must identify, measure, monitor and control counterparty risk prior to establishing the business relationship; and
- b)Exposure limits assigned to counterparties must be continuously monitored.
- 10.3.4Compliance Risk
- a)Compliance risk is the exposure to legal penalties, financial penalties and material losses that the Licensed Person faces when it fails to act in accordance with applicable Laws, Rules, Regulations, Notices and the Standards.
- 10.3.5Reputational Risk
- a)Reputational risk is the risk of loss, resulting from damages to a Licensed Person’s reputation, such as loss of revenue or increased operating, capital or regulatory costs; and
- b)Reputational risk includes the risk to the country’s image resulting from unacceptable business practices of the Licensed Person.
- 10.3.6Security Risk
- a)Information security risk is caused by unauthorized access to the information or systems which can result in unauthorized use of such information or systems; and
- b)A Licensed Person must refer to Chapter 13 on General Security and Chapter 14 on Information Security for illustrative mitigating measures.
- 10.3.7Money Laundering/Terrorist Financing Risk
- a)Money laundering risk is the risk of the Licensed Person being involved in, whether deliberately or not, transforming the proceeds of a crime into apparently legitimate money or other assets. The risk on account of financing terrorism, directly or indirectly, is also included here; and
- b)Licensed Persons must refer to Chapter 16 on AML/CFT Compliance to understand the expectations of the Central Bank regarding measures to be implemented in order to prevent money laundering and to combat terrorist financing.
- 10.3.1Operational Risk
Chapter 11: Fraud Management
Introduction:
Fraud is a major challenge that the Licensed Person faces in its day to day operations. Fraud is an intentional deception for unfair or unlawful personal gain. Fraud is not always limited to obtaining cash and tangible benefits. This chapter outlines the minimum requirements of an Anti-Fraud Framework that every Licensed Person must introduce to prevent, detect, investigate and respond to fraud incidents.
11.1 Forms of Fraud
- 11.1.1Frauds are broadly classified into Internal and External Frauds which are defined below:
- a)Fraud carried out by individual(s) employed by the Licensed Person is called Internal Fraud; and
- b)Fraud committed by an external party against the business of the Licensed Person is referred to as External Fraud.
- 11.1.2Fraud normally includes the following acts, although the list is not exhaustive:
- a)Misappropriation;
- b)Misrepresentation:
- •Misrepresentation of Financial Statements; and
- •Misrepresentation of Non-Financial Statements.
- c)Corruption:
- •Bribery; and
- •Illegal gratuities.
- d)Misconduct:
- •Breach of internal policies and procedures; and
- •Breach of applicable Laws, Rules, Regulations, Notices and the Standards.
- e)Any other deliberate deception for unlawful personal gain.
- 11.1.3Throughout this chapter, the terminology “Fraud” includes all types of frauds mentioned under Paragraphs 11.1.1 and 11.1.2 of this Chapter.
- 11.1.1Frauds are broadly classified into Internal and External Frauds which are defined below:
11.2 Anti-Fraud Framework
- 11.2.1The Licensed Person must implement an appropriate Anti-Fraud Framework in order to prevent, detect, investigate and respond to fraud incidents; and
- 11.2.2The following are the four basic elements that must be included in the Anti-Fraud Framework at a minimum, depending on the nature, size and complexity of the Licensed Person:
Elements of an Anti-Fraud Framework - a)Preventive measures for reducing the risk of Fraud from occurring:
- •Tone at the top by the Board of Directors (or by the Owner/Partners where there is no Board of Directors) on zero tolerance of fraud;
- •Introduce Policies and Procedures including a Code of Conduct and a Fraud Prevention Policy;
- •Conduct Fraud Risk Assessment;
- •Appropriate access controls in sensitive areas, both physical and in IT systems;
- •Segregation of duties (e.g. introducing maker/checker controls);
- •Background screening before hiring employees;
- •Annual declaration completed by all employees to:
- oDisclose conflict of interest, if any; and
- oConfirm their understanding of the Code of Conduct.
- •Provide training to assist employees to prevent fraud and to maintain public confidence.
- b)Detection measures for discovering fraud when it occurs:
- •Accurate and timely account reconciliations;
- •Independent Audits/AUPs (e.g. by External Auditors);
- •Scrutinizing required documents prior to completing transactions;
- •System controls;
- •Systematic fraud detection tools (to be implemented only if the Licensed Person has more than 25 branches); and
- •Whistleblowing Policy (to be implemented only if the Licensed Person has more than 25 branches).
- c)Investigation Process that includes the following:
- •Laid down Procedures for investigating fraud incidents through research, followup, interviews or a formal procedure of discovery.
- d)Response
- •Immediate reporting of fraud incidents to the police authorities, FID and the Banking Supervision Department;
- •Recovery through legal action, insurance claim, criminal referrals, disciplinary action, etc.; and
- •Monitoring:
- oOngoing corrective actions to ensure that internal controls continue to operate effectively; and
- oOngoing updates to respective policies and procedures to reflect developments in the Licensed Person and its operational environment.
11.3 Roles and Responsibilities
- 11.3.1The Manager in Charge and the Board of Directors (or the Owner/Partners where there is no Board of Directors) of the Licensed Person have the overall responsibility to create a culture of zero tolerance to fraud and to oversee the implementation of the Anti-Fraud Framework;
- 11.3.2The Licensed Person must appoint or designate a Fraud Prevention Officer who must be responsible to design, implement and manage an appropriate Anti-Fraud Framework;
- 11.3.3Depending on the nature, size and complexity of the business, the Licensed Person may appoint a dedicated Fraud Prevention Officer or combine this role with another suitable function subject to the conditions under Paragraphs 7.2.4 (a) of Chapter 7, 16.4.7 (a) and 16.5.1 (g) of Chapter 16;
- 11.3.4The Licensed Person’s recruitment process must fulfil the requirements of Paragraph 8.2 of Chapter 8 at a minimum;
- 11.3.5Fraud investigations must be undertaken by a team that includes the Fraud Prevention Officer, Internal Auditor and the concerned functional head at a minimum. The Licensed Person must ensure that a person, who is suspected in relation to a fraud incident, is not involved in the investigation. The investigation report must be submitted to the Board of Directors (or to the Owner/Partners where there is no Board of Directors);
- 11.3.6The Licensed Person must consult the legal advisors (internal or external) before, during or after the investigation for guidance on civil and criminal proceedings and recovery of losses;
- 11.3.7The Human Resources Department of the Licensed Person must take disciplinary action against employees who are involved in perpetrating internal fraud;
- 11.3.8The Internal Auditor is responsible for:
- a)conducting Fraud Risk Assessments jointly with the Fraud Prevention Officer on an annual basis and submit the report to the Board of Directors (or to the Owner/Partners where there is no Board of Directors);
- b)reviewing the adequacy of related policies and procedures;
- c)confirming the availability of insurance cover to protect the interest of the Licensed Person;
- d)confirming the recruitment process is in line with Paragraph 8.2 of Chapter 8;
- e)confirming that appropriate anti-fraud trainings are given to employees; and
- f)confirming that fraud incidents are appropriately reported in accordance with Paragraph 11.4 of this Chapter.
11.4 Fraud Reporting
- 11.4.1All fraud incidents must immediately be reported to:
- 11.4.2Fraud incidents must be reported to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) immediately when the amount of loss is equal to or above AED 50,000. A summary of other fraud incidents must be sent to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) on a monthly basis, at a minimum.
11.5 Anti-Fraud Training
- 11.5.1The Licensed Person must ensure that:
- a)appropriate and documented anti-fraud training is provided to all employees;
- b)two such trainings are provided to employees during the first year of their employment and annual training is given thereafter;
- c)training is provided to prevent fraud incidents from taking place at the Licensed Person’s business;
- d)training covers fraud typologies, fraud detection, fraud prevention, the Licensed Person’s policies/procedures and reporting procedures at a minimum; and
- e)employees are assessed annually to test their understanding of fraud prevention measures.
- 11.5.2Anti-fraud training may be in-house, external/outsourced, web based or a combination of all these.
- 11.5.1The Licensed Person must ensure that:
11.6 Fraud Incidents Register
- 11.6.1The Licensed Person must maintain appropriate register to record the following information about fraud incidents and this register must be available for the verification by the Central Bank Examiners during an examination:
- a)Date of fraud incident;
- b)Brief description of the fraud incident;
- c)Parties involved;
- d)Amount of loss;
- e)Was the loss covered by insurance or not?
- f)Date of reporting to the police, FID and the Banking Supervision Department;
- g)Other actions taken; and
- h)Disciplinary actions taken, if applicable.
- 11.6.2A review of Fraud Incident Register must be carried out at the end of every financial year to identify the anti-fraud training needs of employees for the following year.
- 11.6.1The Licensed Person must maintain appropriate register to record the following information about fraud incidents and this register must be available for the verification by the Central Bank Examiners during an examination:
Chapter 12: Counterfeit Currency Reporting
Introduction
Counterfeit money is an imitation currency produced without any legal sanction of the Government. Producing, circulating or using counterfeit money is a form of fraud/forgery and is a criminal offence. This chapter provides the minimum standards that every Licensed Person must implement to detect counterfeit currencies and report such incidents to the competent authorities.
12.1 Procedures for Handling Counterfeit Currencies
- 12.1.1The Licensed Person must introduce robust procedures to detect counterfeit currencies and report such incidents to the competent authorities. Such procedures must include the following at a minimum:
- a)Methods of undertaking checks to detect counterfeit currencies;
- b)Usage of devices for checking currencies;
- c)Internal reporting procedures for counterfeit incidents;
- d)External reporting procedures (for reporting counterfeit incidents to the competent authorities such as police and to the Central Bank);
- e)Maintain appropriate registers to record counterfeit incidents; and
- f)Provide counterfeit detection training to relevant employees.
- 12.1.2The counterfeit currency procedures must be approved by the Manager in Charge; and
- 12.1.3The effectiveness of the counterfeit procedures must be reviewed at the end of every financial year and then the procedures must be updated if necessary.
- 12.1.1The Licensed Person must introduce robust procedures to detect counterfeit currencies and report such incidents to the competent authorities. Such procedures must include the following at a minimum:
12.2 Counterfeit Currency Detection Machines
- 12.2.1Each licensed premises must have counterfeit detection machines and ultraviolet lamps (i.e. UV lamps);
- 12.2.2Counterfeit detection machines must be programed to check five (5) major currencies, at a minimum, including the local currency; and
- 12.2.3The software programs of such machines must be regularly updated in order to ensure the effectiveness of the counterfeit detection process.
12.3 Counterfeit Identification Training
- 12.3.1The Licensed Person must ensure that:
- a)properly documented periodical training is provided to all employees handling cash;
- b)training is provided to detect counterfeits, both in local as well as in foreign currencies;
- c)the training material covers complete counterfeit detection procedures, internal/external reporting procedures and identification features of relevant currencies that the Licensed Person may usually buy or sell across its branches;
- d)two such trainings are provided to employees during the first year of their employment and annual training is given thereafter; and
- e)identification features of newly introduced currencies, whether local or foreign, must be communicated immediately to all relevant employees.
- 12.3.2Counterfeit identification training may be in-house, external/outsourced, web based or a combination of all these;
- 12.3.1The Licensed Person must ensure that:
12.4 Counterfeit Currency Reporting
- 12.4.1The Licensed Person must ensure that:
- a)all counterfeit incidents are reported to the police authorities of the respective Emirate where the incident has occurred;
- b)all counterfeit currency cases are reported to the FID as a fraud case via the STR reporting system;
- c)all local currency counterfeit incidents, irrespective of the value of counterfeits, must be immediately reported to the Banking Supervision Department using the “Counterfeit Incident Reporting (CIR) Form” (Refer to Appendix 5 for CIR Form); and
- d)foreign currency counterfeit incidents, where the total value of counterfeits in a single transaction or multiple transactions by the same person is equal to or above AED 36,000, must be reported immediately to the Banking Supervision Department using CIR Form (Refer to Appendix 5 for this Form).
- 12.4.1The Licensed Person must ensure that:
12.5 Counterfeit Currency Register and Annual Review
- 12.5.1The Licensed Person must ensure that:
- a)an appropriate register is maintained to log full details of every counterfeit currency incident; and
- b)a review of such Counterfeit Currency Register is carried out at the end of every financial year to identify the training needs of employees for the following year.
- 12.5.1The Licensed Person must ensure that:
12.6 Internal Audit
- 12.6.1The scope of internal audit must include the effectiveness of counterfeit detection, reporting and training procedures.
Chapter 13: General Security
Introduction
Security is an important aspect of Exchange Business and Licensed Persons must comply with below security standards at a minimum. Depending upon the nature, size and complexity of the business and the level of risk, the Licensed Person must introduce additional security measures wherever necessary. Further, the Licensed Person must ensure that it complies with all security requirements of the police or other competent authorities in the respective Emirate.
13.1 Entrance to the Licensed Premises
- 13.1.1The main door of the licensed premises must be well protected by appropriate metal shutters during closing hours;
- 13.1.2Where there are difficulties to use metal shutters as required under Paragraph 13.1.1 of this Chapter due to unavoidable leasing conditions (example: licensed premises inside an Airport or a Shopping Mall), the Licensed Person must introduce appropriate additional security measures to protect its assets; and
- 13.1.3Other external doors of the licensed premises must be protected with metal shutters.
13.2 Panic Alarm Systems
- 13.2.1Panic alarm systems and intrusion detection systems must be in place;
- 13.2.2Both panic alarm and intrusion detection systems must comply with all requirements of the police or any other competent authorities of the respective Emirate, at a minimum;
- 13.2.3Kick bars and/or hold up buttons for the panic alarm systems must be available throughout the cashier/teller areas, office room of the Manager in Charge and other back offices;
- 13.2.4Panic alarm systems and intrusion detection systems must be tested at regular intervals, at least once in a year; and
- 13.2.5The panic alarm systems and intrusion detection systems must be under an Annual Maintenance Contract from a recognised service provider in the respective Emirate.
13.3 Safe/Vault and Cash
- 13.3.1Cash, other than the amount required by tellers during working hours, must be held in the Safe/Vault;
- 13.3.2The Safe/Vault must be firmly secured on a solid floor;
- 13.3.3The Safe/Vault must always be kept out of sight of customers or general public;
- 13.3.4The Safe/Vault must be held/operated under joint custody of two people (i.e. under dual control) at all times, preferably, with one key and a code/biometric lock;
- 13.3.5Cash movements outside the licensed premises must be carried out through an approved Cash In Transit (CIT) agent;
- 13.3.6Customers, strangers or other outside parties must not be given access inside the teller areas, cash room where the banknotes are sorted/counted, Safe/Vault room and other back offices, etc. without having an appropriate justification; and
- 13.3.7Appropriate registers must be maintained to log the details of visitors who access teller areas, the cash room, Safe/Vault room and back offices.
13.4 CCTV
- 13.4.1Licensed premises must be under CCTV monitoring at all times. The CCTV system and cameras must meet requirements of the police or other competent authorities of the respective Emirate;
- 13.4.2CCTV recordings of immediately preceding ninety (90) calendar days must be available in the system, at a minimum. If the police or other competent authorities of the respective Emirate require more than ninety (90) calendar days of CCTV recordings, then the Licensed Person must comply with such requirements;
- 13.4.3CCTV cameras must cover, at a minimum:
- a)All entrances and exits;
- b)Customer service areas, such as reception, service counter, visitors’ sitting area, etc.;
- c)Cashier areas or cash room where the banknotes are sorted, counted and packed; and
- d)Safe/Vault area.
- 13.4.4A notice that “Premises Under Continuous CCTV Monitoring” must be displayed outside the licensed premises (i.e. on or closer to the main entrance) in addition to the customer service area;
- 13.4.5The CCTV system must be checked daily to confirm that it is properly recording before the opening as well as the closing of business hours and the results of such checks must be logged in a separate register; and
- 13.4.6The CCTV system must be under an Annual Maintenance Contract from a recognised service provider of the respective Emirate.
13.5 Insurance Policy
- 13.5.1The Licensed Person must at all times be fully covered by a valid insurance policy issued by an insurance company licensed within the UAE. The following insurance cover must be available, at a minimum:
- a)Various risks related to internal and external frauds (i.e. Bankers Blanket Bond Insurance/Crime Insurance). Employees infidelity/dishonesty, counterfeit incidents, theft and allied risks must be adequately covered including the cash in the Safe/Vault, cash with the teller and cash in transit;
- b)Electronic/Computer Crimes (ECC) and Cyber Crimes;
- c)Electronic Equipment;
- d)Fire, theft and other allied risks; and
- e)Third party liabilities.
- 13.5.1The Licensed Person must at all times be fully covered by a valid insurance policy issued by an insurance company licensed within the UAE. The following insurance cover must be available, at a minimum:
13.6 Branch Limits for Instant Money Transfers
- 13.6.1The Licensed Person must set branch wise daily limits for the total value of remittances that can be executed via an instant money transfer service provider;
- 13.6.2Such daily limits must be set in each instant money transfer application/system based on the expected daily activity of each branch of the Licensed Person;
- 13.6.3There must be a written procedure to increase such daily limits to meet the growing business requirements of each branch by introducing an escalation process seeking the approval of the Manager in Charge in such occasions;
- 13.6.4The daily limits must be reviewed on a regular basis to ensure that such limits are not disproportionately higher than the expected daily activity of each branch; and
- 13.6.5Internal Auditor must verify and confirm that the set daily limits are appropriate to the size of the business of each branch of the Licensed Person.
Chapter 14: Information Security
Introduction
Computer systems are used by Licensed Persons to process large numbers of transactions and provide quality service to its customers. While efficiency of processing transactions is the main objective of computerizing operations of a Licensed Person, the security of customer information and related transaction data is vital. Licensed Persons must not compromise in introducing information security measures appropriate to the complexity and size of their business. This Chapter contains a few illustrative (but not exhaustive) security measures which all Licensed Persons must implement at a minimum at all times. Additional measures must be introduced depending on the size and the complexity of the business and considering the results of penetration tests and IT audits by external experts.
14.1 Email Systems
- 14.1.1Independent email exchange systems must be in use for all official communications by the Licensed Person and its employees. Public emails (example: Yahoo, Gmail, etc.) must not be used under any circumstances;
- 14.1.2The Licensed Person must have a dedicated email ID styled cbuae@abcexchange.com or cbuae@abcexchange.ae for communicating with the Central Bank. The Central Bank will restrict sending or receiving communications only to/from such designated emails IDs;
- 14.1.3The Licensed Person must inform their designated email ID to the Banking Supervision Department in writing under the signature of its authorized signatory; and
- 14.1.4Employees must be prohibited from using office computer systems for accessing private emails, social networking sites or websites that are not related to the business, (example: Yahoo, Gmail, Hotmail, Facebook, etc.).
14.2 Information Security Policy
The Standards for the Regulations Regarding Licensing and Monitoring of Exchange Business - 14.2.1An Information security policy must be implemented prescribing controls on usage of emails, internet browsing, passwords, workstations, data communication, network security, etc.;
- 14.2.2The Information security policy must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors) and must be communicated to all employees and obtain their acknowledgement; and
- 14.2.3Information security policy must be reviewed annually at a minimum.
14.3 Users
- 14.3.1All User IDs in the Point of Sale system, email and computer systems must be created only by the designated IT person;
- 14.3.2A Separate user ID must be created for each employee and users shall not be allowed to share their User IDs in order to preserve the segregation of duties;
- 14.3.3“Administrator rights” must be restricted only to authorized IT persons and must be restricted in number;
- 14.3.4User names of employees who resign must be de-activated immediately upon them leaving the Licensed Person;
- 14.3.5Emails of an employee, who has resigned, may be diverted to another employee, if necessary, with the special approval of the Manager in Charge and this must be covered in the IT policy; and
- 14.3.6Privileges assigned to the users must be reviewed at regular intervals and ensure the timely removal of unnecessary privileges.
