The scope of Exchange Business is defined in the “Regulations regarding Licensing and Monitoring of Exchange Business issued in January 2014” (the Regulations) and all Licensed Persons are expected to operate within the scope of their license. Exceeding the scope of their license, by carrying out any activity other than those permitted by the Regulations, will be taken seriously by the Central Bank of the UAE (“the Central Bank”). This chapter provides the details of requirements related to the scope of Exchange Business and permitted activities that every Licensed Person must comply with at all times.

1. 1.1.1Exchange Business can be carried out by a person, whether natural or juridical, only if such person is licensed in writing by the Governor of the Central Bank or by a person authorized by the Governor to do so in accordance with the Regulations and its subsequent amendments;
2. 1.1.2The Licensed Person must carry out its activities in an utmost professional manner and in full compliance with all applicable Laws, Rules, Regulations, Notices and the Standards; and
3. 1.1.3The Central Bank shall treat instances of non-compliance seriously and reserves the right to impose appropriate non-compliance charges in accordance with Appendix 4 of the Standards.

The scope of Exchange Business is defined under Article 1.1(c) of the Regulations, which is explained in Paragraphs 1.2.1 to 1.2.4 of this Chapter.

1.2.1Foreign Currency Exchange (Article 1.1.(c).1 of the Regulations)

1. a)The Licensed Person is permitted to buy and sell foreign currencies and traveller’s cheques from/to customers, whether natural persons or juridical persons, who are physically present in the UAE;
2. b)The Licensed Person is not permitted to import or export foreign currencies from/to foreign entities without obtaining a Letter of No Objection from the Banking Supervision Department. Please refer to Paragraph 4.17 of Chapter 4 for further information; and
3. c)The Licensed Person may open Hedge accounts with a well regulated financial institution, whether inside or outside the UAE, for hedging its foreign exchange positions as part of mitigating the risk of exchange rate fluctuations subject to the following conditions:
   • •A Letter of No Objection from the Banking Supervision Department must be obtained prior to opening Hedge accounts;
   • •The Licensed Person must submit a duly completed “Foreign Account Application (FAA) Form” (Refer to Appendix 5 for FAA Form) along with the required supporting documents to the Banking Supervision Department in order to obtain a Letter of No Objection to open a Hedge account with a foreign financial institution. The Licensed Person must use the same FAA Form to apply for the Letter of No Objection to open a Hedge account with a financial institution located within the UAE;
   • •The Hedge account must be used strictly for mitigating the foreign exchange risk and not for any type of activities that may result in speculation; and
   • •The accounting for hedge transactions must be in accordance with the requirements of applicable International Financial Reporting Standards and must be fully automated.

1.2.2Remittance Operations (Article 1.1.(c).2 of the Regulations)

1. a)The Licensed Person is permitted to execute remittance transactions in local or foreign currencies on behalf of its customers, whether natural persons or juridical persons, who are physically present in the UAE provided that the Licensed Person is in possession of either a Category B or Category C license (Refer to Paragraph 2.2 of Chapter 2 for various license categories);
2. b)The Licensed Person may enter into necessary arrangements with banks, licensed/regulated financial institutions (local or foreign) or instant money transfer service providers to execute remittances subject to the conditions of Paragraphs 1.2.2 (c) to (f) below;
3. c)A Letter of No Objection from the Banking Supervision Department must be obtained to open accounts with foreign banks or foreign financial institutions (including establishing remittance relationships with exchange houses operating outside the UAE) for executing remittances. The Licensed Person must apply for the Letter of No Objection by submitting a duly completed FAA Form (Refer to Appendix 5 for this Form) along with the required supporting documents to the Banking Supervision Department;
4. d)A Letter of No Objection from the Banking Supervision Department must be obtained, by submitting a duly completed FAA Form (Refer to Appendix 5 for this Form), to open accounts with financial institutions operating in the Financial Free Zones of the UAE (e.g.: DIFC, ADGM);
5. e)A Letter of No Objection from the Banking Supervision Department must be obtained, by submitting a duly completed FAA Form (Refer to Appendix 5 for this Form), to enter into a remittance arrangement with any instant money transfer service provider;
6. f)The Licensed Person, who is a Master Agent (i.e. Main or Principle Agent) of an instant money transfer service provider, must obtain a Letter of No Objection from the Banking Supervision Department in order to appoint another Licensed Person to act as its Sub-Agent to offer the products or services of such instant money transfer service provider;
7. g)The remittance transactions executed by the Licensed Person on behalf of entities operating in the Financial Free Zones of the UAE must be in accordance with relevant laws related to such Free Zones;
8. h)A Licensed Person is not permitted to execute remittance instructions received from other Licensed Persons without obtaining a Letter of No Objection from the Banking Supervision Department when the remittance instructions are made on behalf of such other Licensed Persons’ customers; and
9. i)The Licensed Person is not permitted to act as a routing agent between its foreign correspondents without obtaining a Letter of No Objection from the Banking Supervision Department.