14.4 Passwords
- 14.4.1Work stations and all applications must have appropriate and needs based access controls with user names and passwords;
- 14.4.2The password must be of sufficient length, preferably eight digits or above, and must be alpha numeric with special characters;
- 14.4.3Mandatory “Password Change” settings must be activated in all systems and applications. The password change for normal users must be at least once in ninety (90) calendar days and thirty (30) calendar days in the case of Administrators; and
- 14.4.4“Auto Password Save” option must not be activated on any PC or in any work stations or for any applications.
14.5 Data Movement, Database and Back-up
- 14.5.1Where the data is shared outside of own network or when the data is related to any card transactions, the Licensed Person must use stronger encryption techniques to suitably encrypt such data;
- 14.5.2The customer and transaction database must be held/stored within the UAE;
- 14.5.3Outside parties must not be given access to the customer/transaction database which must be held completely proprietary at all times. Restricted access may be given to the IT service provider, in case the IT function is outsourced, to carry out maintenance of computer hardware, network or applications;
- 14.5.4Appropriate policies must be introduced for the back-up and off-site storage of back-up data of all enterprise servers, databases, network servers and system software;
- 14.5.5The Licensed Person must have a procedure for the back-up of systems that may include details of back-up frequency, information to be backed-up, storage media, back-up retention period, recirculation of the media and periodical testing of the back-up copies for data availability; and
- 14.5.6Disaster Recovery (DR) drills must be conducted at regular intervals to ensure that the DR set-up is functional.
14.6 Antivirus Solutions
- 14.6.1All computer systems including servers, work stations, personal computers (PCs), laptops and other handheld devices must have appropriate anti-virus solutions to prevent information loss due to viruses, Trojans, worms and bots;
- 14.6.2Anti-virus solutions on all computer systems must be updated automatically;
- 14.6.3Daily automated antivirus scanning must be activated for every computer system and at the network level;
- 14.6.4Anti-virus configuration settings must be comprehensive and robust to prevent vulnerabilities from all external interferences, malicious attacks and intrusions;
- 14.6.5Antivirus scanning must be undertaken automatically at regular intervals;
- 14.6.6All incoming and outgoing emails with files attached must be auto screened before the mail reaches the end user mail box. In case of doubt, the system must block such emails and automatically notify the IT team to carry out further investigation; and
- 14.6.7Users must not be given privileges to alter the settings of the antivirus solutions.
14.7 IT Training
- 14.7.1All employees must be given training related to Information Security and a copy of the Information Security Policy at the time of joining;
- 14.7.2Refresher training must be given annually at a minimum;
- 14.7.3Employees of the Information Security Department must be provided with specialized annual training to remain updated with recent trends, threats and required controls in information security; and
- 14.7.4The training plan, training registers, training materials, etc. must be held in the records for verification by the Central Bank.
14.8 System Changes
- 14.8.1All changes to the hardware, software, applications, databases, configuration, etc. must be subject to the formal change control procedures;
- 14.8.2Changes to the application systems must be carried out only in accordance with approved change request process and subject to a formal risk assessment process; and
- 14.8.3All changes must be tested under all possible scenarios before adding them into production.
14.9 Audit and Testing
- 14.9.1The Licensed Person must conduct internal and external vulnerability scanning and penetration tests on the network and systems on an annual basis at a minimum and take appropriate mitigating actions in order to address the issues identified during such tests; and
- 14.9.2The strength of the information security controls and IT Security controls must be audited by external experts at regular intervals, annually at a minimum, depending on the nature, size and complexity of the business.
14.10 General Requirements and Reporting Processes
- 14.10.1The privilege to download software (licensed and not free or pirated software) must be given only to the designated IT person. Users of computers must not be allowed to download any software to computers;
- 14.10.2The “Auto-logout” feature must be activated for all applications related to the business of the Licensed Person when they are not in use;
- 14.10.3The “Auto-lock” feature must be available by using a screen saver password on all work stations or operating systems when they are not in use;
- 14.10.4Appropriate Firewall systems and protection must be available for PCs, Servers, Operating Systems, Database and network equipment;
- 14.10.5All the Operating systems, server machines, hardware equipment, system software, applications, utility programs, anti-virus programs must be licensed by the respective vendor at all times along with valid agreements;
- 14.10.6The Licensed Person must review all warning notices issued by the Central Bank on cyber threats and take necessary actions immediately to ensure adequate protection to its computer systems against such threats; and
- 14.10.7Cyber fraud/crime incidents must be immediately reported to the Banking Supervision Department and police authorities.
Chapter 15: Business Continuity Management
Introduction
Business Continuity Management is to ensure timely resumption of the Licensed Person’s business in the event of a disruption by minimising the consequential damages. The Licensed Person must implement appropriate Business Continuity Management and comply with the following standards at a minimum.
15.1 Business Continuity Management
- 15.1.1The Licensed Person must identify, define and analyse all types of risk that may result in a business disruption and assess the impact thereof; and
- 15.1.2The Licensed Person must implement an appropriate Business Continuity Plan to ensure the continuity of the business during a disruption.
15.2 Business Continuity Plan (BCP)
- 15.2.1Business Continuity Plan must include:
- a)Identification and assessment of potential crises, disasters and risks including their impact on the business;
- b)Ways and means to deal with such crises, disasters and risks;
- c)Plans to provide protection to the Licensed Person and its employees in case of unforeseen disasters;
- d)Plans to avoid suspension of operations or plans to minimize the period of suspension of operations to minimise losses;
- e)Tools and processes for storing sensitive information and the recovery thereof to avoid loss of information during the occurrence of disasters; and
- f)Guidelines to contact relevant authorities and partners (i.e. the Central Bank, foreign correspondents, etc.) to inform them about the disaster and suspension of operations, if necessary.
- 15.2.2The Licensed Person must follow the below standards while implementing the Business Continuity Plan:
- a)A sufficient number of experienced employees must be available for the purpose of recovery and resumption of the business;
- b)Roles, responsibilities and powers of employees in relation to the Business Continuity Plan must be clearly defined;
- c)Resumption priorities must be clearly agreed and documented; and
- d)Appropriate training must be provided to employees for the effective implementation of the Business Continuity Plan.
- 15.2.1Business Continuity Plan must include:
15.3 BCP Testing
- 15.3.1Testing of the Business Continuity Plan must be undertaken at regular intervals in order to assess the capability of the Licensed Person to resume business after a disruption;
- 15.3.2Accordingly, the Licensed Person must:
- a)Test the Business Continuity Plan at least annually;
- b)Testing must also be undertaken considering any key changes in the business model, products, systems and relevant infrastructure; and
- c)Testing details and results must be documented for verification by the Central Bank Examiners during an examination.
- 15.3.3Testing results must be reviewed by the Manager in Charge and by the Board of Directors (or by the Owner/Partners where there is no Board of Directors); and
- 15.3.4The Business Continuity Plan must be reviewed and updated based on the results of such testing.
D. Anti-Money Laundering Compliance Standards
Chapter 16: AML/CFT Compliance
Definitions
“AML/CFT Program” means the policies, procedures, systems, controls, etc. introduced by a Licensed Person to prevent Money Laundering and Financing of Terrorism. “AML/CFT Supervision Department” means the AML/CFT Supervision Department at the Central Bank of the UAE. “Banking Supervision Department” means the Banking Supervision Department at the Central Bank of the UAE. “Beneficial Owner (BO)” means the ‘Natural Person’ who ultimately owns or exercises effective control, directly or indirectly, over a customer or the natural person on whose behalf a transaction is being conducted, or the natural person who exercises effective ultimate control over a legal person or legal arrangement, as per Cabinet Decision No. (10) of 2019 concerning the Implementing Regulation of Federal Decree Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations. “Central Bank” means the Central Bank of the United Arab Emirates. “Exchange Business” means: - Dealing in sale and purchase of foreign currencies and travelers cheques; - Executing remittance operations in local and foreign currencies; - Payment of wages through establishing a link to the operating system of “wages protection system” (WPS); and - Other products and services approved by the Central Bank. “Exchange House” means a juridical person licensed in accordance with the provisions of Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organisation of Financial Institutions and Activities to carry on money exchange activity, and conduct funds transfers within and outside the UAE, and any other businesses determined by the Central Bank. “FIU” means the Financial Intelligence Unit (FIU) of the UAE. “Instant money transfer service provider” means a money remitting institution licensed and regulated by an appropriate Regulator in its home country who will have necessary proprietary software applications and infrastructure to transfer funds instantly from an agent in one country to an agent in another country and/or domestically. “Legal Arrangement” means a relationship established by means of a contract between two or more parties which does not result in the creation of a legal personality. Examples include trusts or other similar arrangements. Many legal arrangements allow for ownership, control, and enjoyment of funds to be divided between at least two different persons. “Legal Person” means any entities other than natural persons that can establish in their own right a permanent customer relationship with a financial institution or otherwise own property. This can include companies, bodies corporate, foundations, partnerships, or associations along with similar entities. “License” means license issued by the Central Bank for carrying out Exchange Business. “Licensed Person” means any Exchange House licensed by the Central Bank to carry out Exchange Business. “ML/FT” means the Money Laundering or Financing of Terrorism as defined in the Federal Decree Law No (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations. “Natural Person” means an individual. “Politically Exposed Person” (PEP) means natural persons who are or have been entrusted with a prominent public function in the UAE or any other foreign country such as heads of states or governments, senior politicians, senior government officials, judicial or military officials, senior executive managers of state-owned corporations, and senior officials of political parties, and persons who are, or have previously been, entrusted with the management of an international organization or any prominent function within such an organization; and the definition also includes the following: 1. Direct family members (of the PEP who are spouses, children, spouses of children, parents) 2. Associates known to be close to the PEP, which include: a. Individuals having joint ownership rights in a legal person or arrangement or any other close business relationship with the PEP; b. Individuals having individual ownership rights in a legal person or arrangement established in favor of the PEP. “Purpose of transaction” means an explanation about why a customer is conducting a transaction or the reason for which the funds will be used. Examples of purpose of transaction are: family support, education, medical, tourism, debt settlement, financial investment, direct investment, or trading etc. For verification of the purpose of transaction, documents may include any documentation proving the purpose for which the money will be used. “Shell bank” means a bank that has no physical presence in the country in which it is incorporated and licensed, and which is unaffiliated with a regulated financial group that is subject to effective consolidated supervision. “Source of funds” means how the money, involved in the transaction, was originally derived or earned. Examples of source of funds are: salary, wages, inheritance, gratuity, end of service benefits, bank loan, income from businesses, sale of property, sale of land, sale of investments, etc. For verification of the source of funds, documents include but are not limited to salary slip, labor contract, court order, bank statements, etc. Introduction
This chapter provides standards that every Licensed Person must follow at all times in order to protect the Licensed Person from abuse by money launderers and/or terrorist financiers. The Licensed Person must ensure that its Anti-Money Laundering and Combating Financing of Terrorism (AML/CFT) Program is in line with applicable Laws and Regulations of the UAE regarding Money Laundering and the Financing of Terrorism (“AML/CFT Laws and Regulations”), in particular Federal Decree Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations (“the AML-CFT Law”) and its amendment (Federal Decree Law No. (26) of 2021 amending certain provisions of Federal Decree Law No. 20 for 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations) and the Cabinet Decision No. (10) of 2019 concerning the Implementing Regulation of Federal Decree Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations (“the AML-CFT Decision”)1. Furthermore, please refer to the Central Bank’s Guidance for Licensed Exchange Houses2.
1Available at https://www.centralbank.ae/en/cbuae-amlcft
2 Idem.16.1 AML/CFT Program
16.1.1 The Licensed Person must carefully design, document and effectively implement its AML/CFT Program based on the Standards in this Chapter at a minimum and the results of its ML/FT risks assessment in accordance with Paragraph 16.2; and
16.1.2 The Licensed Person must implement additional AML/CFT procedures, systems, controls and measures as appropriate to the risk profile of its business.
16.2 ML/FT Risk Assessment
16.2.1 The Licensed Person must identify, assess and understand the ML/FT risks associated with its business and perform this enterprise wide ML/FT risk assessment on a regular basis;
16.2.2 The Licensed Person must implement a ML/FT risk assessment methodology appropriate to the nature, size and complexity of its business;
16.2.3 Money laundering and terrorist financing risks associated with the following parameters of the Licensed Person must be assessed at a minimum:
a) Customer Risk; b) Counterparty Risk (i.e. foreign correspondent banks, financial institutions, agents, etc.); c) Product Risk; d) New Technologies Risk; e) Jurisdictional Risk or Country Risk; and f) Delivery Channel Risk or Interface Risk.
16.2.4 The Licensed Person must identify and assess ML/FT risks based on additional parameters that may be relevant to the nature, size and complexity of its business before entering into any business relationships;
16.2.5 In assessing ML/FT risks, the Licensed Person must have the following in place:
a) Documented risk assessment methodology, process and findings; b) Determine the level of overall risk, acceptable level of risk and mitigating measures to be applied to minimise the impact of risks; c) Document a written risk appetite statement that clearly identifies the acceptable level of risk, and maintain the risk appetite statement up to date through periodic reviews; d) Maintain risk assessments up-to-date through periodic reviews and annually at a minimum; and e) Establish appropriate mechanisms to provide information on risk assessments to the Central Bank and to its examiners, whenever required.
16.2.6 The Licensed Person should also be guided by the results of the National Risk Assessment in conducting its own ML/FT risk assessments which has been issued by the competent authority in the UAE, and will be updated periodically in future; and
16.2.7 The Licensed Person must identify and assess the ML/FT risks that may arise in relation to the development of new products and services including new delivery mechanisms and the use of new or developing technologies for both new and existing products, as follows:
a) Undertake the risk assessment prior to the launch or use of such products, services and technologies; b) Take appropriate measures to manage and mitigate risks; c) Notify the Banking Supervision Department via email to info.ehs@cbuae.gov.ae of the product and its risks and risk mitigation measures; and d) Obtain a Letter of No Objection from the Banking Supervision Department prior to launching the product.
16.3 AML/CFT policies and procedures
16.3.1 The Licensed Person must introduce a comprehensive and documented AML/CFT policy, based on its ML/FT risk assessment in accordance with Paragraph 16.2 of this Chapter, which must be the foundation of its compliance function;
16.3.2 The AML/CFT policy must clearly define the roles and responsibilities of the Manager in Charge, Compliance Officers, Compliance Committee and employees in relation to AML/CFT compliance. The AML/CFT policy must also provide for regular and timely reporting to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) regarding ML/FT risks and the culture/values to be adopted within the business of the Licensed Person to prevent money laundering, terrorist financing and related crimes;
16.3.3 The AML/CFT policy must affirm the roles and responsibilities of the Board of Directors (if any) and of the Owner/Partners/Shareholders in relation to implementing a robust AML/CFT Program across the business of the Licensed Person;
16.3.4 Effective AML/CFT procedures must also be implemented for employees to follow while they carry out their day to day responsibilities in order to ensure that ML/FT risks are mitigated in the day to day operations of the Licensed Person;
16.3.5 The AML/CFT policy and procedures must be based on the UAE’s existing AML/CFT Laws, Regulations, Notices and the Standards as well as international best practices and guidance notes from the FATF, MENAFATF, EGMONT Group and other similar bodies;
16.3.6 The AML/CFT policy and procedures must be approved by the Manager in Charge, the Compliance Officer and by the Board of Directors (or by the Owner/Partners where there is no Board of Directors);
16.3.7 The AML/CFT policy and procedures must be reviewed and updated, annually at a minimum, to make it consistent with all applicable Laws, Regulations, Notices, the Standards and other international best practices and to make it effective in mitigating the existing as well as emerging ML/FT risks;
16.3.8 Copies of the AML/CFT policy and procedures must be held in all Licensed Premises and be accessible to all employees at all times;
16.3.9 The AML/CFT policy and procedures must be circulated among all employees upon the completion of periodical reviews; and
16.3.10 The AML/CFT policy and procedures must apply to all branches, subsidiaries and affiliated entities in which the Licensed Person holds a majority interest (i.e, greater than 50%).
16.4 Appointment of the Compliance Officer
16.4.1 The Licensed Person must appoint a Compliance Officer who must be given the specific responsibility of managing its AML/CFT compliance function;
16.4.2 The Compliance Officer of the Licensed Person must:
a) be a member of Senior Management; b) report directly to the Board of Directors (or to the Owner/Partners where there is no Board of Directors); c) be provided with sufficient resources including time, systems, tools and support staff depending on the nature, size and complexity of its business; and d) be provided with unrestricted access to all information related to products or services, business partners, correspondent agents, remittance partners, customers and transactions.
16.4.3 The following are some of the major responsibilities of the Compliance Officer (not exhaustive):
a) Design an appropriate AML/CFT Program for the Licensed Person to remain compliant with applicable AML/CFT Laws, Regulations, Notices, the Standards and international best practice at all times; b) Develop, or oversee the development of, the institution’s AML/CFT risk assessment; c) Establish and maintain appropriate AML/CFT policies, procedures, processes and controls; d) Ensure day-to-day compliance of the business against internal AML/CFT policies and procedures; e) Act as the key contact point regarding all AML/CFT related matters/queries from the Central Bank, FIU, and any other competent authorities; f) Receive suspicious transaction or activity alerts from employees and analyze them to take appropriate decisions to report all suspicious cases to the FIU; g) On-going monitoring of transactions to identify high-risk, unusual and suspicious customers/transactions, and ensuring that transaction monitoring systems are appropriate and functioning as designed; h) Submit Suspicious Transaction Reports (STR), Suspicious Activity Reports (SAR) or other report types without any delay to the FIU ; i) Cooperate with and provide the FIU with all information it requires for fulfilling their obligations; j) Develop and execute AML/CFT training programs considering all relevant risks of ML/FT and financing illicit organizations including the ways/means for addressing them; k) Provide necessary reports to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) on all AML/CFT issues, on a quarterly basis at a minimum; l) Arrange to retain all necessary supporting documents for transactions, KYC, monitoring, Suspicious Transaction Reporting and AML training for the minimum period for record retention as per Paragraph 16.29 of this Chapter; m) Conduct regular gap analysis between the Licensed Person’s existing AML/CFT Procedures and the most current Laws, Regulations, Notices and the Standards of the UAE in order to determine the extent of the Licensed Person’s level of compliance; n) Propose actions required to address gaps, if any; and o) Prepare Bi-Annual Compliance Reports in accordance with Paragraph 16.30 of this Chapter.
16.4.4 The Compliance Officer must have the following qualifications and experience at a minimum:
a) If the Licensed Person is in possession of a Category A License:
• A minimum of three (3) years of experience in AML/CFT compliance, audit or risk management within any financial institution(s).
b) If the Licensed Person is in possession of either a Category B or Category C License:
• A minimum of eight (8) years of experience in AML/CFT compliance, audit or risk management within any financial institution(s); or • A minimum of five (5) years of experience in AML/CFT compliance, audit or risk management within any financial institution(s) and possess a specific certification related to AML/CFT compliance.
c) Examples of specific certifications related to AML/CFT compliance includes ACFCS, CFE, ICA Diplomas, CAMS or any other certification associated with financial crime control or AML/CFT compliance which is acceptable to the Central Bank; and
d) The Compliance Officer, in all above cases, must possess sound knowledge of all applicable AML/CFT Laws, Regulations, Notices, the Standards and other relevant international best practices.
16.4.5 Employment Type and Residential Status of the Compliance Officer:
a) The Compliance Officer must be a full time employee of the Licensed Person; b) The Compliance Officer must not engage in any part time employment or act as a consultant outside the business of the Licensed Person; c) The Compliance Officer must be a resident in the UAE; and d) A foreign national must be under the employment visa of the Licensed Person when employed as a Compliance Officer.
16.4.6 Conflict of Interest in Multiple Roles:
The role of Compliance Officer must not be combined with any other functions of the Licensed Person and must be limited to tasks related to AML/CFT compliance.
16.4.7 Reporting Lines and Independence:
a) The Compliance Officer must directly report to the Board of Directors (or to the Owner/Partners where there is no Board of Directors); and
b) The Compliance Officer must have authority to act without any interference from the Manager in Charge or other employees of the Licensed Person.