1.2.3Payment of Wages using WPS (Article 1.1.(c).3 of the Regulations)

1. a)The Licensed Person is permitted to execute wage payments through the Wages Protection System (i.e. WPS) on behalf of legal entities operating in the UAE provided that the Licensed Person is in possession of a Category C license. Please refer to Paragraph 2.2 of Chapter 2 for various license categories;
2. b)The monthly turnover of wages paid using WPS by the Licensed Person shall be restricted against the value of its bank guarantee favouring the Central Bank and its risk grading awarded by the Central Bank. Please refer to Paragraph 2.4.5 of Chapter 2 for further information;
3. c)The monthly turnover of wages, in the context of Paragraph 1.2.3 (b) of this Chapter, means the total value of the Salary Information File (SIF) uploaded to and accepted by the System of Wages Protection during a month;
4. d)The Licensed Person must provide WPS services only to clients who are located within the same Emirate where the Licensed Person has branches. In this context, a client with multiple branches spread across different Emirates of the UAE may also utilise the WPS service offered by a Licensed Person who has branches in the same Emirate where the Main Office or Head office of such client is located;
5. e)The Licensed Person must cease the disbursement of wages in cash through WPS on or before 30^th September 2018. The disbursement of wages, thereafter (i.e., with effect from 1^st October 2018), must be executed only via payroll cards or through a bank account of the individual receiving the wages or salaries;
6. f)The Licensed Person may enter into arrangements with banks or other appropriate service providers in order to distribute payroll cards after obtaining a Letter of No Objection from the Banking Supervision Department;
7. g)The Licensed Person must arrange to deliver Payroll cards directly to each employee of its clients and obtain acknowledgements thereof at all times;
8. h)Payroll cards must not be reloaded with any value or money other than the salary/wages of the employee as per the Salary Information File (SIF) uploaded to and accepted by the System of Wages Protection;
9. i)The Licensed Person must comply with the Central Bank Rules in relation to the WPS (i.e. Rules of the UAE Wage Protection System issued by the Central Bank) at all times; and
10. j)The Licensed Person must carry out Enhanced Due Diligence, in accordance with Paragraph 16.11.2 of Chapter 16, for each legal entity before entering into any WPS arrangement.

1.2.4Special Products or Services (Article 1.1.(c).4 of the Regulations)

1. a)The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department if it intends to sell/offer any product or service which does not fall under various activities mentioned under Paragraphs 1.2.1 to 1.2.3 of this Chapter;
2. b)The Banking Supervision Department shall periodically issue the list of such products or services (called “the Special Product Matrix”) to all Licensed Persons;
3. c)The Licensed Person may choose any product or service from the Special Product Matrix and then request for the Letter of No Objection from the Banking Supervision Department prior to selling/offering such product or service;
4. d)The Licensed Person must seek the Letter of No Objection from the Banking Supervision Department for all its existing special products or services provided that they appear in the Special Product Matrix. The Licensed Person is not required to seek Letters of No Objection for those products or services in the Special Product Matrix on a condition that such products or services were approved by the Central Bank previously;
5. e)The Licensed Person must request a Letter of No Objection from the Central Bank in order to offer any new product or service that is not listed in the Special Product Matrix. The Licensed Person must submit below information/documents to the Central Bank in such cases:
   • •A request for the Letter of No Objection; and
   • •Description of the product or service, profile of the partner, a confirmation that the Enhanced Due Diligence has been carried out on the partner, detailed process flow, settlement process, targeted customers and a risk assessment report.
6. f)The Banking Supervision Department shall issue the Letter of No Objection for a special product or service, based on the merit of each application, subject to the following conditions:
   • •The Licensed Person must be in possession of either a Category B or Category C license. Please refer to Paragraph 2.2 of Chapter 2 for various license categories;
   • •The Licensed Person must fulfil the paid-up capital and bank guarantee requirements in accordance with the conditions contained in the Special Product Matrix; and
   • •The risk grading of the Licensed Person must be acceptable to the Central Bank. Please refer to Paragraph 5.3.5 of Chapter 5 for further details on risk grading.
7. g)The Licensed Person must not solicit its customers or any other party for selling loan products of local or foreign banks; and
8. h)The Licensed Person must not be involved in or assist its customers or any other party for opening bank accounts with local or foreign banks.

The paid-capital of a Licensed Person and its bank guarantee favouring the Central Bank are calculated based on the category of its license, its legal form and the value of remittances. This chapter provides information about the minimum amount of paid-up capital to be maintained by a Licensed Person and the method of calculating its minimum bank guarantee to be provided in favour of the Central Bank.

1. 2.1.1Applicant applying for a new license for Exchange Business must specifically mention the details of the legal form of the proposed entity in the application for new license. Please refer to Paragraphs 3.1.8 (b) and (c) of Chapter 3 for further information.

1. 2.2.1There are three categories of license based on the scope of Exchange Business that the Licensed Person is permitted to carry out in accordance with Paragraph 1.2 of Chapter 1:
   1. a)Category A License:

      The Licensed Person, in possession of a ‘Category A’ license, is permitted to carry out only foreign currency exchange business in accordance with Paragraph 1.2.1 of Chapter 1;

   2. b)Category B License:

      The Licensed Person, in possession of a ‘Category B’ license, is permitted to carry out the following two activities only:

      • •Foreign currency exchange (Refer to Paragraph 1.2.1 of Chapter 1); and
      • •Remittance operations (Refer to Paragraph 1.2.2 of Chapter 1).
   3. c)Category C License:

      The Licensed Person, in possession of a ‘Category C’ License, is permitted to carry out the following three activities:

      • •Foreign currency exchange (Refer to Paragraph 1.2.1 of Chapter 1);
      • •Remittance operations (Refer to Paragraph 1.2.2 of Chapter 1); and
      • •Payment of Wages using WPS (Refer to Paragraph 1.2.3 of Chapter 1).
2. 2.2.2The Licensed Person, in possession of either a “Category B” or “Category C” license, may choose to sell/offer special products or services in accordance with Paragraph 1.2.4 of Chapter 1.

1. 2.3.1Category A License

   The Licensed Person’s minimum paid-up capital must be AED 2 million. In case the legal form is a Limited Liability Company, the minimum paid-up capital must be AED 50 million.

2. 2.3.2Category B License

   The Licensed Person’s minimum paid-up capital must be AED 5 million. In case the legal form is a Limited Liability Company, the minimum paid-up capital must be AED 50 million.

3. 2.3.3Category C License

   The Licensed Person’s minimum paid-up capital must be AED 10 million. In case the legal form is a Limited Liability Company, the minimum paid-up capital must be AED 50 million.

1. 2.4.1The Licensed Person must provide a bank guarantee favouring the Central Bank from a bank licensed in the UAE, provided that the value of the bank guarantee at any point in time shall not be less than the higher of the following:
   1. a)100% of the minimum paid-up capital for each category of license as detailed under Paragraph 2.3 of this Chapter; or
   2. b)5% of the monthly remittance average value of the previous financial year, with a maximum of AED 75 million (Seventy Five Million UAE Dirhams).
2. 2.4.2The Licensed Person must submit a Certificate of Remittance Value, issued by the External Auditor, to the Supervision & Examination Division of the Banking Supervision Department within two (2) months from the end of every financial year. This certificate must be submitted on the “Certificate of Remittance Value (CRV) Form” provided by the Central Bank (Refer to Appendix 5 for CRV Form);
3. 2.4.3The Licensed Person must increase the value of bank guarantee favouring the Central Bank as required under Paragraph 2.4.1 (b) of this Chapter upon receiving a letter from the Central Bank demanding an additional bank guarantee. The additional bank guarantee must be submitted to the Central Bank prior to the deadline stipulated in the letter;
4. 2.4.4The bank guarantee favouring the Central Bank must be in the prescribed format provided by the Licensing Division. All original bank guarantees must be delivered directly to ‘the Licensing Division, Banking Supervision Department, Central Bank of the UAE, Abu Dhabi’;
5. 2.4.5The monthly turnover of wages to be paid using WPS is restricted, as below, based on the value of the bank guarantee and the risk grading of the Licensed Person awarded by the Central Bank (Please refer to Paragraph 1.2.3 (b) of Chapter 1 for further information):
    

   a) Low risk	-	Thirty (30) times the value of the bank guarantee
   b) Medium risk	-	Twenty (20) times the value of the bank guarantee
   c) High risk	-	Ten (10) times the value of the bank guarantee
   d) Very High Risk	-	Not permitted to carry out payment of wages using WPS
   e) Unacceptable Risk	-	Not permitted to carry out payment of wages using WPS

6. 2.4.6The Central Bank reserves the right to determine the risk grading of the Licensed Person based on predefined parameters and findings contained in the Transmittal Letter issued after every examination. The decision of the Central Bank in this regard shall be final; and
7. 2.4.7The risk grading awarded to the Licensed Person and the details of predefined parameters, on which the risk grading is based, will be highlighted in the Transmittal Letter issued by the Central Bank after the examination (Refer to Paragraph 5.3 of Chapter 5).

1. 2.5.1The ownership in a Licensed Person by the UAE National(s) who is a/are natural person(s), directly or indirectly via a company, must be not less than 60% at any point in time.

1. 2.6.1An existing Licensed Person, who currently does not comply with the minimum paid-up capital and bank guarantee requirements as per Paragraphs 2.3 and 2.4.1 of this Chapter, must:
   1. a)increase its paid-up capital and bank guarantee to comply with the requirements of Paragraphs 2.3 and 2.4.1 of this Chapter on or before 29^th September 2019 in three (3) equal annual instalments subject to the conditions under Paragraphs 2.6.1 (c) and 2.6.2 of this Chapter;
   2. b)provide its action plan along with a letter of undertaking to the Central Bank within fourteen (14) calendar days from the date of issuance of the Standards confirming their binding commitment to comply with the requirements of Paragraph 2.6.1 (a) of this Chapter; and
   3. c)comply with the following deadlines in phased manner for increasing the paid-up capital and bank guarantee as required under Paragraph 2.6.1 (a) of this Chapter:
      • •1^st instalment of the increase (i.e. 33.33% of the amount to be increased) must be made on or before 29^th September 2017;
      • •2^nd instalment of the increase (i.e. 33.33% of the amount to be increased) must be made on or before 29^th September 2018; and
      • •3^rd instalment of the increase (balance of the amount to be increased) to be in full compliance must be made on or before 29^th September 2019.
2. 2.6.2If 5% of the monthly remittance average value based on the actual values during the financial year 2016 exceeds the value of its existing bank guarantee favouring the Central Bank, the Licensed Person must immediately comply with Paragraph 2.4.1 (b) of this Chapter regardless of the grace period granted and timelines set under Paragraphs 2.6.1 (a) and (c) of this Chapter. The Central Bank will advise the Licensed Person about the additional bank guarantee in writing. The additional bank guarantee must be submitted to the Central Bank in accordance with Paragraph 2.4.4 of this Chapter prior to the deadline stipulated in the correspondence from the Central Bank;
3. 2.6.3If the Licensed Person fails to or is unable to provide the additional bank guarantee in accordance with Paragraph 2.6.2 of this Chapter, the Licensed Person must limit its monthly remittance average value to twenty (20) times the value of its existing bank guarantee favouring the Central Bank;
4. 2.6.4Existing Licensed Persons who are not willing to increase the minimum paid-up capital and bank guarantee to comply with the requirements of Paragraph 2.6.1 of this Chapter must contact the Licensing Division of the Banking Supervision Department to confirm their license status within thirty (30) calendar days from the date of issuance of the Standards. The Central Bank reserves the right to direct such Licensed Persons to:
   1. a)seek the Central Bank’s approval to downgrade its Exchange Business license to a category where the minimum paid-up capital and bank guarantee requirements are lower; and/or
   2. b)seek the Central Bank’s approval to change the legal form where the minimum paid-up capital and bank guarantee requirements are lower; or
   3. c)surrender its Exchange Business license to the Central Bank.
5. 2.6.5In case the current paid-up capital or/and the value of existing bank guarantee is/are higher than the value required under Paragraphs 2.3 and 2.4.1 of this Chapter, the Licensed Person must obtain a Letter of No Objection from the Central Bank in order to reduce the respective value to the required minimum level;
6. 2.6.6Regardless of the grace period granted and timelines set under Paragraphs 2.6.1 (a) and (c) of this Chapter, the Licensed Person must comply with Paragraphs 4.1, 4.18 and 4.19 of Chapter 4 at all times; and
7. 2.6.7The Central Bank reserves the right to revoke the license to conduct Exchange Business in case the Licensed Person fails and/or shows inability to comply with Paragraphs 2.6.1 to 2.6.4 of this Chapter.