16.4.8 Prior Approval for Appointment:
a) A Letter of No Objection must be obtained for appointing a Compliance Officer by submitting the following documents to the Banking Supervision Department via email to smp@cbuae.gov.ae (with copy to info.ehs@cbuae.gov.ae and amlcft@cbuae.gov.ae):
• Letter from the authorized signatory of the Licensed Person seeking the Letter of No Objection from the Central Bank; and
• Undertaking letter from an authorized signatory of the Licensed Person confirming the binding commitment of the Compliance Officer and the Licensed Person to comply with Paragraphs 16.4.5, 16.4.6 and 16.4.7 of this Chapter.
b) The duly completed Authorised Person’s Appointment Form (“APA Form”, Refer to Appendix 5 for this Form) along with all other required supporting documents must be sent to smp@cbuae.gov.ae (with copy to info.ehs@cbuae.gov.ae and amlcft@cbuae.gov.ae);
c) Central Bank shall conduct a fit and proper test on the proposed Compliance Officer of the Licensed Person.The Central Bank reserves the right to:
• interview the proposed Compliance Officer as part of the fit and proper test, if it deems it necessary; and
• issue or decline the approval for the proposed Compliance Officer.
d) In case the prior approval request is rejected by the Central Bank, the Licensed Person must propose a new Compliance Officer within the timeline provided by the Central Bank in the Letter of Rejection. If a specific timeline is not provided in the Letter of Rejection, then the Licensed Person must propose a new Compliance Officer within a period of ninety (90) calendar days from the date of Letter of Rejection; and
e) Once the Compliance Officer has formally commenced employment, details of the Compliance Officer must be provided to the Banking Supervision Department and the AML/CFT Supervision Department of the Central Bank via email respectively to smp@cbuae.gov.ae (with copy to info.ehs@cbuae.gov.ae) and amlcft@cbuae.gov.ae. The notification must be made within two working days from the date the Compliance Officer commences employment.
16.4.9 Resignation of the Compliance Officer and Notification to the Central Bank:
a) The Licensed Person must notify the Banking Supervision Department and the AML/CFT Supervision Department, within five (5) working days of the date of resignation of the Compliance Officer or the date upon which the position becomes vacant in any other manner with reasons thereof via email respectively to info.ehs@cbuae.gov.ae and amlcft@cbuae.gov.ae;
b) The Licensed Person must propose a permanent replacement, within a period of ninety (90) calendar days from the date when the position of the Compliance Officer falls vacant, by submitting a request of No Objection to the Banking Supervision Department (Refer to Paragraph 16.4.8 of this Chapter for more information); and
c) The Alternate Compliance Officer must be available to ensure the continuity of the AML/CFT compliance function during the period when the Compliance Officer’s position is vacant.
16.4.10 Outsourcing of Compliance Function:
The Licensed Person must not outsource the role of the Compliance Officer nor the entire compliance function under any circumstances. However, the Licensed Person is permitted, under certain circumstances, to outsource some specific AML compliance tasks after obtaining the Letter of No Objection from the Banking Supervision Department. Please refer to Paragraph 9.1.2 (a) of Chapter 9.
16.4.11 Removal of the Compliance Officer:
a) The Central Bank reserves the right to remove the Compliance Officer of a Licensed Person at its sole discretion; b) The Licensed Person, in such cases, must comply with Paragraph 16.4.9 (b) of this Chapter; and c) The Central Bank reserves the right to communicate or not to communicate reasons to the Licensed Person for its decision to remove the Compliance Officer.
16.5 Appointment of the Alternate Compliance Officer
16.5.1 The Licensed Person must appoint an Alternate Compliance Officer to strengthen the AML/CFT compliance function subject to the following conditions:
a) The Alternate Compliance Officer must be a full time employee of the Licensed Person; b) The Alternate Compliance Officer must not engage in any part time employment or act as a consultant outside the business of the Licensed Person; c) The Alternate Compliance Officer must be a resident in the UAE; d) A foreign national must be under the employment visa of the Licensed Person when employed as an Alternate Compliance Officer; e) The Alternate Compliance Officer must directly report to the Compliance Officer or to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) during the absence of the Compliance Officer; f) The Alternate Compliance Officer must have authority to act without any interference from the Manager in Charge or other employees of the Licensed Person; g) If the Licensed Person is in possession of either a Category B or Category C License, the role of its Alternate Compliance Officer must not be combined with any other function of the Licensed Person and must be limited to tasks related to AML/CFT compliance; and h) If the Licensed Person is in possession of a Category A License, the role of its Alternate Compliance Officer may be combined with any other function of the Licensed Person which does not create any conflict of interest.
16.5.2 Prior Approval for the Appointment:
a) A Letter of No Objection must be obtained for appointing an Alternate Compliance Officer by submitting the following to the Banking Supervision Department via email to smp@cbuae.gov.ae (with copy to info.ehs@cbuae.gov.ae and amlcft@cbuae.gov.ae):
• Letter from the authorized signatory seeking the Letter of No Objection from the Central Bank; and
• Undertaking letter from the authorized signatory of the Licensed Person confirming the binding commitment of the Alternate Compliance Officer and the Licensed Person to comply with Paragraphs 16.5.1 (a) to (g) of this Chapter.
b) The duly completed APA Form (Refer to Appendix 5 for this Form) along with all other required supporting documents must be sent to smp@cbuae.gov.ae (with copy to info.ehs@cbuae.gov.ae and amlcft@cbuae.gov.ae).
c) The Central Bank shall conduct a fit and proper test on the proposed Alternate Compliance officer of the Licensed Person. The Central Bank reserves the right to:
• interview the proposed Alternate Compliance Officer as part of the fit and proper test, if it deems it necessary; and
• issue or decline the approval for the proposed Alternate Compliance Officer.
d) In case the prior approval request is rejected by the Central Bank, the Licensed Person must propose a new Alternate Compliance Officer within the timeline provided by the Central Bank in the Letter of Rejection. If a specific timeline is not provided in the Letter of Rejection, then the Licensed Person must propose a new Alternate Compliance Officer within a period of ninety (90) calendar days from the date of Letter of Rejection; and
e) Once the Alternate Compliance Officer has formally commenced employment, details of the Alternate Compliance Officer must be provided to the Banking Supervision Department and the AML/CFT Supervision Department of the Central Bank via email respectively to smp@cbuae.gov.ae (with copy to info.ehs@cbuae.gov.ae) and amlcft@cbuae.gov.ae. The notification must be made within two working days from the date the Alternate Compliance Officer commences employment .
16.5.3 Resignation of the Alternate Compliance Officer and Notification to the Central Bank:
a) The Licensed Person must notify the Banking Supervision Department and the AML/CFT Supervision Department, within five (5) working days of the date of resignation, of the Alternate Compliance Officer or the date upon which the position becomes vacant in any other manner with reasons thereof via email respectively to info.ehs@cbuae.gov.ae and amlcft@cbuae.gov.ae;
b) The Licensed Person must propose a permanent replacement, within a period of ninety (90) calendar days from the date when the position of the Alternate Compliance Officer falls vacant, by submitting a request of No Objection to the Banking Supervision Department (Refer to Paragraph 16.5.2 of this Chapter for more information).
16.5.4 Removal of the Alternate Compliance Officer:
a) The Central Bank reserves the right to remove the Alternate Compliance Officer of a Licensed Person at its sole discretion;
b) The Licensed Person, in such cases, must comply with Paragraph 16.5.3 (b) of this Chapter; and
c) The Central Bank reserves the right to communicate or not to communicate reasons to the Licensed Person for its decision to remove the Alternate Compliance Officer.
16.6 Continuous Professional Development Programs (CPD)
16.6.1 The Compliance Officer, Alternate Compliance Officer and other employees of the AML/CFT Compliance Department must undergo a minimum of forty eight (48) hours external training in AML/CFT compliance every 12 months, starting from the date the officer or employee has commenced employment; and
16.6.2 Participation in any one or a combination of the following is acceptable in relation to CPD programs in this context:
a) AML/CFT conferences, meetings or workshops whether inside or outside the UAE; b) face to face training by external agencies whether inside or outside the UAE; c) training by industry associations or regulatory bodies; and d) Web based training.
16.7 Know Your Customer (KYC) Process
16.7.1 The Licensed Person must carry out KYC process for its customers in order to confirm who its customers are, and to ensure that the funds involved in their transactions are originating from legitimate sources and used for legitimate purposes.
16.7.2 The Licensed Person must apply appropriate KYC Process for its customers depending on the ML/FT risks associated with each customer or transaction.
16.7.3 There are three different types of KYC Processes that must be applied based on the ML/FT risk associated with a customer. These are:
a) Customer Identification (CID) Process; b) Customer Due Diligence (CDD) Process; and c) Enhanced Due Diligence (EDD) Process.
16.7.4 The transaction thresholds at which CID, CDD, and EDD are required are specified in paragraphs 16.8.1, 16.9.1, 16.10.2, and 16.11.1 below.
16.7.5 The Licensed Person must understand the purpose and intended nature of the business relationship and obtain, when necessary, information related to this purpose. The Licensed Person must understand the nature of the customer’s business as well as the customer’s ownership and control structure.
16.7.6 Where the Licensed Person is unable to carry out CID/CDD/EDD in accordance with the requirements of this Standards and UAE laws and regulations, the Licensed Person must not onboard the customer, must immediately terminate any relationship with the customer, must not execute any transaction, and should consider filing a STR, SAR or other reports with the FIU.
Customer Type Customer Activity Value of Transaction Preventive Measure Required Paragraph Natural Persons Currency Exchange Equal to or greater than AED 3,500 and less than AED 35,000 CID 16.8 Equal to or greater than AED 35,000 and less than AED 55,000 within a 90-day period CID and
CDD16.8
16.9Equal to or greater than AED 55,000 within a 90-day period CID,
CDD, and
EDD16.8
16.9
16.10Natural Persons Money Transfer Any value less than AED 55,000 CID and
CDD16.8
16.9Equal to or greater than AED 55,000 within a 45-day period CID,
CDD, and
EDD16.8
16.9
16.10All Legal Persons or Arrangements Any Activity Any Value CDD and
EDD16.11 Counterparty Relationships Any Activity Any Value CDD and
EDD16.11.8 to
16.11.12
16.11.2PEPs Any Activity Any Value CID,
CDD, and
EDD16.13 DNFBPs/DPMS Any Activity Any Value CID (if the customer is a natural person), CDD, and
EDD16.14/16.15 High-Risk Natural Persons Any Activity Any Value CID,
CDD, and
EDD16.16
16.8,
16.9
16.10High-Risk circumstances Any Activity Any Value CID (if the customer is a natural person), CDD, and
EDD16.16
16.8,
16.9
16.10/11Third Party Transactions Any Activity Any Value CID (if the customer is a natural person), CDD and
EDD16.20
16.8,
16.9
16.10/1116.8 Customer Identification (CID) Process for Natural Persons
16.8.1 The CID process, in accordance with Paragraphs 16.8.2 to 16.8.6 of this Chapter, must be applied for natural persons who carry out “foreign currency exchange” transactions of value between AED 3,500 and AED 34,999.75. Please refer to Paragraph 16.16.3 of this Chapter for KYC process to be applied for natural persons who repeatedly exchange foreign currency of value below AED 3,500 per transaction;
16.8.2 The CID process is the verification of the original identification documents (IDs) of the customer who is a natural person and systematically recording basic customer information in the Point of Sale system;
16.8.3 The Licensed Person must not accept any ID other than one from the below list (in the order of preference) with an exception provided under Paragraph 16.16.4 of this Chapter:
a) Emirates ID; or b) Passport with valid visa; or c) GCC National ID for GCC nationals.
16.8.4 Customer’s full legal name, residential status, mobile number, nationality, date of birth, country of birth, ID type (whether Emirates ID, Passport or GCC national ID) and ID number must be recorded in the Point of Sale system.
16.8.5 The Licensed Person must use all information collected under Paragraph 16.9.4 for sanctions screening, as discussed in Paragraph 16.25.
16.8.6 The following customer information must be printed on the transaction receipt:
a) Full legal name; b) Residential status (whether UAE Resident or UAE Non-Resident); c) Mobile number; d) Nationality; e) Country of birth; f) ID type (whether Emirates ID or Passport or GCC national ID); and g) ID number.
16.9 Customer Due Diligence (CDD) for Natural Persons
16.9.1 The CDD process, in accordance with Paragraphs 16.9.2 to 16.9.14 of this Chapter, must be applied for a natural person who carries out the following transactions:
a) Foreign currency exchange transactions, either one off or multiple in ninety (90) calendar days, of value between AED 35,000 and AED 54,999.75; and
b) Money transfers, whether inward or outward, of value between AED 1 and AED 54,999.75.
16.9.2 CDD is the process where additional information about the customer, who is a natural person, is collected via a customer onboarding process in accordance with Paragraph 16.9.3 of this Chapter;
16.9.3 The Licensed Person must create a customer profile by recording the customer information in its Point of Sale system and then provide a permanent “Unique Identification Number (UIN)” to the customer. The customer must be allowed to carry out transactions at the branch(es) of the Licensed Person only by using the UIN. The Licensed Person must also comply with Paragraph 16.16.6 of this Chapter at all times;
16.9.4 The following customer information, at a minimum, must be captured in the Point of Sale System in addition to the verification of the original ID in accordance with Paragraph 16.8.3 of this Chapter. Items (a) through (n) must be used to support sanctions screening, as required by Paragraph 16.25 of this Chapter.
a) Full legal name; b) Residential status (whether UAE Resident or UAE Non-Resident); c) Address in the UAE (for UAE Residents); d) Temporary address in the UAE and the permanent address in the home country (for UAE Non-Residents); e) Mobile number; f) Email, if available; g) Date of Birth; h) Nationality; i) Country of Birth; j) ID type (whether Emirates ID or Passport or GCC national ID); k) ID number; l) ID place of issue; m) ID issue date; n) ID expiry date; o) Profession; and p) Expected annual activity (i.e. expected annual value and number of transactions for future transaction monitoring).
16.9.5 Area or district, city, Emirate or state or province and country must be recorded in the Point of Sale system as part of the address. The Licensed Person is expected to record the P.O Box number, house number/name, apartment or room number, building number/name, street name in the system wherever practically possible;
16.9.6 When verifying the Emirates ID card either physically, by way of digital or e-KYC solutions, the Licensed Person must use the online validation gateway of the Federal Authority for Identity & Citizenship, the UAE-Pass Application or other UAE Government supported solutions, and keep a copy of the Emirates ID and its digital verification record;
16.9.7 Where acceptable IDs, other than the Emirates ID are used in the KYC process, a copy must be physically obtained from the original ID which must be certified (i.e. certified copy) as “Original Sighted and Verified” under the signature of the employee who carries out the CDD process and retained.
16.9.8 The UIN given to a customer by a Licensed Person must be unique in nature and the same UIN must not be assigned to more than one customer. The same customer must not be given more than one UIN by a Licensed Person. Appropriate validation rules must be implemented in the system to comply with this requirement;
16.9.9 If the customer is represented by a third person, the Licensed Person must follow the procedures in Paragraph 16.20 of this Chapter.
16.9.10 Subject the customer to PEP checks, as required by Paragraph 16.13.3 of this Chapter. Where the customer is a PEP, the Licensed Person must follow the procedures in Paragraph 16.13 of this Chapter.
16.9.11 The customer profile must be reviewed and updated either annually or upon the expiry of the ID whichever comes first. At this time, the Licensed Person must conduct ongoing monitoring on the customer which must consist of the following:
a) The original ID as per Paragraph 16.8.3 of this Chapter must be verified in accordance with Paragraphs 16.9.6 and 16.9.7 and its copy must be held in the records during the review of a customer profile; b) CDD (and, where appropriate, EDD) must be repeated and the customer profile updated, including the information required under Paragraph 16.9.4 of this Chapter. c) CDD and EDD must also be repeated whenever there is a change in the profile of the customer; d) The Licensed Person must scrutinize the transactions concluded by a customer to ensure that transactions are consistent with the Licensed Person’s knowledge of the customer, the customer’s business, risk profile, the source of funds and where necessary, source of the customer’s wealth; and e) The Licensed Person must review transaction monitoring results for the customer to determine whether any STR, SARs or other reports have been filed or whether the customer’s behavior has generated alerts.
16.9.12 Information on the “source of funds” and “purpose of transaction” must be captured in the Point of Sale system for each transaction that undergoes the CDD process;
16.9.13 The below customer information must be printed on the transaction receipt, at a minimum:
a) UIN of the customer; b) Full legal name of the customer; c) Address in the UAE (required when the customer is a UAE Resident) - P.O Box number and street (if available), city, Emirate; d) Permanent address in the home country (required only when the customer is a UAE Non- Resident) - P.O Box number and street (if available), city, state or province, country; e) Mobile number; f) Nationality; g) ID type (whether Emirates ID or Passport or GCC national ID); h) ID number; i) ID place of issue; j) ID issue date; k) Method of payment (whether cash or cheque, etc.); l) Source of funds; m) Purpose of transaction; and n) Beneficiary’s name and bank account details (wherever applicable).
16.9.14 The receipt must be signed by the customer and must be retained in the records along with all KYC supporting documents in accordance with Paragraph 16.29 of this Chapter.
16.10 Enhanced Due Diligence (EDD) Process for Natural Persons
16.10.1 EDD for natural persons requires the Licensed Person to obtain additional information regarding the customer, including additional information regarding the customer’s source of funds, the nature of the customer’s business, and the purpose of transaction, in order to better understand the customer and manage the risk associated with the transaction. EDD also requires the Licensed Person to subject the customer to more intense or intrusive monitoring or imposing other controls on customer activity and customer acceptance. Where EDD is appropriate or required, Licensed Persons must conduct EDD in addition to CDD as per Paragraph 16.9 of this Chapter.
16.10.2 Below are the thresholds for the EDD for natural persons:
a) Foreign currency exchange transactions of value equal to or above AED 55,000, either one off or multiple in ninety (90) calendar days:- Evidence for the source of funds (example: bank statements) must be collected for verification in case the customer pays cash. Complete information of the purpose of the transaction must be collected. Appropriate evidence must be collected for the verification of the purpose of transaction in case there is any doubt or suspicion about the information provided by the customer;
b) Outward money transfers of value equal to or above AED 55,000, either one off or multiple in forty-five (45) calendar days:- Evidence for the source of funds (example: bank statements) must be collected for verification if the customer pays cash. Complete information on the purpose of the transaction must be collected. Appropriate evidence must be collected for the verification of the purpose of transaction in case there is any doubt or suspicion about the information provided by the customer; and
c) Inward money transfers of value equal to or above AED 55,000, either one off or multiple in forty-five (45) calendar days:- Information on the source of funds and the purpose of transaction must be collected and recorded. Appropriate evidences must be collected for the verification of the purpose of transaction in case there is any doubt or suspicion about the information provided by the customer.
16.10.3 The Licensed Person must give special attention to transactions by natural persons who are visitors in the UAE. The Licensed Person may decide to perform EDD on such customers regardless of their transaction value in case there is any doubt or suspicion about the information provided by such customers.
16.10.4 The following customer information must be printed on the transaction receipt, at a minimum:
a) UIN of the customer; b) Full legal name of the customer; c) Address in the UAE (required when the customer is a UAE Resident) - P.O Box number and street (if available), city, Emirate; d) Permanent address in the home country (required only when the customer is a UAE Non- Resident) - P.O Box number and street (if available), city, state or province, country; e) Mobile number; f) Nationality; g) ID type (whether Emirates ID or Passport or GCC national ID); h) ID number; i) ID place of issue; j) ID issue date; k) Method of payment (whether cash or cheque, etc.); l) Source of funds; m) Purpose of transaction; and n) Beneficiary’s name and bank account details (wherever applicable).
16.10.5 The receipt must be signed by the customer and must be retained in the records along with all KYC supporting documents in accordance with Paragraph 16.29 of this Chapter.
16.11 CDD and EDD for Legal Persons and Legal Arrangements
16.11.1 The CDD and the EDD processes, in accordance with Paragraphs 16.11.2 to 16.11.12 of this Chapter, must be applied for a customer at the time of onboarding (i.e. prior to entering into any business relationship), if it is a legal person, such as a company, or a legal arrangement, such as a trust. CDD must include verification of the identity of the legal person or arrangement (i.e. its licenses, incorporation documents, etc.) and identification of its Beneficial Owners (BOs). The Licensed Person, having completed CDD, must then perform EDD as discussed in this section.
16.11.2 The following process must be followed at a minimum while onboarding a legal person or arrangement as a customer. The Licensed Person must verify appropriate documents and retain copies to confirm information under Paragraph 16.11.4 of this Chapter.
a) Required CDD: Unless otherwise provided, all documents must be certified as “Original Sighted and Verified” by the employee of the Licensed Person who carries out the KYC process after the verification of originals.
1. An appropriate KYC Questionnaire of the Licensed Person must be completed and signed by the legal person or legal arrangement; 2. Ownership structure of the legal person or legal arrangement must be collected including the purpose and nature of the intended business relationship; 3. Record the legal person or legal arrangement’s legal form (e.g., limited liability corporation, limited liability partnership, trust, waqf, etc.) and collect a copy of the legal person or legal arrangement’s proof of existence (such as, for legal persons, its proof of incorporation or partnership agreement; for legal arrangements, the trust or waqf deed, or an equivalent document); 4. Collect copies of the powers that regulate and bind the legal person or legal arrangement (e.g., the customer’s founding documents, such as the memorandum of association, the articles of incorporation, or other similar documents for legal persons; the trust or waqf deed for legal arrangements); 5. Verify names of relevant persons holding senior management positions in the legal person or legal arrangement; 6. Collect copies of valid permissions/licenses of the legal person or legal arrangement from competent authorities to carry out the business (examples: certificate of incorporation, trading license or equivalent, license issued by the Central Bank or other competent authorities where applicable, etc.). The Licensed Person must ensure that copies of valid licenses are available in the records at all times. 7. Original IDs of BOs must be verified (in accordance with Paragraphs 16.8.3, 16.9.6 and 16.9.7 of this Chapter) and copies retained. Where the BO resides outside the UAE, original copies of IDs must be appropriately notarized or attested by relevant authorities in the respective foreign country and in the UAE; 8. Where no individual meets the definition of BO, the Licensed Person must verify the original IDs (in accordance with Paragraphs 16.8.3, 16.9.6 and 16.9.7 of this Chapter) for the natural person exercising control of the legal person or legal arrangement customer through other means, such as by virtue of their position as CEO or Managing Director; 9. Collect the list of authorized signatories and verify their original IDs and retain the copies; 10. Authorization letter must be taken for representatives of the legal person or legal arrangement who carry out transactions on its behalf; 11. Verify original IDs of representatives, who have authorization to carry out transactions, (in accordance with Paragraphs 16.8.3, 16.9.6 and 16.9.7 of this Chapter). Such representatives must be UAE residents. The relationship of such representative with the legal person or legal arrangement must be established; 12. Assess and record the expected annual activity (annual value and number of transactions for future ongoing and transaction monitoring); 13. Apply sanction checks (as required by Paragraph 16.25 of this chapter) and conduct internet searches on the name of the legal person or legal arrangement, BO, group companies, subsidiaries and the names of representatives of the legal person or legal arrangement who are authorized to carry out transactions on its behalf; 14. Apply PEP checks on BOs, as required by Paragraph 16.13.3 of this Chapter. Where the BO is a PEP, the Licensed Person must follow the procedures in Paragraph 16.13 of this Chapter.
b) The Licensed Person must in addition carry out the following required EDD steps:
1. The Licensed Person must carry out a ML/FT risk assessment on business activities of the legal person or legal arrangement including by visiting its business location (where relevant) and carrying out a risk assessment of its customers; and Both the Manager in Charge and the Compliance Officer must approve the business relationship with legal persons or arrangements. 2. Where a Beneficial Owner is a PEP, the business relationship with such legal person or legal arrangement must be established only after obtaining approval of the Board of Directors (or of the Owner/Partners where there is no Board of Directors).
16.11.3 The following information about the customer, which is a legal person or legal arrangement, must be recorded in the Point of Sale system, at a minimum, to create the customer profile and the UIN after completing the EDD process under Paragraphs 16.11.1 and 16.11.2 of this Chapter:
a) Full legal name of the legal person or legal arrangement; b) Residential status (whether incorporated/operating within the UAE or outside the UAE); c) Address (P.O Box, Shop No., Building name, Street, City, Emirate, Country); d) Phone numbers; e) Fax number; f) Email; g) Date of establishment; h) ID type (whether trade license or the equivalent); i) Trade license (or the equivalent) number; j) Trade license (or the equivalent) place of issue; k) Trade license (or the equivalent) issue date; l) Trade license (or the equivalent) expiry date; m) Type of business of the legal person or legal arrangement; n) Names and ID details, such as ID types and ID numbers, of BOs of the legal person or legal arrangement; o) Names and ID details, such as ID types and ID numbers, of persons authorized to carry out transaction on behalf of the legal person or legal arrangement; and p) Expected annual activity (i.e. expected annual value and number of transactions for future transaction monitoring).
16.11.4 The Licensed Person must collect appropriate documents to verify and confirm the source of funds, purpose of transaction and the commercial/economic reason for each transaction by a legal person or legal arrangement;
16.11.5 The following customer information must be printed on the transaction receipt, at a minimum:
a) UIN assigned to the legal person or legal arrangement; b) Full legal name of the legal person or legal arrangement; c) Address (P.O Box, Shop No., Building name, Street, City, Emirate, Country); d) Phone number; e) Name and ID number of the person representing the legal person or legal arrangement to carry out transactions on its behalf; f) Country of incorporation; g) ID type (whether trade license or the equivalent); h) Trade license (or the equivalent) number; i) Trade license (or the equivalent) place of issue; j) Trade license (or the equivalent) issue date; k) Trade license (or the equivalent) expiry date; l) Method of payment (whether cash or cheque, etc.); m) Source of funds; n) Purpose of transaction; and o) Beneficiary name and bank account details (wherever applicable).
16.11.6 The receipt must be signed by the representative of the legal person or legal arrangement who carries out the transaction on its behalf and must be retained in the records along with all KYC supporting documents in accordance with Paragraph 16.29 of this Chapter;
16.11.7 The customer profile must be reviewed and updated either annually or upon the expiry of the trade license or the IDs of any person authorized to make transactions on behalf of the customer, whichever comes first. At this time, the Licensed Person must conduct ongoing monitoring on the customer which must consist of the following:
a) The original ID (in accordance with Paragraphs 16.8.3, 16.9.6 and 16.9.7 of this Chapter) and its certified copy must be held in the records during the review of a customer profile; b) CDD and EDD must be repeated and the customer profile, including the supporting evidence as per Paragraph 16.11.2 of this Chapter, must be updated annually at a minimum. The Licensed Person must ensure that copies of valid licenses are available in the records at all times. c) CDD and EDD must also be repeated whenever there is a change in the profile of the customer, such as any change in the ownership of a legal person or legal arrangement; d) The Licensed Person must scrutinize the transactions concluded by a customer to ensure that transactions are consistent with the Licensed Person’s knowledge of the customer, the customer’s business, risk profile, the source of funds and where necessary, source of the customer’s wealth; and e) The Licensed Person must review transaction monitoring results for the customer to determine whether any STRs or SARs have been filed or whether the customer’s behavior has generated alerts.
16.11.8 CDD and EDD in accordance with Paragraph 16.11.2 of this Chapter must also be undertaken before entering into below types of business relationships:
a) Foreign correspondent banking arrangements, such as those with banks, exchange houses or any other financial institutions, for the purpose of money transfer services; b) Money transfer arrangements with instant money transfer service providers; c) Hedging arrangements with local or foreign institutions; d) Arrangements to import or export banknotes from/to foreign institutions, such as Banks, exchange houses or other financial institutions outside the UAE; and e) Arrangements with local or foreign entities to offer special products/services.
16.11.9 All business relationships under Paragraph 16.11.8 of this Chapter must be approved by the Compliance Committee of the Licensed Person and by the Banking Supervision Department of the CBUAE prior to establishment of the business relationship.;
16.11.10 For all business relationships under Paragraph 16.11.8.a) of this Chapter, LEH must collect sufficient information about any receiving correspondent institution for the purpose of identifying and achieving a full understanding of the nature of its business, and to determine, through publicly available information, its reputation and level of AML/CFT controls, including whether it has been subject to a ML/FT investigation or regulatory action. LEH must also evaluate the AML/CFT controls applied by the receiving correspondent institution and understand the responsibilities of each institution in the field of AML/CFT.
16.11.11 While undertaking EDD as per Paragraph 16.11.8 of this Chapter on entities located outside the UAE, the Licensed Person may:
a) visit the business locations of entities which are located in countries assessed as High Risk in order to carry out risk assessment as per Paragraph 16.11.2 (b).1 of this Chapter where it is practical and otherwise safe to do so (i.e. no site visit is required when such entities are located in low or medium risk countries); b) Identify the BOs and collect copies of the IDs of BOs on a risk sensitive basis by the Compliance Officer of such foreign entities (in accordance with Paragraphs 16.8.3, 16.9.6 and 16.9.7 of the Standards), in case the verification of original documents by the Licensed Person is practically impossible. Where the BO resides outside the UAE, original copies of IDs must be appropriately notarized or attested by relevant authorities in the respective foreign country and in the UAE;
16.11.12 The Licensed Person must not enter into any business relationship with a Shell bank or company .
16.12 Transactions by Non-Profit Organisations
16.12.1 The Licensed Person must not accept non-profit organisations such as Co-operative Societies, Charitable Societies, Social or Professional Societies as customers unless they provide an original signed letter from the Ministry of Community Development confirming their identities and permitting them to collect donations and an authorization from the UAE Red Crescent for conducting financial transfers out of the UAE;
16.12.2 CDD and EDD in line with Paragraph 16.11 of this Chapter must be carried out before entering into any business relationship with non-profit organisations; and
16.12.3 Business relationships with non-profit organisations must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors) of the Licensed Person.
16.13 Politically Exposed Persons (PEP) Checks
16.13.1 All PEPs, whether natural person customers or the BOs of legal persons or legal arrangements, are required to undergo EDD as defined in Paragraph 16.13.4, no matter the transaction in which they seek to engage. It is not acceptable to conduct only CID and CDD on a PEP customer.
16.13.2 Licensed Persons should note that the definition of PEPs includes their direct family members and close business associates. A legal person or legal arrangement qualifies as a PEP when its BO(s) meets the definition of a PEP.
16.13.3 The Licensed Person must implement appropriate systems and tools to determine whether a customer, who is a natural person or the BO of a legal person or arrangement customer, is a PEP. Where the Licensed Person has established a customer profile for a customer, the Licensed Person must repeat this check at least once every 12 months, or prior to carrying out the first transaction following the expiration of the 12-month period;
16.13.4 Where a natural person, a legal person or legal arrangement customer or a BO of a legal person or legal arrangement customer is found to be a PEP, the Licensed Person must perform the following mandatory steps:
a) Take reasonable measures to identify the source of funds and the source of wealth of the customer or the BO(s);
b) Obtain approval from the Compliance Officer and the Manager in Charge before processing any transaction in the Point of Sale system. If the BO of a legal person or legal arrangement customer is an PEP, the Board of Directors (or of the Owner/Partners where there is no Board of Directors) must approve the relationship or the processing of a transaction; and
c) Perform any other EDD as necessary to manage the risk of the customer.
16.13.5 The Licensed Person must refer to Paragraphs 16.11.2 (a).14 and (b).2 of this Chapter for requirements while entering into business relationships with a legal person or legal arrangement owned by PEP;
16.13.6 All transactions by a PEP or by a legal person or legal arrangement customer where the BO is a PEP must be closely monitored by the Compliance Officer. The transaction monitoring systems employed by Licensed Person must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts.
16.14 Designated Non-Financial Businesses and Professions (DNFBPs)
16.14.1 EDD is required before entering into any business relationship with, or processing any transactions for, DNFBPs as defined under the AML-CFT Decision. DNFBPs may be natural or legal persons.
16.14.2 The Licensed Person must implement appropriate, procedures, systems and tools to determine whether a customer is a DNFBP.
16.14.3 Where a customer is determined to be a DNFBP, the Licensed Person must carry out the following required steps, in addition to the CDD and EDD required by Paragraph 16.11 of these Standards and any other EDD appropriate to manage the risk of the customer:
a) Verify that the customer is supervised as a DNFBP by the appropriate supervisor; b) Obtaining information sufficient to determine that the customer is compliant with the AML/CFT preventive measures required under AML-CFT Decision; c) Take additional steps to understand the customer’s business and its customer base; and d) Obtain approval from the Compliance Officer and the Manager in Charge of the Licensed Person before establishing the business relationship or processing any transactions.
16.15 Dealers in Precious Metals and Stones (DPMS)
16.15.1 EDD is required before entering into any business relationship with, or processing any transactions for, DPMS, whether or not they qualify as DNFBPs under AML-CFT Decision. DPMS may be natural or legal persons.
16.15.2 The Licensed Person must implement appropriate procedures, systems and tools to determine whether a customer is a DPMS.
16.15.3 Where a customer is determined to be a DPMS, the Licensed Person must carry out the following required steps, in addition to the CDD and EDD required by Paragraph 16.11 of these Standards and any other EDD appropriate to manage the risk of the customer:
a) Verifying that the customer has the required licenses; b) Obtaining information sufficient to determine that the customer is compliant with the AML/CFT preventive measures required under AML-CFT Decision; c) Take additional steps to understand the customer’s business, including the products and services it offers, its geographic footprint, and its customer base; and d) Obtain approval from the Compliance Officer and the Manager in Charge of the Licensed Person before establishing the business relationship or processing any transactions.
16.16 Additional Provisions on CID, CDD and EDD
16.16.1 The Licensed Person must be able to demonstrate to the Central Bank Examiners that the KYC Process that has been applied is appropriate in view of its risks related to the money laundering, terrorist financing or related financial crimes.
16.16.2 The Licensed Person must comply with the instructions and conditions that are stated in the Letter of No Objection issued by the Banking Supervision Department for special products or services.
16.16.3 The Licensed Person must apply the CID process in accordance with Paragraph 16.8 of this Chapter for a natural person who repeatedly exchanges foreign currency (for example, once in a week) of value below AED 3,500 per transaction;
16.16.4 The Licensed Person may accept a Seaman’s Pass/ID in order to complete the KYC Process, instead of acceptable IDs listed under Paragraph 16.8.3 of this Chapter, from natural persons who carry out the following transactions:
a) Foreign currency exchange transactions of aggregate value up to AED 34,999.75 per week; and b) Money transfer transactions of aggregate value up to AED 27,000 per week.
16.16.5 The Licensed Person, while accepting transactions under Paragraph 16.16.4 of this Chapter, must apply the CID process in accordance with Paragraph 16.8 of this Chapter for foreign currency exchange transactions and the CDD process in accordance with Paragraph 16.9 of this Chapter for money transfer transactions (except Paragraph 16.8.3 of this Chapter) at a minimum;
16.16.6 The Licensed Person must carry out the CDD process for every pre-paid card customer (for legal person or arrangement prepaid card customers, CDD and EDD) in addition to introducing appropriate velocity controls to monitor the activity of the customer based on the number of cards purchased (whether non-reloadable or reloadable) or number of times reloaded (where it is a reloadable card). These transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts.
16.16.7 The customer using automated machines (i.e. Kiosks) for executing transactions must visit a branch to complete CID or CID/EDD as appropriate and have the UIN issued by the Licensed Person. In such cases, the Licensed Person must ensure that the customer is only be permitted to add, modify or disable beneficiary details via kiosks upon authentication via a mobile OTP sent to the customer’s registered mobile number obtained during on-boarding as part of the KYC Process. The Licensed Person must also set a maximum limit, which shall not exceed AED 3,500 per transaction for money transfers via such machines. In any case, the total value of money transfers by a customer via such machines shall not exceed AED 10,000 per month. All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts.
16.16.8 The Licensed Person must implement appropriate measures/controls to ensure that the UIN issued to a customer is being used only by that customer at all times. The Licensed Person may consider the following to comply with this requirement:
a) Verification of the original ID as per Paragraph 16.8.3 of this Chapter prior to accepting transactions from a customer; or b) Issue ID/Membership/Loyalty Cards that contain the basic customer details (such as name, date of birth, nationality, UIN etc.) including a recent photograph and such original cards must be verified prior to accepting transactions from customers; or c) Introduce appropriate biometric systems.
16.16.9 Natural persons, who do not have a valid visa to stay in the UAE, must not be permitted to carry out transactions unless they are in the grace period upon cancellation or expiry of the residence permit or on amnesty.
16.16.10 The Licensed Person must apply the following KYC process for a customer who exchanges low denomination currency notes to larger ones:
a) CDD process, in accordance with Paragraph 16.9 of this Chapter, must be applied for a natural person when the value of such transaction is between AED 35,000 and AED 54,999.75; b) EDD process, in accordance with Paragraph 16.10 of this Chapter, must be applied for a natural person when the value of such transaction is equal to or above AED 55,000; c) CDD and EDD process, in accordance with Paragraph 16.11 of this Chapter, must be applied in case the customer is a legal person or legal arrangement irrespective of the value of such transaction; and d) If there are any reasonable grounds to suspect ML/FT, the Licensed Person must file a STR, SAR or any other report with the FIU irrespective of the value of such transaction. Please refer to Paragraph 16.26 of this Chapter for more information on Suspicious Transaction Reporting.
16.16.11 The Licensed Person must apply the EDD process that is effective and proportionate to the ML/FT risks, including obtaining the approval of the Manager in Charge and the Compliance Officer, for establishing business relationships or one-off transactions with:
a) PEP (Refer to Paragraph 16.13 of this Chapter); b) Customers from high-risk jurisdictions; c) Unusually complex transactions or those which have no clear economic or legal purpose; and d) Transactions that the Licensed Person considers as high risk.
16.16.12 The Licensed Person must conduct the EDD process for a customer, irrespective of the value of transaction, if it suspects that the customer is engaging in money laundering or terrorist financing (ML/FT). If reasonable grounds are established to suspect money laundering, terrorist financing and/or financing of illicit organizations, such transactions must be reported, without any delay, to the FIU. Please refer to paragraph 16.26 of this Chapter for further information.
16.16.13 The Licensed Person must also conduct the EDD on its existing customers, if there is:
a) a material change in the nature or ownership of a customer who is a legal person or legal arrangement; b) doubt about the veracity or adequacy of information previously obtained in relation to the customer; or c) any other reason that the Licensed Person deems appropriate.
16.17 Special Requirements When Conducting Money Transfers: Requirements for Ordering Institutions
16.17.1 In addition to all other requirements discussed in this Chapter, the ordering Licensed Person must ensure that all international wire transfers, whether inward or outward, are always accompanied by the following data:
a) the name of the originator, b) his or her identity number or travel document, c) date and country of birth, d) address, e) UIN; and f) the name of the beneficiary and his account number used to make the transfers. In the absence of the account, the transfer must include a unique transaction reference number, which allows the process to be tracked.
16.17.2 The Licensed Person must verify the accuracy of the data listed in paragraph 16.17.1(a-f). The transfer must include a unique transaction reference number which allows the process to be tracked.
16.17.3 In the event that several individual cross-border wire transfers from a single originator are bundled in a batch file for transmission to beneficiaries, the batch file must contain required and accurate originator information, and full beneficiary information, that is fully traceable within the beneficiary country; and the Licensed Person must include the originator’s account number or unique transaction reference number.
16.17.4 For domestic wire transfers, the ordering Licensed Person must ensure that the information accompanying the wire transfer includes originator information as indicated above, unless this information can be made available to the beneficiary financial institution and competent authorities by other means.
16.17.5 Where the information accompanying the domestic wire transfer can be made available to the beneficiary financial institution and competent authorities by other means, the ordering Licensed Person must be only required to include the account number or a unique transaction reference number, provided that this number or identifier will permit the transaction to be traced back to the originator or the beneficiary. The ordering financial institution must make the information available within three business days of receiving the request either from the beneficiary financial institution or from competent authorities.