1. 2.7.1A Licensed Person, who is in compliance with the minimum paid-up capital and bank guarantee requirements as per Paragraphs 2.3 and 2.4.1 of this Chapter, is not required to further increase its paid-up capital or bank guarantee for obtaining the Central Bank approval to open additional branches;
2. 2.7.2The Central Bank reserves the right to instruct Licensed Persons, who do not comply with the minimum paid-up capital and bank guarantee requirements as per Paragraphs 2.3 and 2.4.1 of this Chapter, to increase their paid-up capital and bank guarantee prior to obtaining the Central Bank approval to open additional branches regardless of the deadlines set under Paragraph 2.6.1(c) of this Chapter;
3. 2.7.3In all cases, the Licensed Person must comply with Paragraphs 4.1, 4.18 and 4.19 of Chapter 4 at all times; and
4. 2.7.4The Central Bank approval to open additional branches shall be issued subject to its prevailing licensing policy and the risk grading awarded to the Licensed Person after the Central Bank Examination.

Exchange Business can be carried out by a person, whether natural or juridical, only if such person is licensed by the Central Bank in accordance with the Regulations and its subsequent amendments. This chapter provides information related to the process for obtaining an Exchange Business license from the Central Bank.

1. 3.1.1Any person, natural or juridical, may submit a new application to the Central Bank for any category of license mentioned under Paragraph 2.2 of Chapter 2 using “Licensed Person’s Application (LPA) Form” (Refer to Appendix 5 for LPA Form) and with necessary supporting documents;
2. 3.1.2All documents provided to the Central Bank as part of the application for a license must be in Arabic or English;
3. 3.1.3Documents in languages other than Arabic or English must be accompanied by Arabic or English legal translations;
4. 3.1.4All figures in the financial statements, business plans or other projected reports must be expressed either in AED or in US Dollars;
5. 3.1.5The applicant is permitted to appoint a duly authorised representative, such as a law firm or a professional consultancy firm, to prepare and submit the license application on behalf of the applicant. In such cases, the applicant continues to retain the full responsibility for the accuracy and completeness of information/documents provided and is required to certify the application form accordingly;
6. 3.1.6The Central Bank may liaise directly with the applicant or the applicant’s duly appointed representative when processing the application for seeking any clarification or information;
7. 3.1.7Applicants may contact the Licensing Division of the Banking Supervision Department for a pre-application meeting to discuss their business plans, application process and requirements;
8. 3.1.8The following forms and documents must be submitted to the Central Bank for obtaining a license:
   1. a)Formal application letter signed by the applicant(s) which must specifically state the category of the license for which they are applying (refer Paragraph 2.2 of Chapter 2 for various license categories);
   2. b)Duly completed LPA Form (Refer to Appendix 5 for this Form);
   3. c)Comprehensive business plan which must consist of the following information regarding the proposed entity:
      • •Name of the proposed entity;
      • •Legal form of the proposed entity;
      • •Initial amount of paid-up capital that will be injected into the business. Please refer to Paragraph 2.3 of Chapter 2 for the minimum requirements of paid-up capital;
      • •Name(s) of the Owner/Partners/Shareholders and the ownership structure;
      • •Justification and reasons for applying to obtain a license to conduct Exchange Business and the value it will add to the financial industry;
      • •Proposed number of branches and their locations that are planned to be opened during the first three (3) years;
      • •Projected financial statements (Balance Sheet, P&L and cash flow statements) for the first three (3) years with assumptions;
      • •Applicant's business strategy, business model, primary corridors if planning for remittance activity, description of proposed products/services and other marketing plans;
      • •An assessment report on the potential risks that may be faced by the proposed entity and suggested measures to mitigate such risks; and
      • •Emiratization plans in line with the Central Bank’s requirements.
   4. d)In case the proposed Shareholder(s) is/are a juridical person(s), a Board resolution from such juridical person(s), confirming the decision to become shareholder in the proposed entity;
   5. e)In case the proposed Shareholder is a juridical person, the certificate of incorporation issued by the competent authority in its country of incorporation, commercial license/registration or any other similar official document;
   6. f)In case the proposed shareholder(s) is/are part of a Group of Companies/Businesses, copies of the audited financial statements of that Group, for the immediately preceding three (3) years;
   7. g)A letter of undertaking from the Owner/ all Partners/ all Shareholders of the proposed entity to comply, in case the application is approved, with the paid-up capital and bank guarantee requirements stated under Paragraphs 2.3 and 2.4 of Chapter 2;
   8. h)Letter of undertaking as per Article 3 (d) of the Regulations;