16.17.6 Ordering Licensed Persons must not carry out wire transfers if they fail to comply with the above conditions.
16.17.7 Ordering Licensed Persons must keep all information about the originator and the beneficiary collected, in accordance with Paragraph 16.29 of this Chapter.
16.18 Special Requirements When Conducting Money Transfers: Requirements for Intermediary Licensed Persons
16.18.1 When acting as an intermediary financial institution, the Licensed Person must ensure that all originator and beneficiary information that accompanies a cross-border wire transfer is retained in the corresponding domestic wire transfer.
16.18.2 Where technical limitations prevent the required originator or beneficiary information accompanying a cross-border wire transfer from remaining with a related domestic wire transfer, the Licensed Person shall keep a record of all the information received from the ordering financial institution or another cross-border intermediary financial institution, and retain this information in keeping with Paragraph 16.29 of this Chapter.
16.18.3 When acting as an intermediary financial institution, the Licensed Person must take reasonable measures, which are consistent with straight-through processing, to identify cross-border wire transfers that lack required originator information or required beneficiary information, and must have risk-based policies and procedures for determining when to execute, reject, or suspend a wire transfer; and the appropriate follow-up action.
16.19 Special Requirements When Conducting Money Transfers: Requirements for Beneficiary Licensed Persons
16.19.1 Beneficiary Licensed Person must take reasonable measures to identify cross-border wire transfers that lack required originator information or required beneficiary information, which may include real-time monitoring where feasible or post-event monitoring.
16.19.2 For cross-border wire transfers, a Beneficiary Licensed Person must verify the identity of the customer, if the customer has not already been subject to CID/CDD as appropriate given the value of the transaction.
16.19.3 The Beneficiary Licensed Person must have risk-based policies and procedures for determining when to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information; and for determining the appropriate follow-up action.
16.19.4 Beneficiary Licensed Persons must maintain records of all required originator and required beneficiary information collected, in accordance with Paragraph 16.29 of this Chapter.
16.20 Third Party Transactions
16.20.1 A transaction is treated as a third party transaction when it is carried out by a person (hereafter known as ‘the representative’) on behalf of another natural person or a legal person or legal arrangement (hereafter known as ‘the beneficial owner of funds’). The Licensed Person must not accept third party transactions except in cases that are mentioned under Paragraphs 16.20.2 to 16.20.7 of this Chapter.
16.20.2 The Licensed Person may accept the transaction by a natural person on behalf of another natural person subject to the following conditions:
a) The representative must produce a duly executed Power of Attorney (PoA) from the beneficial owner of funds to carry out such transactions. Where there is no PoA, the beneficial owner of funds must issue a letter authorizing the representative to carry out transactions on his/her behalf. The beneficial owner of funds must visit the Licensed Person to sign such letter of authority, the validity of which shall not exceed two (2) years from the date of issue;
b) The letter of authority must refer to the type of transactions (whether currency exchange or money transfer) which the representative is authorized to carry out on behalf of the beneficial owner of funds as well as the identification details of both parties. The letter must also include the beneficiary details in the case of a money transfer transaction;
c) The signature of the beneficial owner of funds in the letter of authority must be verified against that in the passport or the Emirates ID;
d) The representative and the beneficial owner of funds must both be resident in the UAE;
e) Original IDs of both parties must be collected and verified in accordance with Paragraphs 16.8.3, 16.9.6 and 16.9.7 of this Chapter;
f) The beneficial owner of funds and the representative must undergo the CDD process in accordance with Paragraph 16.9 of this Chapter. The EDD process must be applied, when applicable, in accordance with Paragraph 16.10 of this chapter;
g) All transactions must be recorded in the system against the UIN of the beneficial owner of funds. Name and ID details of the representative must also be recorded in the Point of Sale system;
h) The names of both parties must be subjected to the sanctions/PEP screening. In the case of money transfer transactions, the beneficiary’s name as well as the name of beneficiary bank must also be appropriately screened; The name of the representative must be printed separately on the transaction receipt in addition to the information of the beneficial owner of funds in accordance with Paragraph 16.9.13 or 16.10.4 of this Chapter, whichever is applicable; and
i) All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts.
16.20.3 The Requirement under Paragraph 16.20.2 of this Chapter is not applicable, where the transaction is carried out by a natural person on behalf of another natural person who is either working as domestic helper (examples are: house maid, cook, servant, cleaner, etc.) or unable to visit the Licensed Premises due to the inherent nature of their work/living conditions, subject to the following conditions:
a) The representative must produce a letter signed by the beneficial owner of the funds authorizing the representative to carry out transactions. This letter of authority must refer to the type of transactions (whether currency exchange or money transfer) which the representative is authorized to carry out on behalf of the beneficial owner of funds as well as the identification details of both parties. The letter must also include the beneficiary details in the case of a money transfer transaction;
b) The total value of transactions, whether foreign currency exchange or inward/outward remittance, shall not exceed AED 24,000 during a rolling three hundred and sixty five (365) days from the date of the first transaction for each beneficial owner of funds;
c) The representative and the beneficial owner of funds must both be resident in the UAE;
d) Original IDs of both parties must be collected and verified in accordance with Paragraphs 16.8.3, 16.9.6 and 16.9.7 of this Chapter;
e) The representative and the [beneficial owner]/customer must undergo the CDD process in accordance with Paragraph 16.9 of this Chapter. The EDD process must be applied, when applicable, in accordance with Paragraph 16.10 of this Chapter. The Licensed Person is expected to take all measures practically possible to confirm that such transactions are genuine without leaving any chance for doubt or confusion for misuse of this arrangement;
f) All such transactions must be recorded in the system against the UIN of the representative. The name and ID details of the beneficial owner of funds must also be recorded in the Point of Sale system. The SMS notifications in accordance with Paragraph 4.9 of Chapter 4 must go directly to the beneficial owner of funds;
g) The names of both parties must be subjected to sanctions/PEP screening. In the case of money transfer transactions, the beneficiary’s name as well as the name of beneficiary bank must also be appropriately screened;
h) The name of the beneficial owner of funds must be printed separately on the transaction receipt in addition to the information of the representative in accordance with Paragraph 16.9.13 or 16.10.4 of this Chapter, whichever is applicable;
i) All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts; and
j) In case of any doubt or confusion regarding the documents submitted or information provided by the representative, the Licensed Person must insist that the beneficial owner of funds to personally visit the Licensed Person to complete the KYC process. If the beneficial owner of the funds refuses to visit the Licensed Person, the relationship must be terminated and the case must be reported to the FIU immediately where necessary.
16.20.4 Transactions by a natural person on behalf of another legal person or legal arrangement in the UAE falls under the scope of the EDD Process under Paragraph 16.11 of this Chapter. The conditions under Paragraph 16.20.5 of this Chapter must be applied where the remittance transactions are for importing goods or payment for services.
16.20.5 Remittance transactions from legal entities in the UAE for importing goods or payment for services (i.e. trade related transactions), must only be accepted subject to the below conditions:
a) EDD (refer to Paragraph 16.11 of this Chapter) must be completed for each legal person or legal arrangement before onboarding the customer; b) The Licensed Person must establish the commercial/economic reason for each remittance transaction; c) The Licensed Person must ensure that supporting documents, such as Invoices, are in the name of the legal person or legal arrangement in the UAE and the goods are destined for the UAE; d) The names of all parties involved in the transaction such as names of remitter (i.e. legal person or legal arrangement ), its Owner/Partners/Shareholders, authorized person who carries out the transaction (i.e. the representative) and beneficiary must undergo sanctions screening for each transaction; e) The names of the remitter (i.e. legal person or legal arrangement), its Owner/Partners/Shareholders, the authorized person who carries out the transaction (i.e. the representative) must undergo PEP screening for each transaction; f) Preference must be given to settle such transactions through a bank, either by cheque or via bank transfer, instead of accepting cash; g) The Licensed Person must collect the original Bill of Lading/Airway Bill for the post transaction (i.e. after executing such transactions) verification, whenever the same is issued. A copy of the original Bill of Lading/Airway Bill certified as “Original Sighted and Verified” under the signature of the employee who carries out the KYC Process must be retained; h) The Licensed Person must also track the movement of such goods using an appropriate container/vessel tracking system when the settlement of the underlying transaction is in cash. Appropriate logs and evidences must be maintained by the Licensed Person for such tracking; i) All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts; and j) The authorized person who carries out the transaction (i.e. the representative) on behalf of the legal person or legal arrangement must be a resident in the UAE.
16.20.6 Where a legal person or legal arrangement in the UAE (i.e. the remitter) which remits on behalf of another legal person or legal arrangement outside the UAE (i.e. beneficial owner of funds) who imports goods or pays for services, the Licensed Person must accept such transactions subject to the below conditions:
a) The Licensed Person must undertake the EDD on the remitter which must be in accordance with Paragraph 16.11 of this Chapter; b) The Licensed Person must also undertake the EDD on the beneficial owner of funds; c) There must be at least one shareholder or partner common to both entities (i.e. legal person or legal arrangement in the UAE and the legal person or legal arrangement outside the UAE); d) In case, there is no shareholder or partner common to both entities, then there must be a legally valid agreement between the remitter and the beneficial owner of funds, authorizing the remitter to carry out such transaction; e) All documents related to the incorporation or formation of the legal person or legal arrangement outside the UAE (i.e. beneficial owner of funds) and the agreement between both the parties must be appropriately notarized or attested by relevant authorities in the respective foreign country and in the UAE; f) The name of the beneficial owner of the funds and its Owner/Partners/Shareholders must be captured in the Point of Sale system in addition to the required information of the remitter as per Paragraph 16.11.3 of this Chapter. Names of all parties involved in the transaction such as names of the remitter, beneficial owner of funds, Owner/Partners/Shareholders of both entities, authorized person who carries out the transaction (i.e. the representative) and beneficiary must undergo sanctions screening for each transaction; g) The names of the remitter (i.e. legal person or legal arrangement), its Owner/Partners/Shareholders, the authorized person who carries out the transaction (i.e. the representative) must undergo PEP screening for each transaction; h) The Licensed Person must establish the commercial/economic reasons for each remittance transaction; i) The Licensed Person must ensure that supporting documents, such as invoices, are in the name of the beneficial owner of funds and the goods are destined for the home country of the beneficial owner of the funds; j) Preference must be given to settle such transactions through bank, either by cheque or via bank transfer, instead of accepting cash; k) The name of beneficial owner of funds must be printed on the receipt in addition to the information of the remitter as per Paragraph 16.11.5 of this Chapter; l) After conducting the remittance transaction, the Licensed Person must collect the original Bill of Lading/Airway Bill for post transaction verification in a timely fashion after it is issued. The Licensed Person must introduce their own policies and procedures, based on an appropriate risk assessment, regarding the grace period (up to a maximum of 21 calendar days after conducting the remittance transaction) that can be granted to a customer in order to produce the Bill of Lading/Airway Bill. In case a customer fails to produce a copy of the Bill of Lading/Airway Bill within the given grace period, then the Licensed Person must not conduct further remittance transactions for that customer. A copy of the original Bill of Lading/Airway Bill certified as “Original Sighted and Verified” under the signature of the employee who carries out the KYC Process must be retained; m) The Licensed Person must track the movement of goods via an appropriate container/vessel tracking system in all cases of such remittance transactions. Appropriate logs and evidences must be maintained by the Licensed Person for such tracking; n) All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts; o) In case of any doubt or confusion regarding the documents submitted or information provided by the beneficial owner of funds, remitter or representative, then the Licensed Person must exit the relationship and the case must be reported to the FIU immediately; and p) The authorized person who carries out the transaction (i.e. the representative) on behalf of the legal person or legal arrangement in the UAE must be a resident in the UAE.
16.20.7 The Licensed Person must not accept any transactions from a natural person, who is acting in personal capacity, on behalf of any foreign legal person or legal arrangement or a natural person who is a UAE Non-Resident.
16.21 Customs Declaration Forms (CDF)
16.21.1 The Licensed Person should be aware of the Regulation on the Declaration of Currencies, Bearer Negotiable Instruments, and Precious Metals and Stones in Possession of Travelers Entering or Leaving the UAE (issued in the Official Gazette No 703 dated 31/05/2021). These Regulation set requirements for individuals entering or departing the UAE carrying currencies, precious metals or stones, or bearer negotiable instruments with a value above AED 60,000. Such persons must declare these goods by completing the Customs Declaration Form (CDF);
16.21.2 The Licensed Person must collect and retain the original CDF if the customer exchanges currency, if the customer declares that the source of funds is related to the proceeds of purchase/sale of precious metals or stones brought into or to be taken out of the country, or of bearer negotiable instruments to the full value as stated in the CDF;
16.21.3 In case the customer exchanges only part of the total amount stated in the CDF, then the actual amount of currency, or of funds related to the proceeds of purchase/sale of precious metals or stones brought into or to be taken out of the country, or of bearer negotiable instruments exchanged by the Licensed Person must be endorsed on the original CDF under the signature of the employee who carries out the KYC process and under the official stamp of the Licensed Person. In such cases, the original CDF can be returned to the customer, but its copy after endorsement must be retained with the Licensed Person;
16.21.4 In case the amount of any partial exchange is endorsed on a CDF, the Licensed Person who accepts such CDF must exchange only the balance of the amount of currencies to ensure that the total amount of currency exchanged by the customer using the same CDF does not exceed the total value stated in the CDF; and
16.21.5 The CDF form collected from a customer must not be treated as evidence for the source of funds or the purpose of a transaction. Appropriate due diligence procedures must be conducted and supporting documents as evidence for the source of funds or purpose of transaction must be collected whenever and wherever necessary.
16.22 Recruitment and Know Your Employee (KYE) Process
16.22.1 The Licensed Person must implement an appropriate recruitment and Know Your Employee process for hiring employees in accordance with Paragraph 8.2 of Chapter 8.
16.23 AML Training
16.23.1 The Licensed Person must provide comprehensive AML/CFT compliance training to all employees including its Manager in Charge, functional heads, Directors of the Board and Owner/Partners/Shareholders.
16.23.2 The AML/CFT compliance training must be provided to all new joiners within thirty (30) calendar days from the date of joining. The new joiners must not be allowed to serve any customer independently until they have successfully completed such training. Refresher training must be provided to all employees at regular intervals.
16.23.3 The frequency of refresher AML/CFT compliance training may be determined based on the ML/FT risk exposure of each employee. Employees who deal directly with customers, products or services must be trained at least annually at a minimum.
16.23.4 Refresher training must also be provided whenever there are changes in the AML Laws, Regulations, Notices, the Standards or the Licensed Person’s AML policy/procedures.
16.23.5 Appropriate processes must be implemented to periodically assess the AML/CFT awareness of employees and repeat training must be planned based on the result of such assessment process.
16.23.6 Appropriate AML/CFT training registers must be maintained in order for the Central Bank Examiners to verify the training history of each employee.
16.23.7 Evidence for all trainings conducted such as, the training policy, training materials, training register, training plan, training schedules, assessment sheets, training certificates, etc. must be retained for the verification by the Central Bank Examiners.
16.23.8 The AML/CFT training materials must be reviewed and updated at regular intervals or whenever there are changes in the AML Laws, Regulations, Notices, the Standards and the Licensed Person’s AML policy/ procedures.
16.23.9 The AML/CFT training materials must cover at least the following topics. These topics should be covered in greater depth, and additional topics should be covered as appropriate, on a risk sensitive basis depending on the role of each employee:
a) Money laundering and terrorist financing, definitions, typologies as well as recent trends; b) ML/FT risks associated with the products and services offered by the Licensed Person; c) AML/CFT policies and procedures including the highlights on recent changes; d) The regulatory responsibilities and obligations of employees under AML/CFT Laws, Regulations, Notices and the Standards; e) Description of Know Your Customer process and its importance; f) Due Diligence measures and procedures for monitoring transactions; g) Sanction screening and PEP screening procedures; h) Red flags to identify unusual transactions or transaction patterns or customer behaviours; i) Processes and procedures of making internal disclosures of unusual transactions; j) Roles of the Compliance Officer and Alternate Compliance Officer including their full contact details; k) Tipping off; l) Record retention policy; m) Reference to industry guidance and other sources of information; n) Emerging ML/FT risks and measures to mitigate such risks; o) Penalties for non-compliance with the AML/CFT Laws, Regulations, Notices and the Standards; and p) Disciplinary procedures to be applied on employees for not adhering to the AML policy and procedures.
16.24 Transaction Monitoring
16.24.1 The Licensed Person must introduce automated systems and tools to support transaction monitoring, that are risk-based and appropriate to the nature, size and complexity of its business.
16.24.2 The monitoring systems must be configured to identify abnormal/unusual transactions, patterns of activities or behaviours of customers by defining sufficient number of rules and parameters within the system. Rules and parameters must take account of ML/FT typologies in the Exchange Business sector. Special attention must be given to third party transactions while defining rules and parameters.
16.24.3 Information related to the expected annual activity collected at the time of customer onboarding process must be used to assess any deviations or unusual behaviours/patterns.
16.24.4 All abnormal/unusual transactions must be investigated and supporting records must be retained for the minimum retention period as per Paragraph 16.29 of this Chapter.
16.24.5 After investigation of abnormal/unusual transactions, if reasonable grounds are established to suspect money laundering, terrorist financing and/or financing of illicit organizations, such transactions must be reported, without any delay, to the FIU. Please refer to paragraph 16.26 of this Chapter for further information.
16.24.6 Where a report is made to the FIU, it must be considered as part of the ongoing monitoring of the customer as required by paragraphs 16.9.11 and 16.11.7 of this Chapter.
16.25 Sanctions Screening
16.25.1 Appropriate systems must be introduced for real time screening, as part of the KYC process, on all parties involved in a transaction against all applicable sanction lists (i.e. the UN sanction lists (“UN Consolidated List’), the UAE Cabinet local list (“Local Terrorist List”)). Screening must be conducted prior to the execution of any transaction.
16.25.2 The Licensed Person must have appropriate procedures in place to test and fine-tune the system used for real-time screening on an ongoing basis.
16.25.3 Written processes and procedures for the escalation and clearing of potential sanction matches must be introduced;
16.25.4 The logs/records related to the clearing of potential sanction matches must be available in the system for a minimum period of five (5) years from the date of receipt of the transaction.
16.25.5 The UN Consolidated List and the Local Terrorist List must be regularly updated and immediately updated within the Point of Sale/computer systems of the Licensed Person, preferably without any manual intervention. Appropriate logs must be maintained in the system to confirm such updates.
a) The Licensed Person should rely on the official website of the UN Security Council for the most updated UN Consolidated List:
• https://www.un.org/securitycouncil/content/un-sc-consolidated-list (English) • https://www.un.org/securitycouncil/ar/content/un-sc-consolidated-list (Arabic)
b) The Licensed Person should rely on the official website of the Executive Office of the Committee for Goods & Materials Subjected to Import & Export Control (“Executive Office”) to obtain the most recent publication of the Local Terrorist List issued by the UAE Cabinet:
• UN page | Committee for goods & material subjected to import & export (uaeiec.gov.ae) (English) • UN page | لجنة السلع والمواد الخاضعة للاستيراد والتصدير (uaeiec.gov.ae) (Arabic)
c) The Licensed Person must register on the Executive Office’s website in order to receive automated email notifications with updated and timely information about the listing and de-listing of individuals or entities in the Local Terrorist List and in the UN Consolidated List.
16.25.6 When a match is found through the screening, the Licensed Person must immediately, without delay and without prior notice, freeze all funds. “Without delay” means within 24 hours of the listing decision being issued by the UN Security Council or the UAE Cabinet, as the case may be.
16.25.7 The Licensed Person must not make funds available or provide financial or other related services, whether in whole or in part, directly or indirectly, to any of the persons or entities identified according to the above.
16.25.8 Sanction screening must be applied in the below cases as follow:
a) In the case of foreign currency exchange transactions, the customer’s name must be screened against the sanction lists; b) In the case of money transfer transactions, the Remitter’s name and Beneficiary’s name as well as the name of beneficiary bank must be screened against sanction lists; c) Where the transactions are conducted by a legal person or legal arrangement, the name of the authorised person who carries out the transaction (i.e. the representative) must be screened against sanctions lists in addition to the name of the legal person or legal arrangement and its BOs. The Licensed Person, where applicable, must also comply with Paragraph 16.25.8 (b) of this Chapter; and d) The Licensed Person must also comply with the sanction screening requirements, in the case of third party transactions, as required by Paragraph 16.20 of this Chapter.
16.25.9 The Licensed Person should notify the Central Bank and the Executive Office as follow:
a) In case of any confirmed match to a listing of names of individuals or legal persons to the Local Terrorist List or the UN Consolidated List is identified, the Licensed Person is required to report any freezing measures, prohibition to provide funds or services or any attempted transactions via the goAML platform within two business days by selecting the Fund Freeze Report (FFR). The Licensed Person must also ensure all the necessary information and documents regarding the confirmed match are submitted.
b) In case of any potential match to a listing of names of individuals or legal persons to the Local Terrorist List or UN Consolidated List is identified (i.e. any match between data in the sanctions lists with any information in the Licensed Person’s databases), the Licensed Person is required to report the potential match via the goAML platform by selecting the Partial Name Match Report (PMNR). The Licensed Person must also ensure all the necessary information and documents regarding the potential match are submitted. In addition, the Licensed Person must uphold suspension measures related to the “potential match” until further instructions are received via the goAML platform on whether to cancel the suspension or implement freezing measures.
c) The TFS related reports (FFR or PMNR) submitted via the goAML platform will be received simultaneously by the Central Bank and the Executive Office. The Licensed Person should also consult the Central Bank and the Executive Office’s websites respectively as updated from time to time.
16.25.10 The Licensed Person should consider their need to comply with other sanctions programs where applicable, including due to correspondent relationships, such as those administered by the United States of America and the European Union.
16.25.11 The Licensed Person must also sign up for the Integrated Enquiries Management System (IEMS) introduced by the FIU to automate and facilitate the execution process of requests for information, implementing decisions of public prosecutions and any other type of ML/FT requests.
16.26 Suspicious Transaction Reporting
16.26.1 Internal disclosure requirements:
a) The Licensed Person must implement procedures, controls, systems and tools for its employees to internally disclose all suspected cases of ML/FT directly to the Compliance Officer or to an appropriate member of the compliance department without any interference from the Manager in Charge or any other employee of the Licensed Person;
b) All internal disclosures must be thoroughly investigated to confirm if there are reasonable grounds for suspicion;
c) If the investigation of an internal disclosure does not reveal reasonable grounds for suspicion, then the Compliance Officer may decide either to close the case or keep it open for future monitoring; and
d) The Compliance Officer must retain documentary evidence regarding all internal disclosures, details of investigations undertaken and reasons for closing a case or keeping the case open for future monitoring under watch list or for reporting to the FIU.
16.26.2 External Reporting to the FIU:
a) The Licensed Person must file without any delay an STR or SAR or other report types with the FIU using the “goAML” portal when they have reasonable grounds to suspect that a transaction, attempted transaction, or funds constitute, in whole or in part, regardless of the amount, the proceeds of crime, are related to a crime, or are intended to be used in a crime.
b) The Licensed Person must take into account all information from both the ordering and beneficiary sides in order to determine whether an STR or SAR is to be filed.
c) Procedures and controls must be implemented to ensure timely reporting of suspected cases to the FIU;
d) The Licensed Person must comply with all directions of the FIU in relation to STRs and SARs submitted to them;
e) The Licensed Person must keep appropriate records of STRs and SARs reported to the FIU; as required by paragraph 16.29.6 of this Chapter and
f) As stated in Paragraph 16.25.6 of this Chapter, where a transaction is subject to the UN or UAE sanctions, the Licensed Person must immediately and without prior notice freeze the funds. Where a Licensed Person suspects that a transaction is related to the financing of terrorism and illegal organisations, the Licensed Person must report the transaction to the FIU within 24 hours.
16.27 Tipping Off
16.27.1 Tipping off is prohibited and is a punishable criminal offence. The Licensed Person or its employees must not inform customers or any persons or third parties, either directly or indirectly, that their transactions are subject to monitoring, are under investigation or have been reported to the FIU as suspicious transactions.
16.27.2 The Compliance Officer must ensure that all employees of the Licensed Person are aware of the consequences of tipping off such as penalties and imprisonment. Sufficient AML/CFT training must be provided to all employees to avoid tipping off.
16.28 Employee Behaviour
16.28.1 The Licensed Person must watch out for its employee’s behaviour, such as, an employee whose lifestyle cannot be supported by his/her salary or an employee who is reluctant to take a vacation or is associated with unusually large numbers of transactions, etc.
16.29 Record Retention
16.29.1 All records, documents, data and statistics related to transactions such as transaction receipts, KYC, CDD and EDD, ongoing monitoring, business correspondence and copies of personal identification documents must be retained for a minimum period of five (5) years from the date of completion of the transaction, termination of the business relationship or from the closing date of the account.
16.29.2 Records, in the context of Paragraph 16.29.1 of this Chapter, include electronic communication and documentation as well as physical, hard copy communication and documentation.
16.29.3 Records retained by the Licensed Person must be sufficient to permit the reconstruction of individual transactions.
16.29.4 AML training registers, training plans, AML training materials and other evidence for providing AML training must be retained for a period of five (5) years from the date of training.
16.29.5 Supporting documents for the transaction monitoring and investigations carried out on unusual transactions must be retained for a minimum period of five (5) years.
16.29.6 All documents related to STRs, SARs or other report types, including internal disclosures by employees and results of any analysis performed, must be retained for a minimum period of five (5) years from the date the STR, SAR or other report was reported. In case the matter is subject to litigation in a court or under investigation by an enforcement agency, the supporting documents related to such transactions or STR, SAR or other report must be retained for a minimum period of five (5) years from the date of issuance of a final decision of the competent judicial authority or from the date of completion of the investigation.
16.29.7 Any other records to demonstrate compliance with the AML/CFT Laws, Regulations, Notices and the Standards must also be retained.
16.30 Bi-Annual Compliance Report
16.30.1 The Compliance Officer must prepare Bi-Annual Compliance Reports (i.e. reports for the six (6) month periods ending on 30th June and 31st December of the respective financial year) in order to assess the effectiveness of the Licensed Person’s AML/CFT policies, procedures, systems and controls to prevent M//TF.
16.30.2 Bi-Annual Compliance Reports must be submitted within one (1) month from the end of each reporting period to:
a) the Compliance Committee; and b) the Board of Directors (or the Owner/Partners where there is no Board of Directors).
16.30.3 Bi-Annual Compliance Reports must cover at least the following:
a) Assessment of ML/FT risks associated with the business of the Licensed Person and the effectiveness of its policies, procedures, systems and controls;
b) Summary of the gap analysis between the AML/CFT Program of the Licensed Person and existing AML Laws, Regulations, Notices and the Standards as well as the actions taken by the Compliance Officer to bridge or resolve such gaps;
c) Details of AML/CFT breaches highlighted in the most recent Central Bank examination report and the reports by Internal/External Auditors;
d) The number of internal suspicious disclosures made by employees and the number of cases investigated, closed, kept open for future monitoring or reported to the FIU as STRs during the reporting period;
e) The number of suspicious transactions detected and reported to the FIU via independent transaction monitoring by the Compliance Officer during the reporting period;
f) Changes in the AML/CFT policies and procedures reviewed and the details of any AML/CFT policy or procedures newly introduced during the reporting period;
g) Statistics on total employees, new joiners during the reporting period, number of employees trained and the number of employees not trained (if any) including reasons for not training employees;
h) Areas where the AML/CFT training programme must be improved and proposals made to enhance the training;
i) Recommendations to the Manager in Charge and the Board of Directors (or to the Owner/Partners where there is no Board of Directors) for the improvement of the AML/CFT function of the Licensed Person;
j) Details of Compliance Officer’s requests for additional human resources, systems, controls, tools and technology changes for the attention of the Board of Directors (or of the Owner/Partners where there is no Board of Directors);
k) An action plan to improve the AML/CFT compliance function for the next six (6) months along with the current status of similar action plan for previous six (6) months; and
l) The conclusion of the Compliance Officer about the effectiveness of the existing AML/CFT function of the Licensed Person.
16.30.4 The Bi-Annual Compliance Report must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors).
16.30.5 A copy of the Bi-Annual Compliance Report must be submitted to the Banking Supervision Department and the AML/CFT Supervision Department via email respectively to info.ehs@cbuae.gov.ae and amlcft@cbuae.gov.ae along with comments from the Board of Directors (or from the Owner/Partners where there is no Board of Directors) within four (4) months from the end of each reporting period.
16.31 Independent Audit/Agreed-Upon Procedures on AML/CFT Compliance Function
16.31.1 The Compliance Officer’s function must undergo regular audit by the Internal Audit Department. Internal audit findings must be reported to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).
16.31.2 External Auditors must perform Agreed-Upon Procedures on the AML/CFT Compliance function annually which cover all the requirements of the AML/CFT Laws and Regulations, in particular this Chapter, and report their findings directly to the Board of Directors (or to the Owner/Partners where there is no Board of Directors). The Licensed Person must submit a copy of this report to the Banking Supervision Department and the AML/CFT Supervision Department via email respectively to info.ehs@cbuae.gov.ae and amlcft@cbuae.gov.ae within four (4) months from the end of each financial year.
16.31.3 The Board of Directors (or the Owner/Partners where there is no Board of Directors) must ensure that appropriate actions are taken by the Compliance Officer, Manager in Charge and other functional heads to resolve findings of internal and external auditors in a timely manner. The Board must have in place procedures that are reasonably designed to ensure timely remediation of findings which may include time bound action plans, periodical review, follow ups.
16.32 Uploading of Remittance Data and Responding to Central Bank Queries
16.32.1 The Licensed Person must upload remittance data to the Central Bank Remittances Reporting System on a daily basis or at the latest by the end of the next business day.
16.32.2 The Licensed Person must also introduce appropriate procedures, systems and tools to enable immediate responses to the enquiries received from the Central Bank, the FIU (example: Search or Freeze notices) and other competent authorities in the UAE.
16.33 Role of the Compliance Committee
16.33.1 Please refer to Paragraph 6.9.3 of Chapter 6 for the roles and responsibilities of the Compliance Committee.
16.34 Scope of the Standards
16.34.1 The Standards under this Chapter shall apply to all Licensed Persons and their branches, offices and subsidiaries operating in the UAE as well as their employees, Board of Directors, Owner/Partners/Shareholders.
16.34.2 The Standards under this Chapter also apply to all branches and subsidiaries of the Licensed Person operating in foreign jurisdictions where the AML/CFT compliance requirements are less stringent than that contained in this Chapter.
16.35 Relationship with Other Documents3
This Chapter must be read, in particular, in conjunction with the following Laws and Regulations of the UAE:a) Federal Decree Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations and its amendment (Decree Federal Law No. (26) of 2021 amending certain provisions of Federal Decree Law No. 20 for 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations);
b) Cabinet Decision No. (10) of 2019 concerning the Implementing Regulation of Federal Decree Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations;
c) Central Bank’s Procedures for Anti-Money Laundering and Combating the Financing of Terrorism and Illicit Organisations (issued by Notice No. 74/2019 dated 19/06/2019);
d) Guidelines on Anti-Money Laundering and Combating the Financing of Terrorism and Illicit Organisations for Financial Institutions (issued by Notice 79/2019 dated 27/06/2019) and any amendments or updates thereof; and
e) Central Bank’s Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations Guidance for Licensed Exchange Houses and other AML/CFT related Guidances.
3 Available at https://www.centralbank.ae/en/cbuae-amlcft
E. Customer Protection Standards
Chapter 17: Customer Complaints Process
Introduction
The Central Bank expects the Licensed Person to provide services to its customers in an utmost professional manner and to ensure their rights are appropriately protected. This chapter summarizes the minimum standards that a Licensed Person must maintain at all times in order to handle complaints from its customers effectively and efficiently.
17.1 Customer Complaints Processes and Procedures
- 17.1.1The Licensed Person must implement appropriate processes and procedures to resolve complaints from its customers in a timely manner.
17.2 Customer Support Officer
- 17.2.1The Licensed Person must assign a dedicated phone number and an email ID for its customers to lodge their complaints;
- 17.2.2The designated phone number and the email ID must be printed on all receipts given to the customer and also must be displayed at a prominent location in the licensed premises;
- 17.2.3The Licensed Person must appoint/designate, subject to Paragraph 17.2.4 of this Chapter, an officer for handling customer complaints at its Head Office. The responsibilities of this officer must include the following:
- a)Receive complaints from customers either directly or through the branches;
- b)Record all complaints irrespective of its nature in a separate register;
- c)Resolve customer complaints; and
- d)Submit periodical reports to the Manager in Charge.
- 17.2.4Depending on the nature, size and complexity of the business, the Licensed Person may appoint a dedicated Officer to handle customer complaints or combine this role with another suitable function subject to the conditions under Paragraphs 7.2.4 (a) of Chapter 7, 16.4.7 (a) and 16.5.1 (g) of Chapter 16;
- 17.2.5Appropriate registers and log sheets must be maintained to record all customer complaints. Adequate entries must be made in such registers to demonstrate when the complaint was received or how and when it was resolved; and
- 17.2.6All customer complaints must be dealt with fairly and promptly.
17.3 Turnaround Time
- 17.3.1The Licensed Person must send a confirmation upon the receipt of every complaint to the customer within two (2) business days via SMS or email;
- 17.3.2All complaints must be resolved within a reasonable period of time which shall not exceed ten (10) business days;
- 17.3.3A final response must be provided to the customer within ten (10) business days; and
- 17.3.4In case, a complaint is not resolved within ten (10) business days (i.e. an overdue complaint), the Licensed Person must update the customer, on the very next business day, with reasonable justifications for the possible delay.
17.4 Disclosure of Unresolved Complaints
- 17.4.1The details of all overdue complaints for each month must be reported to the Manager in Charge within five (5) business days from the end of every month; and
- 17.4.2The Manager in Charge must evaluate the effectiveness of the customer complaint procedure based on the report on overdue complaints.
17.5 Internal Audit
- 17.5.1The scope of the internal audit must include the overall efficiency of the Licensed Person in addressing customer complaints; and
- 17.5.2The Internal Auditor must give special attention to the turnaround time for each customer complaint and investigate the reasons for overdue complaints.
Chapter 18: Unclaimed Funds
Introduction
As part of protecting the interest of customers, the Licensed Person has an obligation to assess, document and disclose the amount of unclaimed funds and monitor such funds until it is paid to the respective customer(s). This chapter describes the meaning, treatment and disclosure requirements related to unclaimed funds.
18.1 Meaning of Unclaimed Funds
- 18.1.1Funds involved in any money transfer transaction shall be treated as unclaimed funds under the following conditions:
- a)The funds involved in an outward money transfer to a bank account, whether local or foreign, will be considered as unclaimed funds if the Licensed Person fails to pay it back to the respective customer within seven (7) calendar days upon cancellation of that transaction by the remitter or upon being returned by the beneficiary bank as it could not credit the beneficiary’s account for various reasons. The Licensed Person must collect the funds back from the foreign or local bank if the settlement of such transaction has already been completed with the bank;
- b)The funds involved in an outward remittance via an instant money transfer service provider or any other financial institutions to be paid to the beneficiary in cash will be treated as unclaimed funds if the beneficiary fails to collect the funds within ninety (90) calendar days from the date of transaction. The Licensed Person must collect the funds back from the instant money transfer service provider or the financial institution if the settlement of such transaction has already been completed;
- c)The funds involved in a demand draft issued by the Licensed Person shall be considered as unclaimed funds if the beneficiary fails to cash such draft prior to the date of its expiry. The Licensed Person must collect the funds back from the foreign correspondent bank in case the settlement has already been completed;
- d)Inward remittance transaction for which the Licensed Person received the settlement funds from a foreign correspondent will be treated as unclaimed funds if it is not paid to the beneficiary within thirty (30) calendar days from the date of receiving the payment instruction unless it is refunded to such foreign correspondent; and
- e)WPS Funds held by the Licensed Person against the WPS SIF File rejected (due to errors in the SIF File) by the Central Bank must be classified as unclaimed funds if the client (i.e. the employer) fails to provide the correct file to the Licensed Person within five (5) business days from the date of rejection.
- 18.1.1Funds involved in any money transfer transaction shall be treated as unclaimed funds under the following conditions:
18.2 Management of Unclaimed Funds
- 18.2.1The Licensed Person must ensure that unclaimed funds are assessed, documented, monitored and disclosed on a monthly basis subject to the below standards:
- a)The Licensed Person must implement Policies and Procedures to assess, document, disclose and monitor unclaimed funds. These Policies and Procedures must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors);
- b)Roles and responsibilities in relation to the management of unclaimed funds must be clearly defined;
- c)The unclaimed funds must be segregated and held as cash in local currency stock or kept in the local bank account. This fund must not be used for day to day business activities;
- d)The Licensed Person must constantly try to communicate with the respective customer(s) to refund unclaimed funds;
- e)The Licensed Person must assess the amount of unclaimed funds as on the last day of every month and disclose it as a separate item under “Current Liabilities” of the monthly return Form No. 1; and
- f)The Internal Auditor must review the procedures and the management of unclaimed funds as stated under Paragraphs 18.2.1 (a) to (e) of this Chapter and report its findings to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).
- 18.2.1The Licensed Person must ensure that unclaimed funds are assessed, documented, monitored and disclosed on a monthly basis subject to the below standards:
F. Appendices
Appendix 1: Definitions
- 1.“the Central Bank” means the Central Bank of the United Arab Emirates.
- 2.“the Banking Supervision Department (the BSD)” means the Banking Supervision Department at the Central Bank of the UAE.
- 3.“the FID” means the Financial Intelligence Department at the Central Bank of the UAE (formerly known as the Anti-Money Laundering and Suspicious Cases Unit or the AMLSCU). It is the Financial Intelligence Unit (FIU) of the UAE and the sole national centre for receiving, analyzing and disseminating suspicious transaction reports (STRs) filed by banks, exchange houses, other financial institutions and designated non-financial businesses and professions (DNFBPs) as per the Federal Law No. (9) of 2014 regarding the amendment of some Provisions of the Federal Law No. (4) of 2002 regarding Criminalization of Money Laundering and its Executive By-Law No. (38) of 2014.
- 4.“the Licensed Person” means any natural or juridical person authorized to conduct Exchange Business under the Regulations.
- 5.“License” means license issued by the Central Bank for the carrying out Exchange Business.
- 6.“Exchange Business”; shall mean:
- i.Dealing in sale and purchase of foreign currencies and travelers cheques;
- ii.Executing remittance operations in local and foreign currencies;
- iii.Payment of wages through establishing a link to the operating system of “wages protection” (WPS); and
- iv.Other business licensed by the Central Bank.
- 7.“Paid-Up Capital” means the cash paid by the Owner, Partners or Shareholders of a Licensed Person into the account of the entity, as per requirements of the Regulations.
- 8.“Licensed Premises” means the premises where the Licensed Person is permitted by the Central Bank to carry out Exchange Business.
- 9.“Instant money transfer service provider” means a money remitting institution licensed and regulated by an appropriate Regulator in its home country who will have necessary proprietary software applications and infrastructure to transfer funds instantly from an agent in one country to an agent in another country and/or domestically.
- 10.“Designated Remittance Intermediate Account” shall mean an account with a Bank licensed by the Central Bank of the UAE where the customers’ remittance funds are deposited temporarily prior to the execution of remittances to the foreign correspondents or remittance partners.
- 11.“ML/FT” means the Money Laundering or Terrorist Financing as defined in the Federal Law No (9) of 2014 regarding the amendment of some Provisions of the Federal Law number (4) of 2002 regarding Criminalization of Money Laundering.