   9. i)A Draft version of Memorandum and Articles of Association of the proposed entity;
   10. j)Duly completed “Authorised Person’s Appointment (APA) Form” (Refer to Appendix 5 for APA Form) for the Manager in Charge (detailed CV must be included with a brief description);
   11. k)List of proposed members of the Board (i.e. Directors on the Board) if it is applicable (detailed CV must be included with a brief description for each Board member);
   12. l)Paid-up capital certificate of deposit from a bank licensed in the UAE;
   13. m)Copy of the required initial approvals from the Department of Economic Development; and
   14. n)A copy of the tenancy agreement and the address of premises to carry out the business of the proposed entity.
9. 3.1.9The applicant must submit documents as per Paragraphs 3.1.8 (a) to (h) of this Chapter to initiate the application process;
10. 3.1.10The Central Bank, upon review of all documents as per Paragraphs 3.1.8 (a) to (h) of this Chapter, will notify the applicant if the initial approval has been granted or its application has been rejected by the Board of the Central Bank;
11. 3.1.11The applicant is required to submit documents under Paragraphs 3.1.8 (i) to (n) of this Chapter only after receiving the initial approval of the Central Bank;
12. 3.1.12The proposed Manager in Charge will be called in for an interview by a special committee of the Central Bank as part of a fit and proper test. The Central Bank reserves the right to issue or decline the approval for the appointment of the proposed Manager in Charge;
13. 3.1.13The Central Bank, upon review of all documents as per Paragraphs 3.1.8 (i) to (n) of this Chapter and the Bank Guarantee as per Paragraph 2.4 of Chapter 2, will notify the applicant in writing if the license to carry out the business has been granted or not;
14. 3.1.14After obtaining the license to carry out Exchange Business from the Central Bank, the Licensed Person must submit the following to the Banking Supervision Department before commencing the business:
    1. a)A copy of the notarized Memorandum and Articles of Association;
    2. b)Auditors certification that paid-up capital has been injected into the business;
    3. c)Undertaking letter from the Owner/Shareholders/Partners whereby the Licensed Person agrees to comply with paid-up capital ratio and liquidity requirements as per Paragraphs 4.1, 4.18 and 4.19 of Chapter 4;
    4. d)Duly completed APA Form (Refer to Appendix 5 for this Form) and an approval request for the appointment of the Compliance Officer and Alternate Compliance Officer. Please refer to Paragraphs 16.4.9 and 16.5.2 of Chapter 16 for further details;
    5. e)Contact details (such as mobile number, phone number, fax number and email) of the main/head office, Manager in Charge and Compliance Department or Officer;
    6. f)Application for a Letter of No Objection to appoint External Auditors as per Paragraph 7.3.2 (b) of Chapter 7;
    7. g)Business Continuity Plans;
    8. h)Copy of the insurance policy;
    9. i)Description of the IT systems, detailed back up and disaster recovery plans;
    10. j)Application for connectivity to the Central Bank reporting systems; and
    11. k)Any other information as may be specified by the Central Bank.
15. 3.1.15The Licensed Person must submit documents under Paragraphs 3.1.14 (a) to (b) of this Chapter to the Licensing Division and the remaining documents to the Supervision & Examination Division of the Banking Supervision Department; and
16. 3.1.16The Licensed Person must inform the Supervision & Examination Division and the FID (i.e. the Financial Intelligence Department which was formerly known as the AMLSCU) at least ten (10) days in advance about the date of commencement of its business.

1. 3.2.1The Central Bank reserves the right, within sixty (60) days of receiving a license application, to:
   1. a)require the applicant to provide additional documents/information that the Central Bank deems necessary to evaluate the application; or
   2. b)reject incomplete applications.
2. 3.2.2The applicant may withdraw its application at any time during the process by notifying the Central Bank in writing;
3. 3.2.3After the review of a license application, the Central Bank may advise the applicant in writing whether:
   1. a)the license has been granted unconditionally; or
   2. b)the license has been granted subject to conditions; or
   3. c)the application has been rejected.
4. 3.2.4The Central Bank will notify the applicant of the outcome of the license application within a period not exceeding twenty (20) working days from date of issuing such decision by the Board of Directors of the Central Bank. Such notice shall include the following:
   1. a)content of the decision;
   2. b)reasons for the decision, if any; and
   3. c)requirement of additional documents or information, if any.
5. 3.2.5A license certificate is issued to the applicant once the Central Bank decides to grant the license stating the effective start date of the license. The name of the Licensed Person is then added into the “Central Bank Register of Exchange Houses”; and
6. 3.2.6The Licensed Person must obtain prior approval of the Central Bank if it intends to add any permitted activity or to discontinue the current permitted activities (Refer to Paragraph 1.2 of Chapter 1 for the list of permitted activities) by submitting an application at least sixty (60) days before the date of such change.