- 12.“AML/CFT Program (Anti Money Laundering and Combating Financing of Terrorism Program)” means the Policies, Procedures, Systems, Controls, etc. introduced to prevent Money Laundering and Financing of Terrorism.
- 13.“Ultimate Beneficial Owner or the UBO” means the ‘Natural Person’ who ultimately owns or controls a customer and/or the natural person on whose behalf a transaction is being conducted. It also includes those persons who exercise ultimate effective control over a juridical person. A Natural Person who owns 5% or above of the juridical person is treated as an UBO. Also be guided by the FATF paper on Transparency and Beneficial Ownership (October 2014) regarding effective control and related matters.
- 14.“Foreign Politically Exposed Person (FPEP)” means an individual who is or was previously entrusted with a prominent public function by a foreign country such as heads of state or government, senior politicians, senior government officials and judicial or military officials, senior executives of state owned corporations, senior officials of political parties, Head of an International Organization (HIO), and such individual’s family members or close associates.
- 15.“Head of an International Organization (HIO)” means individuals who are or were previously entrusted with a prominent function by an international organization such as members of senior management or individuals entrusted with equivalent functions (i.e. directors, deputy directors, members of the board or equivalent functions) and such individual’s family members and close associates.
- 16.“Source of funds” means how the money, involved in the transaction, was originally derived or earned. Examples of source of funds are: salary, wages, inheritance, gratuity, end of service benefits, bank loan, income from businesses, sale of property, sale of land, sale of investments, etc. For verification of the source of funds, documents include but are not limited to salary slip, labor contract, court order, bank statements, etc.
- 17.“Purpose of transaction” means an explanation about why a customer is conducting a transaction or the reason for which the funds will be used. Examples of purpose of transaction are: family support, education, medical, tourism, debt settlement, financial investment, direct investment, or trading etc. For verification of the purpose of transaction, documents may include any documentation proving the purpose for which the money will be used.
Appendix 2: List of Laws, Regulations and Notices
- 1.The provisions of Union Law No. (10) of 1980 concerning the Central Bank, the monetary system and the organization of banking and its amendments.
- 2.Resolution No. 31/2/1986 issued on 16/7/1986 regarding organization of the foreign exchange profession in the UAE.
- 3.Regulations regarding Licensing and Monitoring of Exchange Business issued on 6th January 2014.
- 4.Amendments to Regulations regarding Licensing and Monitoring of Exchange Business by virtue of Notice No 269/2016 dated 25th August 2016.
- 5.Federal Law number 4 of 2002 regarding Criminalization of Money Laundering.
- 6.Federal Law Number 9 of 2014 regarding amendment of some provisions in Federal Law number 4 of 2002.
- 7.Decree Number 38 of 2014 regarding the Executive By Law of the Federal Law number 4 of 2002.
- 8.Notice No. 24/2000 issued on 14th November 2000 and its subsequent amendments.
- 9.Notice No. 1401/2010 issued on 16th March 2010.
- 10.Rules of the Wage Protection System issued by the Central Bank.
- 11.Notice No. 249/2016 issued on 3rd August 2016.
- 12.Notice No. 171/2017 issued on 12th June 2016.
- 13.Any other Notices, Circular or Regulations issued hereafter by the Central Bank of the UAE regarding Exchange Business.
Appendix 3: List of Compulsory Reports and Forms
Prudential reporting and submission deadlines
The Licensed Person must submit the following returns/reports to the Central Bank within the deadlines mentioned hereunder:
Notes:
- 1.“Annual return/report” means a return/report for the period from 1st January to 31st December of each financial year;
- 2.“Bi-Annual returns/reports” are returns/reports for the six (6) months period ending on 30th June and 31st December of each financial year;
- 3.“Quarterly returns/reports” are returns/reports for the three (3) months period ending on 31st March, 30th June, 30th September and 31st December of each financial year;
- 4.In the case of a startup business, the starting date of a return/report will be the actual date of commencement of business in all above cases;
- 5.The Central Bank reserves the right to alter the format or add/remove the information required in any return/report or introduce additional return(s)/report(s) or discontinue existing return(s)/report(s) at any point in time;
- 6.Form 1 to Form 17 (i.e. items from 4 to 20 of the above table) must be submitted to the Banking Supervision Department via email info.ehs@cbuae.gov.ae only;
- 7.Bi-Annual Compliance Report from the Compliance Officer (i.e. item 21 of the above table) must be submitted to the Banking Supervision Department via email mfo.ehs@cbuae.gov.ae in addition to submitting a hard copy to the FID; and
- 8.Auditors’ Report, Financial Statements, Management Letter and External Auditor’s findings based on the Agreed-Upon Procedures on AML/CFT Compliance function (i.e. items 22 and 23 of the above table) must be submitted to the Banking Supervision Department via email info.ehs@cbuae.gov.ae in addition to submitting the hard copies.
Appendix 4: Supervisory Powers and Non-Compliance Charges
A.Supervisory Powers and Enforcement Actions
The Central Bank shall impose the following administrative sanctions on a Licensed Person who continues its operations in breach of various provisions/requirements of applicable Laws, Rules, Regulations, Notices and the Standards:
- a)Issuance of warning letter;
- b)Decline approvals of any kind;
- c)Restrict the growth of the business by declining new branch or new product approvals;
- d)Restrict the validity of the renewed license for a period less than one (1) year;
- e)Decline to renew license(s);
- f)Temporarily or permanently suspend one or more of the licensed activities such as remittance activity, WPS, banknotes export/import, etc.;
- g)Limit the powers of the Board of Directors, Management or Managers or Owners including the appointment of a temporary observer;
- h)Administrative sanctions including levying non-compliance charges (i.e. financial penalties or fines) as per Article 11.3 (b) of Federal Law No. (9) of 2014 regarding the amendment of some provisions in Federal Law Number (4) of 2002;
- i)Temporary suspension of the license;
- j)Revoke the license to carry out Exchange Business; and
- k)Prohibit the concerned violating parties from working in the Exchange Business sector for a period to be defined by the Central Bank.
B.Non-Compliance Charges
The Central Bank shall impose non-compliance charges or fines, in accordance with Article 11.3 (b) of Federal Law No. (9) of 2014, on a Licensed Person when, based on the available facts and information, it is satisfied that the Licensed Person has failed to comply with the provisions of the Federal Law No. (9) of 2014, the Cabinet Resolution No. 38 of 2014 regarding the Executive Bylaws of Federal Law No. 4 of 2002, the Central Bank Regulation Concerning Procedures for AntiMoney Laundering (Ref No. 24/2000 issued on 14th November 2000, i.e. “the AML/CFT Regulations”) and its Addendum (Notice No. 2922/2008 issued on 17th June 2008, i.e. “the Addendum”) and any other amendments thereto. Such non-compliance charges are imposed in addition to the sanctions/penalties stated in Article (13), Article (14), Article (15) or Article (16) of Federal Law No. (9) of 2014. The non-compliance charges are stated in the below table:
The Licensed Person must note that the non-compliance charges or fines stated above shall be levied for each non-compliant item separately and therefore, the cumulative of such noncompliance charges for multiple violations by a Licensed Person may exceed AED 500,000.
The Central Bank shall impose other administrative sanctions on a Licensed Person for failing to comply with any provision of applicable Laws, Rules, Regulations, Notices and the Standards. Such administrative sanctions including non-compliance charges shall be determined in accordance with the prevailing Laws and Regulations and shall be published as and when it becomes available under a formal Notice from the Central Bank.
C.Imposing Administrative Sanctions and Right to Make Representation
- 1.Before imposing an administrative sanction, the Central Bank shall give the Licensed Person a written notice:
- a)of the nature of the alleged non-compliance;
- b)of the intention to impose an administrative sanction and the amount;
- c)particulars of the intended administrative sanction; and
- d)that the Licensed Person may, within a period specified in the notice, make representations in writing to the “Assistant Governor for Banking Supervision” as to why the administrative sanction should not be imposed.
- 2.After considering the representation from the Licensed Person, if any, the Central Bank shall inform the Licensed Person in writing about its final decision to impose an appropriate administrative sanction.
- 3.The Central Bank further reserves the right to impose non-compliance charges which are higher than those published in the above table. In cases where it may be required to determine such higher non-compliance charges which, in accordance with AML/CFT Laws and Regulations shall not be less than AED 50,000 and shall not exceed AED 500,000, the Central Bank will consider the following factors:
- a)the nature, duration, seriousness and extent of the relevant non-compliance;
- b)license category and type of business activities;
- c)the risk grading of the Licensed Person awarded by the Central Bank;
- d)whether the Licensed Person has previously failed to comply with such requirements; and
- e)the effectiveness of the remedial measures taken by the Licensed Person to prevent a recurrence of such non-compliance.
Appendix 5 - Forms and Templates
Details of Forms and Page Numbers
No. Form Name Purpose of the Form Page Number(s) 1 FAA Form To open Hedge accounts or Account/Relationship for remittance with a Foreign Bank, Financial Institution and IMTS provider 125 2 CRV Form To enable the Central Bank to compute the minimum required Bank Guarantee 126 3 FIR Form To report Fraud Incidents 127 4 CIR Form To report Counterfeit Currency Incidents 128 5 LPA Form To apply for a new license, change of license category or change of shareholding/ownership structure 129 - 143 6 APA Form To request for a Letter of No Objection to appoint Manager in Charge, Compliance Officer or Alternate Compliance Officer 144 - 154 Foreign Account Application (FAA Form) to the Banking Supervision Department **
Details of the Applicant 1 Name of the Exchange House 2 Name & details of the contact person of the Exchange House, if further information is required Name: ……………………………………………………..
Phone:…………………… Mobile: ………………………
Email: ……………………………………………………..Details of Foreign Banks/Financial Institutions/IMTS Providers *** No. Full Legal Name Address Name & Contact Details of the Regulator Purpose (whether for Remittance, IMTS or for Hedging)
1
2
3
4
5Declaration by the Authorized Signatory We hereby confirm that we have conducted Enhanced Due Diligence on above Foreign Banks/Financial Institutions/IMTS Providers in accordance with Paragraph 16.11.8 of Chapter 16 of the Standards. Draft agreements are attached with this form. I/We hereby confirm that, to the best of my/our knowledge and belief, all information furnished to the Central Bank of the UAE with regard to this application for the above stated purpose(s) is true and correct.
Name & Signature of Authorized Signatory
Date & Company Stamp**Email the duly filled in FAA Form & Relationship Details Spreadsheet (Refer to Notice 171/2017 dated 12th June 2017 issued by the Central Bank) to info.ehs@cbuae.gov.ae along with a letter signed by the Authorised Signatory of the Exchange House seeking the approval for the above relationships and the draft of the agreements.
*** Provide the details in a separate FAA Form in case the number of relationships exceeds 5.
Certificate of Remittance Value (CRV Form) to the Banking Supervision Department **
(To be submitted within two (2) months from the end of every financial year)Date:
To
The Chief Manager,
Licensing Division, Banking Supervision Department,
Central Bank of the UAE, Abu Dhabi, UAE.Dear Sir
Sub: Certificate of Remittance Value
We hereby certify the following information after verifying the books of accounts of ……………………………………………..… (Name of the Exchange House) for the financial year ended on 31st December ………………..
Total Remittance Turnover*** in AED for the financial year Average monthly Remittance Turnover in AED for the financial year 5% of the average monthly Remittance Turnover in AED for the financial year Total value in AED of the existing Bank Guarantee currently given to the Central Bank Additional Bank Guarantee required in AED to be given as per Paragraph 2.4.1 of the Standards, if required
Yours Faithfully,
(Name and Signature of External Auditors) (Name and Signature of the Licensed Person) **Email the duly filled in CRV Form to info.ehs@cbuae.gov.ae and then submit the original to the BSD.
*** Remittance Turnover means the total value of inward and outward remittances. Domestic remittances, where the origin and destination of remittances are within the UAE, are excluded.
Fraud Incident Reporting (FIR Form) to the Banking Supervision Department**
Details of the Place & Date of Fraud Incident 1 Name of the Exchange House 2 Name & details of the contact person of the Exchange House, if further information is required Name: ……………………………………………………..
Phone:…………………… Mobile: ………………………
Email: ……………………………………………………..3 Name & address of the branch where the incident happened 4 Date & time of incident Details of the Fraud Incident & Amount 1 Amount in AED 2 Nature & mode of operation of the incident 3 How was the incident discovered & by Whom? Details of the Perpetrator *** 1 Name of the perpetrator 2 Nationality: …………………... ID Type: …………………. ID Number: ……………….. 3 Residential Status UAE Resident - UAE Non-Resident - 4 Contact details of the perpetrator, if available Address:
Phone:
Mobile:5 - a)Was your employee connected with this incident?
Yes - No -
- b)Has the incident been reported to the Police?
Yes - No -
- c)Do you have any insurance against such losses?
Yes - No -
6 If answer to question 5 (a) is YES, then provide employee’s details. Name of the employee: …………………...........................
Nationality: ………………….............................................
ID Type: …………………ID Number: ……………….....Actions Taken by the Exchange House 1
State actions taken by the Exchange House
Name & Signature of Authorized Signatory
Date & Company Stamp** Email the duly filled in FIR Form to info.ehs@cbuae.gov.ae and then submit the original to the BSD.
*** Provide the details in a separate page in case more than one individual involved in the incident.
Counterfeit Incident Reporting (CIR Form) to the Banking Supervision Department**
Details of the Place & Date of Counterfeit Incident 1 Name of the Exchange House 2 Name & details of the contact person of the Exchange House, if further information is required Name: ……………………………………………………..
Phone:…………………… Mobile: ………………………
Email: ……………………………………………………..3 Name & address of the branch where the incident happened 4 Date & time of incident Details of Counterfeit Notes & Amount Involved 1 Currency Type a) AED - Amount ………………………
b) Foreign Currency - Currency name ………….. Amount ……………..2 Denomination Details of the Individual who Produced Counterfeit Notes*** 1 Name of the Individual 2 Nationality: …………………... ID Type: …………………. ID Number: ……………….. 3 Residential Status UAE Resident - UAE Non-Resident - 4 Contact details of the Individual, if available Address:
Phone:
Mobile:5 - a)Does the Individual have any information as to the source of Counterfeit?
Yes - No -
- b)Was your employee connected with this incident?
Yes - No -
- c)Do you have any insurance against such losses?
Yes - No -
6 If answer to question 5 (a) is YES, then provide full details. 7 If answer to question 5 (b) is YES, then provide employee’s details. Name of the employee: …………………...........................
Nationality: ………………….............................................
ID Type: …………………ID Number: ……………….....Actions Taken by the Exchange House 1 State actions taken by the Exchange House
Name & Signature of Authorized Signatory
Date & Company Stamp** Email the duly filled in CIR Form to info.ehs@cbuae.gov.ae and then submit the original to the BSD.
*** Provide the details in a separate page in case more than one individual involved in the incident.
EXCHANGE BUSINESS
LICENSED PERSON’S
APPLICATION FORM
(LPA FORM)APPLICATION TYPE New License
Change License Category
Change Capital/Shareholding StructureNAME OF APPLICANT
LICENSE CATEGORY
REQUESTEDCategory A
Category B
Category CCONTACT DETAILS Name:
__________________________
Title/Capacity:
__________________________
Tel:
__________________________
Fax:
__________________________
E-mail:DATE OF SUBMITTING THE FORM
Please return completed form, together with supporting documentation to Licensing Division, Banking Supervision Department, Central Bank of the U.A.E.
Table of Contents
SECTION
CONTENTS PAGE NO.
1.
GUIDELINES 131
2.
LICENSING PROCESS 132
3.
APPLICANT’S DETAILS 133
4.
SHAREHOLDERS/ OWNERS/ PARTNERS 136
5.
BOARD OF DIRECTORS 138
6.
AUTHORIZED PERSONS 139
7.
REQUIRED DOCUMENTS 140
8.
DECLARATION 143
Section 1: GUIDELINES
- 1.Any person may submit to the Central Bank an application for a new license, change license category or change in capital or shareholding structure of license. However, any material changes or proposed changes to the information provided in support of an application must be immediately reported to the Central Bank.
- 2.An applicant may appoint a representative to prepare and submit the application. However, the applicant retains full responsibility for the accuracy and completeness of the application. The Central Bank also expects to be able to liaise directly with the applicant during the assessment process, when seeking clarification of any issues.
- 3.All documentation provided to the Central Bank must be in either Arabic or English. Any documentation in a language other than Arabic or English must be accompanied by Arabic or English translation. Moreover, all figures submitted must be in either AED or USD.
- 4.Complete all sections as fully as possible, attaching supporting documents and continuation sheets where required.
- 5.The Central Bank may require the applicant to amend aspects of their services/activities in order to comply with the licensing requirements.
- 6.The applicant may withdraw its application at any time during the process by notifying the Central Bank.
- 7.Failure to provide all required information may result in significant delays in processing the application. The Central Bank does not accept responsibility for any loss caused to the applicant by any such delay.
- 8.If any question is not applicable in a particular circumstance, please clearly indicate by marking ‘N/A’, with an explanation as to why it does not apply.
- 9.Applicants are reminded that no person may undertake an Exchange Business within or from the United Arab Emirates unless licensed by the Central Bank.
- 10.Please return completed form, together with supporting documentation to:
Licensing Division - Banking Supervision Department
Central Bank of the U.A.E.Section 2: LICENSING PROCESS
- 1.All potential new applicants are encouraged to contact the Central Bank at an early stage to discuss their plans and requirements. The Licensing Division at the Central Bank would expect to hold at least one pre-application meeting with the applicant, prior to receiving an application.
- 2.Applicants must submit a formal application letter signed by an authorized signatory, including the request and reasons for applying.
- 3.Applicants seeking new license must submit the following duly completed Forms, along with the related supporting documents:
- a)Licensed Person’s Application Form (LPA FORM)
- b)Authorised Person’s Appointment Form (APA FORM)
- 4.Applicants seeking new license must submit all required documents as listed in ‘Section 7: REQUIRED DOCUMENTS’ of this Form.
- 5.The Central Bank shall notify the applicant of the outcome of the application, which the Central Bank considers to be complete. The Central Bank will review the applications and accordingly advise the applicant in writing when it has:
- a)Approve the applicant’s request without conditions;
- b)Approve the applicant’s request subject to conditions specified by the Central Bank; or
- c)Reject the applicant’s request.
- 6.Queries may be addressed to:
Licensing Division
Banking Supervision Department
Central Bank of the U.A.E.Section 3: APPLICANT’S DETAILS
Please submit all information requested below. You can use a continuation sheet if necessary. If the question is not applicable, please clearly indicate by marking ‘N/A’.
- 1.Name of the applicant (Please provide the current and proposed, in case of change in the applicant’s name)
- 2.Legal form (Please provide the current and proposed, in case of change in the legal form)
- 3.Authorised and paid-up capital (Please provide the current and proposed, in case of change in the authorised and paid-up capital)
- 4.Origin of the capital source(s), with the related bank documents as proof
- 5.License category (Please provide the current and proposed, in case of change in the legal form)
- 6.Reasons for applying at the Central Bank
- 7.The external auditor (existing or to be appointed - specify which)
Section 3: APPLICANT’S DETAILS (Continue)
- 8.The organization structure with the reporting lines to be included. Please describe, and provide further details in the business plan. (For applications for new license or in case of change in the organization structure of a Licensed Person).
- 9.Outline the framework of the company’s risk management and monitoring system with respect to the major potential risks. Please provide further details in the business plan. (For applications for new license)
- 10.Supply details of any expansion plans (branches or subsidiaries inside or outside the UAE), and anticipated manpower/staffing requirements in the next three (3) years, reflecting the Emiratisation requirements (For applications for new license)
- 11.Other ancillary activities. Please describe, and provide further details in the business plan. (For applications for new license)
- 12.Details of any entity licensed or authorized within the group by a regulatory/supervisory authority (For applications for new license or change in capital or shareholding structure)
No. Entity Name License/
Authorization TypeRegulatory/
Supervisory NameRegulatory/
Supervisory Contact
Details1. 2. 3. 4. Section 3: APPLICANT’S DETAILS (Continue)
- 13.Has the applicant or member(s) of its group been the subject of any litigation or convicted in a Court of Law (or known circumstances which might give rise to litigation) over the past five (5) years, or is any litigation currently outstanding? If yes, please provide details
- 14.Are there any restrictions imposed on the operations of the applicant or member(s) of its group by any regulatory authorities? If yes, please provide details
- 15.Has the applicant had any of its previous applications in other countries rejected? If yes, please provide details (name of the Regulator, date of rejecting the application, reasons for the rejection)
Section 4: SHAREHOLDERS/ OWNERS/ PARTNERS
- 1.Please list all particulars required below (including previous names used) of all proposed shareholders, owners or partners. If space is insufficient, please provide on separate sheet of paper.
No. Name Nationality/
Country of IncorporationAmount
in AEDPercentage of
Shareholding1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11.
Total
Section 4: SHAREHOLDERS/ OWNERS/ PARTNERS (Continue)
- 2.Please list all particulars required below (including previous names used) of all existing shareholders, owners or partners (if applicable). If space is insufficient, please provide on separate sheet of paper.
No. Name Nationality/
Country of IncorporationAmount
in AEDPercentage of
Shareholding1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11.
Total
Section 5: BOARD OF DIRECTORS
- 1.Please complete the table below for all proposed members of the Board of Directors (if applicable). For “Other Responsibilities”, please list all positions held as board of director or senior manager in any other institutions or company.
No. Name Nationality Other Responsibilities Position Company/
Institution1. 2. 3. 4. 5. - 2.Please complete the table below for all existing members of the Board of Directors (if applicable). For “Other Responsibilities”, please list all positions held as board of director or senior manager in any other institutions or company.
No. Name Nationality Other Responsibilities Position Company/
Institution1. 2. 3. 4. 5. Section 6: AUTHORIZED PERSONS
- 1.Please list all particulars required below (including previous names used) of all current and/or proposed Authorized Persons. Also, include completed Authorized Person Appointment Form (APA Form) along with the supporting documents for each proposed name provided.
No. Position Name APA Form
Attached
(Yes/No)Current Proposed
(if applicable)1. Manager in Charge 2. Compliance Officer 3. Alternate Compliance Officer - 2.Please list all current and/or proposed Functions Heads below (including previous names used). If space is insufficient, please provide on separate sheet of paper.
No. Position Name Current Proposed
(if applicable)
1.
2.
3.
Section 7: REQUIRED DOCUMENTS
Please select the documents submitted with this form. If the required document is not applicable, please clearly indicate by marking ‘N/A’.
- ⬜A formal application letter signed by authorized signatory, including the request and reasons for applying.
- ⬜A certified copy of the Board resolution of the applicant, confirming its decision to seek a license/ change license category (if applicable).
- ⬜Copy of the commercial registration, where the applicant is an existing company.
- ⬜APA Forms for person wishing to undertake an authorized function.
- ⬜Business plan including short history of the applicant and its shareholders, the reasons for applying and market objectives, a description of the group and organizational structure, a brief summary of its key business lines, its mind and management, financial projections and all related assumptions covering at least the first three (3) years of operations, an assessment of potential risks and their mitigations, board and senior management, and any functions to be outsourced.
- ⬜Details of the applicant’s group structure.
- ⬜Copies of the audited financial statements of the applicant’s major shareholders (for corporates only) for the three (3) years preceding the application.
- ⬜A copy of the applicant’s memorandum and articles of association in draft form.
- ⬜A letter of non-objection to the applicant from the applicant’s lead supervisor (in the case of applicants that are part of a regulated group), and confirmation that it is in good regulatory standing and in compliance with applicable supervisory requirements.
- ⬜A copy of the certificate of license issued by the regulatory authority (In the case of applicants that are part of a regulated group).
- ⬜A capital deposit certificate from a licensed bank by Central Bank.
- ⬜The applicant’s location address and details of premises to be used to carry out the business.
- ⬜A copy of the required approvals from the Ministry of Economy and Department of Economic Development.
Section 7: REQUIRED DOCUMENTS (Continue)
- ⬜Undertaking from the Shareholders to comply with the provisions of the Union Law No. (10) of 1980 concerning the Central Bank, the monetary system and organization of banking, and the decision of the Board of the Central Bank concerning the licensing and regulation of the exchange business in the country, as amended, and any other decisions or instructions or directives or circulars or correspondence issued by the Central Bank, as well as subjecting the institution / company records and documents to the Central Bank supervision and audit.
- ⬜An undertaking from the Shareholders to provide, in case the application is approved, a bank guarantee drawn in favor of the Central Bank issued by a bank licensed in the UAE.
- ⬜A certification / acknowledgment that the Shareholders are not bankrupt, issued and certified based on the applicable laws of the concerned authorities in the country (the courts).
- ⬜Bank statement of the Shareholders for a period of one (1) year from all banks that they are dealing with in the country.
- ⬜Written acknowledgment provided by the Shareholders confirming that they have never causes any financial losses bared by banks or other financial institutions operating in the UAE from any financial facility obtained from these banks or financial institutions.
- ⬜Written acknowledgment provided by the Shareholders that his/their contribution in the company is actual and not hypocritical for the benefit of any other party as an exchange for a commission.
- ⬜Bank reference of the Shareholders to be provided to the Central Bank from each bank they are dealing with during the past seven (7) years. The bank reference should include a paragraph about the cheques and whether the Shareholders have issued cheques that were bounced due to insufficient funds in their accounts during that specified period.
- ⬜Undertaking from the Shareholders that the company is committed to fulfill any obligations that may arise to third parties and any operations the company will undertake in the future.
- ⬜Undertaking from the Shareholders not to be committed to contracts that leads to financial obligations, prior to receiving the in-principal approval from the Central Bank to carry out Exchange Business.
Section 7: REQUIRED DOCUMENTS (Continue)
- ⬜Undertaking from the Shareholders that if it was proven to the Central Bank that the license granted has been rented/ leased for a commission, the Central Bank has the right to cancel the license without referencing back to them.
- ⬜Undertaking from the Shareholders confirming that the company will:
- •Not manage clients’ money in or outside the UAE, or open marginal accounts to their clients.
- •Not rent this license, or any other license provided by the Central Bank, when granted to them in the future.
- •Execute all exchange business activities based on receipts, advertise to customers clearly about currency rates, and keep copies of all receipts and correspondence regularly in accounting records.
- •Not bail foreign financial facilities, nor act as a local agent to them.
- •Not represent foreign financial facilities.
- •Not sign contracts with foreign financial facilities for the management of the company.
- ⬜Undertaking from the Shareholders that they will be in contact with the Central Bank, and will inform the Central Bank of any changes in address or place of residence or change in their management positions. They should also record the minutes of their meetings and provide the Central Bank with a copy of them.
- ⬜Undertaking from the Shareholders that they are aware about all applicable Laws, Rules, Regulations, Notices and the Standards issued by the Central Bank regarding the exchange business and antimoney laundering on an ongoing basis, and the company will be keeping a copy of these laws and regulations in special files, where they will be held accountable for any failure in compliance with this requirement.
Section 8: DECLARATION
We declare that the information submitted for this Form is complete and accurate to the best of our knowledge and that there are no other facts relevant to this Form that the Central Bank should be aware of.
We understand that providing any information to the Central Bank that is false or misleading in connection with this Form may result in the refusal of the application or, if discovered later, the subsequent cancellation of any approvals provided. We shall also inform the Central Bank of any material changes to the Form that may arise during the application.
We authorize the Central Bank to make such enquiries and seek further information it deems necessary in considering this application.
No.
Name Signature Date
1.
2.
In case of application for new license, the above declaration must be signed by at least two major Shareholders. Should any shareholder is corporate, the declaration must be signed by two Directors of the Board, Owner, two major Partners, or two major Shareholders and bear the corporate seal.
In case of application for existing Licensed Persons, the above declaration must be signed by at least two Directors of the Board. In the absence of the Board of Directors, the above declaration must be signed by the Owner, two major Partners, or two major Shareholders.
EXCHANGE BUSINESS
AUTHORISED PERSON’S
APPOINTMENT FORM
(APA FORM)NAME OF CANDIDATE FOR A UTHORISED PERSON
NAME OF LICENSED PERSON
LICENSE CATEGORY Category A
Category B
Category CCONTACT DETAILS
Name:
__________________________
Title/Capacity:
__________________________
Tel:
__________________________
Fax:
__________________________
E-mail:DATE OF SUBMITTING THE FORM
Please return completed form together with supporting documentation to Supervision & Examination Division, Banking Supervision Department, Central Bank of the U.A.E.
Table of Contents
SECTION
CONTENTS PAGE NO.
1.
GUIDELINES 146
2.
AUTHORISATION PROCESS 147
3.
CANDIDATE’S DETAILS 148
4.
FUNCTION DETAILS 150
5.
ELECTRONIC APPOINTMENT APPLICATION FORM 151
6.
INTRODUCTORY STATEMENT FORM 151
7.
REQUIRED DOCUMENTS 152
8.
DECLARATION 154 Section 1: GUIDELINES
- 1.All Licensed Persons must submit a formal request letter and complete this Form for submission to the Central Bank prior to appointing any person who will be in charge of an Authorised Function (i.e. Manager in Charge, Compliance Officer or Alternate Compliance Officer). However, any material changes or proposed changes to the information provided in this Form must immediately be reported to the Central Bank.
- 2.The Licensed Person retains full responsibility for the accuracy and completeness of the application. The Central Bank also expects to be able to liaise directly with the Licensed Person or Candidate during the assessment process, when seeking clarification of any issues.
- 3.All documentation provided to the Central Bank must be in either Arabic or English. Any documentation in a language other than Arabic or English must be accompanied by a certified Arabic or English translation.
- 4.All sections must be fully completed as possible, attaching supporting documents and continuation sheets where required.
- 5.The Licensed Person may withdraw its application at any time during the process by notifying the Central Bank.
- 6.Failure to provide all required information may result in significant delays in processing the application. The Central Bank does not accept responsibility for any loss, caused to the Licensed Person or to the candidate, as a result of such delay.
- 7.If any question is not applicable in a particular circumstance, please clearly indicate by marking ‘N/A’, with an explanation as to why it does not apply.
- 8.Licensed Persons are reminded that providing any information which is false or misleading may result in cancellation of the application or imposition of other disciplinary measures.
- 9.Please return completed form, together with supporting documentation to:
Supervision & Examination Division
Banking Supervision Department
Central Bank of the U.A.E.
Section 2: AUTHORISATION PROCESS
- 1.Licensed Persons must ensure that they meet the minimum requirements before submitting an application, including, where applicable, the minimum qualifications and competency requirements of the requested position.
- 2.Licensed Persons must submit a formal application letter signed by an authorized signatory of the Licensed Person, highlighting the requested position along with this Form. The Licensed Person must submit any related information that may be important to the application, which was not covered in this Form. It must not be assumed that information is known to the Central Bank merely because it is in the public domain or has previously been disclosed to the Central Bank or another regulatory body. If there is any doubt about the relevance of information, it must be disclosed.
- 3.Licensed Persons must submit all required documents as listed in ‘Section 7: REQUIRED DOCUMENTS’ of this Form.
- 4.The Central Bank may require the Licensed Person to provide further information at any time after receiving this Form and before determining whether approval is to be granted or not.
- 5.A meeting with the candidate may be required prior to finalizing the outcome of the application.
- 6.The Central Bank shall notify the Licensed Person of the outcome of the application within sixty (60) days from the date of receiving the application, which the Central Bank considers complete. The Central Bank will review the applications and accordingly advise the Licensed Person in writing when it has:
- (a)Granted an approval without conditions;
- (b)Granted an approval subject to conditions specified by the Central Bank; or
- (c)Refused the application.
- 7.Queries may be addressed to Banking Supervision Department, Central Bank of the U.A.E via email:
Section 3: CANDIDATE’S DETAILS
Please submit all information requested below. You may use a continuation sheet if necessary. If the question is not applicable, please clearly mark as ‘N/A’.
- 1.Name of the candidate for the position of Authorized Person
First Name: Middle Name: Family Name: Alias: Gender: - 2.Has the candidate had any previous name (s) by which he (she) is known? If yes, please specify
- 3.Names of companies owned by the candidate or members of the candidate’s direct family where ownership is equal to or greater than 5%
Name of Company Country Nature of Business Ownership % Ownership Amount - 4.Details of any company where the candidate currently serves as a director, when the directorship started and the countries in which the company is registered
Date (from) Name of Company/Nature of Business Country Position
Section 3: CANDIDATE’S DETAILS (Continue)
- 5.Details of all academic and professional qualifications as well as the year and place where these were obtained (please enclose certified copies)
Academic/
Professional QualificationName of Institution Place of Institution Year Notes (e.g. membership no.) - 6.Details of employment over the past ten (10) years, including the full name and the employer, the nature of the business, the position held and the relevant datesaddress of of service
Date (from/to) Name of Employer Nature of Business Country Position
Section 4: FUNCTION DETAILS
- 1.Position for which the candidate is being nominated:
- 2.Responsibilities of the proposed position:
- 3.Draft copy of the candidate’s employment contract, stipulating all responsibilities and powers delegated to him/her, with a clause clarifying that any violation he/she commits would be criminal if it is proven that he has signed an incorrect or misleading document.
- 4.Organization Chart (showing the candidate upward and downwards reporting lines).
Section 5: ELECTRONIC APPOINTMENT APPLICATION FORM
Please submit the Excel worksheet of the Electronic Appointment Application Form along with the related documents in Arabic only as per Notice No. 249/2016 dated 3rd August 2016 to:
Email: obaid.romaithi@cbuae.gov.ae
Copy to: info.ehs@cbuae.gov.aeAlso, submit hard copies of the above-mentioned Excel worksheet along with the related documents to:
Supervision & Examination Division
Banking Supervision Department
Central Bank of the U.A.E.Queries regarding the Electronic Appointment Application Form may be addressed to the Banking Supervision Department, Central Bank of the UAE:
Mr. Obaid Al- Romaithi
Telephone: 02-6915240
Email: obaid.romaithi@cbuae.gov.ae
Copy to: info.ehs@cbuae.gov.ae
Section 6: INTRODUCTORY STATEMENT FORM
Please return the completed Introductory Statement form in either Arabic or English to:
Supervision & Examination Division
Banking Supervision Department
Central Bank of the U.A.E.
Section 7: REQUIRED DOCUMENTS
Please select the documents submitted with this form. If the required document is not applicable, please clearly indicate by marking ‘N/A’.
- ⬜A formal application letter signed by authorized signatory.
- ⬜A bank reference from one or more banks for the past seven (7) years, confirming that the candidate has had no cheques returned during this period.
- ⬜Certified copies of academic and professional qualifications.
- ⬜Organization Chart showing the candidate upward and downwards reporting line.
- ⬜Soft copy of the Excel worksheet of the Electronic Appointment Application Form with the related documents to be sent to obaid.romaithi@cbuae.gov.ae under copy to info.ehs@cbuae.gov.ae.
- ⬜Hard copy of the Excel worksheet of the Electronic Appointment Application Form with the related documents to Supervision & Examination Division, the Central Bank.
- ⬜Completed Introductory Statement form with the related documents to Supervision & Examination Division, the Central Bank.
- ⬜An undertaking from the candidate confirming that he/she has never inflicted or caused losses for or on behalf of any institution operating in the UAE (Applicable for Manager in Charge only).
- ⬜An undertaking from the candidate confirming that he/she is fully aware of the Laws, Rules, Regulations, Notices and the Standards related to the Exchange Business, and that he/she would be fully prepared to attend a personal interview with senior officials at the Central Bank.
- ⬜An undertaking letter from the candidate confirming that all educational documents provided to the Central Bank are duly attested by the competent authorities. Applications will be rejected if educational documents are not attested.
- ⬜Draft of the Power of Attorney that will be given to the candidate (Applicable for Manager in Charge only).
Section 7: REQUIRED DOCUMENTS (Continue)
- ⬜A copy of the draft employment agreement that contains all responsibilities/authorities delegated to the proposed Manager in Charge in detail. There must be a clause in the employment agreement stating that any violation (violation clause) on the part of proposed Manager in Charge will be considered a criminal violation and he/she will be subject to punishment if it is proved that what he/she has signed was incorrect or misleading. It also must include that he/she is responsible for the management of the Licensed Person and is authorized to sign on its behalf (Applicable for Manager in Charge only).
- ⬜An undertaking from the Owner/Partners/Shareholders of the Licensed Person that all its correspondence addressed to the Central Bank must be signed by person(s) authorized to sign on its behalf, along with the full name of such person(s) and the designation(s). Enclose copies of the official power of attorney issued to such person(s).
- ⬜An undertaking letter from the Owner/Partners/Shareholders of the Licensed Person to comply with Paragraphs 16.4.6, 16.4.7 and 16.4.8 of the Standards (Applicable for Compliance Officer only).
- ⬜An undertaking letter from the Owner/Partners/Shareholders of the Licensed Person to comply with Paragraphs 16.5.1 (a) to (g) of the Standards (Applicable for Alternate Compliance Officer only).
Section 8: DECLARATION
We declare that the information contained in and submitted along with this Form is complete and accurate to the best of our knowledge and that there are no other relevant facts that the Central Bank must be aware of.
We understand that providing any information to the Central Bank that is false or misleading may result in declining the application or, if discovered later, the subsequent cancellation of any approvals provided. We shall also inform the Central Bank of any material changes to pertinent information contained in the Form that may arise during the application process. We authorize the Central Bank to make such enquiries and seek further information it deems necessary whilst considering this application.
No.
Name Signature Date
1.
2.
The above declaration must be signed by at least two Directors of the Board. In the absence of the Board of Directors, the above declaration must be signed by the Owner, two major Partners, or two major Shareholders.
- a)Was your employee connected with this incident?
Appendix 6 Agreed-Upon Procedures (AUP) for Remittance Intermediate Account
An External Auditor must perform the following procedures, at a minimum, on the Remittance Intermediate Account and report their findings as required by Article 9 (n) and (o) of Notice 1/2014 issued by the Central Bank (i.e. Regulations Regarding Licensing and Monitoring of Exchange Business) and Paragraph 4.13 of Chapter 4 of the Standards.
- 1.Confirm that the Licensed Person maintains a “Designated Remittance Intermediate Account” with a Bank licensed by the Central Bank of the UAE;
- 2.Verify and confirm that the Licensed Person deposits the funds received from its remittance customers directly into the “Designated Remittance Intermediate Account” before the end of banking hours on the next business day;
- 3.Check whether the funds in the “Designated Remittance Intermediate Account” related to the remittance by customers are ‘ring-fenced’ against withdrawals for any purpose other than prefunding/settling the foreign correspondent accounts;
- 4.Obtain the General Ledger of the Remittance Intermediate Account for the relevant month;
- 5.Ensure that the relevant outward remittance transactions are recorded through the Remittance Intermediate Account in the General Ledger;
- 6.Check, on a sample basis (risk based), that the transactions from the Remittance Intermediate Account in the General Ledger are transferred to the respective ledger accounts of foreign correspondents as and when the remittance instructions are issued (i.e. upon payment order transmission) to the respective foreign correspondents;
- 7.Check, on a sample basis (risk based), that the foreign correspondent accounts are sufficiently funded before issuing the remittance instructions to the respective foreign correspondents or settlement is made whenever required in order to pay the beneficiary without any delay;
- 8.Obtain statements for the relevant month, on a sample basis (risk based), from foreign correspondents and from the bank where the “Designated Remittance Intermediate Account” is maintained. Ensure that the amount of local currency, balances in the Designated Remittance Intermediate Account and foreign banks is sufficient to cover the liabilities towards the remittance customers; and
- 9.The External Auditor and the Licensed Person must agree on additional procedures depending on the nature, size and complexity of the business of the Licensed Person.
G. Version Control Table
The Standards for Exchange Business in the UAE
Version No. Version Name Month and Year of
IssueDetails of Amendments 1.10 First
VersionFebruary 2018 Not applicable as this is the first version