1. 3.3.1The Board of Directors of the Central Bank reserves the right, at any point in time, to reject an application for new license or an application from an existing Licensed Person to change the category of license considering the interest of the public or if the applicant/Licensed Person fails/refuses to fulfill the licensing conditions and requirements as set out in Paragraph 3.1 of this chapter;
2. 3.3.2The Board of Directors of the Central Bank reserves the right, before issuing the rejection decision, to request the applicant to fulfill the licensing requirements and conditions within a specified period of time; and
3. 3.3.3The applicant shall be notified in writing of the Board’s decision on its application, whether approved or rejected, within a period not exceeding twenty (20) working days from date of issuance of the Board of Director’s decision. Such notice shall include the following:
   1. a)Content of the decision; and
   2. b)Reasons for rejection if any.

1. 3.4.1The license shall be valid for a fixed period of time from its date of issue and renewed thereafter upon an application from the Licensed Person (Refer to Paragraph 4.14 of Chapter 4).

1. 3.5.1The Licensed Person must maintain adequate levels of financial resources in accordance with Paragraphs 2.3 of Chapter 2 and 4.1, 4.18 and 4.19 of Chapter 4 at all times;
2. 3.5.2The Licensed Person must maintain resources, systems and controls that are, in the opinion of the Central Bank, adequate for the scale and complexity of its activities and mitigating risks of financial crime;
3. 3.5.3The Licensed Person must appoint External Auditors, subject to obtaining a Letter of No Objection from the Central Bank in accordance with Paragraph 7.3.2 of Chapter 7;
4. 3.5.4The Licensed Person’s books of accounts and other records must be available within the UAE at all times and for examination by the Central Bank or persons appointed by the Central Bank;
5. 3.5.5The Licensed Person must comply with the minimum record-keeping requirements covered under Paragraph 16.24 of Chapter 16;
6. 3.5.6The Licensed Person must act in an open and cooperative manner with the Central Bank at all times;
7. 3.5.7The Licensed Person must comply with the regulatory reporting requirements covered in Appendix 3 of the Standards;
8. 3.5.8The Licensed Person must comply with any other specific requirements or restrictions imposed by the Central Bank on the scope of its license; and
9. 3.5.9When granting a license, the Central Bank specifies the regulated services that the Licensed Person is permitted to offer. The Licensed Person must operate within the scope of its license at all times. The Central Bank reserves the right to vary existing requirements or impose additional restrictions or requirements, to address specific risks associated with the business of a Licensed Person.

1. 3.6.1The Board of Directors of the Central Bank reserves the right to suspend or revoke a license issued to a Licensed Person by issuing a written notice in the following cases:
   1. a)If the Licensed Person ceased to comply with or has breached one or more of the conditions or restrictions imposed on its license;
   2. b)If the Licensed Person has breached applicable Laws, Rules, Regulations, the Standards or any Notice issued by the Central Bank;
   3. c)If the Licensed Person has failed to take any measures or procedures determined or prescribed by the Central Bank;
   4. d)If the Licensed Person did not commence its Exchange Business within six (6) months from the issue date of license;
   5. e)If the business or operations were ceased for a consecutive period exceeding three (3) months;
   6. f)If the Central Bank considers, at its own discretion, that the full or partial withdrawal, revocation or suspension of the license, was necessary for achieving its objectives and in discharging its functions;
   7. g)If the Licensed Person has submitted an application for full or partial withdrawal, cancelation or suspension of the license;
   8. h)If the Licensed Person’s liquidity or solvency is at risk or the Licensed Person becomes bankrupt;
   9. i)If the paid-up capital of the Licensed Person falls below the minimum amount required in accordance with the Regulations/the Standards issued by the Central Bank;
   10. j)If the Licensed Person has merged with another Licensed Person or institution without obtaining a Letter of No Objection from the Central Bank; and
   11. k)If the Licensed Person’s officers, employees or representatives refused to cooperate with Central Bank officers, Representatives, Examiners or abstained from providing unhindered access to information, statements, documents or records.
2. 3.6.2The Central Bank shall notify the Licensed Person, with reasons in writing, about its decision to withdraw, cancel, suspend or revoke the license within a period of not exceeding twenty (20) working days from date of issuance of the Board of Director’s decision. The notice shall include the following at a minimum:
   1. a)Content of the decision;
   2. b)Reasons for the decision, if any; and
   3. c)Effective date of the decision.

1. 3.7.1The Licensed Person is not permitted to open new branches without obtaining a license from the Central Bank;
2. 3.7.2The Licensed Person has to submit an application signed by its authorized signatory to the Licensing Division of the Banking Supervision Department in order to obtain licenses to open new branches; and
3. 3.7.3The Central Bank, at its sole discretion, shall issue licenses to open new branches based on the level of compliance of the Licensed Person with applicable Laws, Rules, Regulations, Notices and the Standards and based on the prevailing policy of the Central Bank in issuing such approvals.

1. 3.8.1The Licensed Person is not permitted to relocate its licensed premises without obtaining the Letter of No Objection from the Central Bank;
2. 3.8.2The Central Bank shall issue a Letter of No Objection to relocate the licensed premises based on the level of compliance of the Licensed Person with applicable Laws, Rules, Regulations, Notices and the Standards, and based on the prevailing policy of the Central Bank;
3. 3.8.3The Licensed Person must display a notice outside the current location two (2) weeks prior to the relocation of the licensed premises for the information to customers mentioning therein the address of the new location, proposed date of opening and the new contact number; and
4. 3.8.4The Licensed Person must operate its business from the existing location, unless otherwise agreed by the Central Bank in writing, until it receives all necessary licenses (such as the license issued by the Central Bank, Department of Economic Development etc.) for such relocation.

1. 3.9.1The Licensed Person may close its licensed premises in case of any unforeseen incidents (example: a fire, system failure, etc.), due to natural disasters or for some specific purposes (examples: to carry out repairs or any maintenance) subject to the following conditions:
   1. a)The Licensed Person must notify the Central Bank of the closure immediately upon closing the licensed premises with reasons thereof;
   2. b)The licensed premises shall not be closed for a period of more than one (1) month; and
   3. c)A notice must be displayed outside the premises stating the reasons for the closure, expected re-opening date, mobile number of the contact person and contact details of the nearest branch of the Licensed Person, if any.
2. 3.9.2The Licensed Person must obtain a Letter of No Objection from the Central Bank to keep the licensed premises closed for a period exceeding one (1) month subject to the following conditions:
   1. a)The maximum period of closure shall not exceed three (3) months;
   2. b)Liabilities towards customers must be cleared prior to the closure;
   3. c)A notice must be displayed outside the premises with the reasons for the closure, expected re-opening date, mobile number of the contact person and contact details of the nearest branch of the Licensed Person, if any.
3. 3.9.3The Licensed Person must discuss with the Central Bank about the status of its licensed premises before the expiry of the previously approved period of temporary closure (i.e. three months); and
4. 3.9.4The Licensed Person must obtain the Letter of No Objection from the Central Bank in order to close a licensed premises permanently.

The Licensed Person is expected to carry out its business in compliance with all applicable Laws, Rules, Regulations, Notices and the Standards. This chapter provides clarifications on some of the continuing obligations of a Licensed Person. The Licensed Person is advised to carefully review Article 9.1 of the Regulations and comply with all requirements at all times.

1. 4.1.1The total assets of the Licensed Person must not exceed ten (10) times the amount of its paid-up capital. In other words, the total assets to the paid-up capital ratio must not exceed 10:1 at any point in time; and
2. 4.1.2The Licensed Person must comply with the following standards in relation to the calculation of this ratio:
   1. a)Gross value of assets must be taken for the calculation, i.e. no netting-off of assets and liabilities will be permitted unless it is in accordance with International Financial Reporting Standards;
   2. b)Total assets must not include any post-dated-cheques and/or amounts held as unclaimed funds with the Licensed Person as per Paragraph 18.2.1 (e) of Chapter 18;
   3. c)Statutory reserve may be added to the paid up capital provided that the Licensed Person has the obligation to maintain such a reserve as per the prevailing Commercial Companies Law of the UAE;
   4. d)Accumulated losses, including current year losses, must be deducted from the paid-up capital; and
   5. e)Where there are subsidiaries or other foreign offices, the Licensed Person must also comply with Paragraph 4.1.1 of this Chapter based on the consolidated financial statements.

1. 4.2.1Appointment of the Manager in Charge must be made only after obtaining a Letter of No Objection from the Banking Supervision Department. Refer to Paragraph 6.4 of Chapter 6 for additional standards in this regard;
2. 4.2.2The Licensed Person must implement an appropriate Succession Plan to manage its business during the temporary absence, such as leave or vacation, of the Manager in Charge. The Succession Plan must also fulfil the requirements of Paragraph 6.4.7 (b) of Chapter 6;
3. 4.2.3The Manager in Charge must be an authorised signatory granted with Power of Attorney from the Licensed Person or its Owner/Partners/Board of Directors to manage its day to day business; and
4. 4.2.4The employment contract of the Manager in Charge must contain a clause for treating any violation on the part of the Manager in Charge as a criminal offence if it is proven that the Manager in Charge has signed or made any incorrect or misleading statement to the Central Bank.

1. 4.3.1The Licensed Person is not permitted to alter the following without obtaining a Letter of No Objection from the Banking Supervision Department with an exception provided under Paragraph 4.3.2 of this Chapter:
   1. a)Legal status of the business;
   2. b)Ownership or Ownership structure;
   3. c)Location of the licensed premises or offices;
   4. d)Paid-up capital; and
   5. e)Value of the bank guarantee favouring the Central Bank.
2. 4.3.2The Licensed Person may increase its paid-up capital and the value of bank guarantee favouring the Central Bank without obtaining the Letter of No Objection from the Banking Supervision Department in order to comply with the requirements of Paragraphs 2.6.1 (c) and 2.6.2 of Chapter 2. The Licensed Person must notify the Banking Supervision Department upon making such alterations.

1. 4.4.1A Letter of No Objection from the Banking Supervision Department must be obtained in order for the Licensed Person to merge, amalgamate or enter into a joint venture with any other person, whether natural or juridical;
2. 4.4.2The Licensed Person is not permitted to enter into any agreement to manage or to be managed by any other person, whether natural or juridical, without obtaining the Letter of No Objection from the Banking Supervision Department. All such management agreements must be in line with the UAE Laws and all applicable Regulations; and
3. 4.4.3The Licensed Person is not permitted to transfer, rent/lease out the license for a remuneration or otherwise to any other party, whether it is a natural or juridical person.

1. 4.5.1The Licensed Person is not permitted to carry out its activities including the KYC Process from any place outside the premises approved by the Central Bank apart from an exception under Paragraph 4.5.7 of this Chapter;
2. 4.5.2Paragraph 4.5.1 of this Chapter shall not deter the Licensed Person from conducting site visits as part of completing Enhanced Due Diligence in accordance with Paragraph 16.11.2 (d) of Chapter 16;
3. 4.5.3The Licensed Person is not permitted to carry out its activities from any temporary counters, extension counters or in a client’s office, client’s residence or from any place outside its approved premises;
4. 4.5.4The Licensed Person, who participates in WPS, may distribute salaries in cash outside its licensed premises (i.e. at client’s premises) until payroll cards are introduced in accordance with Paragraph 1.2.3 (e) of Chapter 1 provided that the Licensed Person:
   1. a)has obtained the necessary approvals from the police authorities in the respective Emirates; and
   2. b)complies with all applicable Laws, Rules, Regulations and Notices in relation to security and safety.
5. 4.5.5The Licensed Person is not permitted to engage in any business activities other than those in accordance with Paragraph 1.2 of Chapter 1;
6. 4.5.6The Licensed Person must not lease out or rent out its licensed premises to any other party; and
7. 4.5.7The Licensed Person may carry out the KYC Process for its customers, who are natural persons, outside the premises approved by the Central Bank subject to the following conditions:
   1. a)The KYC Process must be carried out directly by the employees of the Licensed Person;
   2. b)The Licensed Person must accept only Emirates ID of the customer as the identification document;
   3. c)Information of the Emirates ID must be extracted using a card reader obtained from the Emirates ID Authority; and
   4. d)A copy of the Emirates ID certified as “Original Sighted and Verified” under the signature of the employee who carries out the KYC Process must be retained. Alternatively, a print out of the extract of information obtained using the Emirates ID card and reader containing customer information must be retained. This print out must be certified as “Original Sighted and Verified” under the signature of an employee of the Licensed Person.

1. 4.6.1The Licensed Person’s legal/trade name/trade mark must always contain the word “Exchange”;
2. 4.6.2The legal/trade name must be approved by the Central Bank;
3. 4.6.3The Licensed Person must not alter its legal/trade name without obtaining a Letter of No Objection from the Central Bank;
4. 4.6.4The legal/trade name must not contain any undesirable word that will mislead the customers about the nature of business activities of the Licensed Person;
5. 4.6.5Some examples of undesirable words are listed below (the list is not exhaustive):
   • •Bank, Financial Institution, Finance, Financing;
   • •Real Estate, Insurance, Investment;
   • •Gold, Silver, Precious Stone, Commodity, Stock, Shares, etc.
6. 4.6.6The legal/trade name must not infringe the copyrights or intellectual property rights of any other natural or juridical person;
7. 4.6.7Full legal/trade name of the Licensed Person must be clearly and prominently displayed on the main signage of the licensed premises, letter heads, business cards, transaction receipts and all other marketing/branding materials; and
8. 4.6.8The name of business partners, such as correspondent banks, remittance partners or the management company must not appear on the main signage of the licensed premises.

1. 4.7.1The official receipts must be given to customers for all types of transactions;
2. 4.7.2The legal name of the Licensed Person, contact details (address, phone, email ID) of the branch that carries out the transaction, phone number for lodging customer complaints, website address (if any), etc. must be printed on all receipts;
3. 4.7.3The below information must be printed on all transaction receipts at a minimum:
   1. a)The date and time (UAE local time) of the transaction;
   2. b)Product name (e.g.: Foreign currency buy or sell, outward remittance, inward remittance, WPS or the name of the special product or service, etc.);
   3. c)Relevant customer information as per Paragraphs 16.8.5, 16.9.10, 16.10.3 or 16.11.5 of Chapter 16, whichever is applicable;
   4. d)Foreign currency conversion rates against the local currency, if applicable;
   5. e)Transaction fees or charges, if applicable;
   6. f)The total value of the transaction in AED;
   7. g)Where it is a remittance transaction, the beneficiary details such as name of the beneficiary, beneficiary bank account details (account number and branch name) where applicable, destination country; and
   8. h)Where it is a remittance transaction, the name of the correspondent bank/correspondent financial institution/exchange house or the name of the instant money transfer service provider through which the remittance is routed.
4. 4.7.4The terms and conditions related to the following must be printed on all receipts at a minimum:
   1. a)Cancellation and refund of the transaction including related charges and conversion rates applicable for the same;
   2. b)Charges and conversion rates that will be applied for amendments or re-issuance of money transfers;
   3. c)Back-end charges or any other bank charges at foreign correspondent banks for money transfers must be disclosed if it is deducted from the amount payable to the beneficiary; and
   4. d)Maximum period available for a customer to lodge a complaint from the date of transaction.

1. 4.8.1Rates must be displayed during working hours in a prominent place of the licensed premises and clearly visible to customers. The following rates must be displayed at a minimum:
   1. a)Buy and sell rate against the local currency (i.e. AED) for US Dollars, Euro, Pound Sterling, Japanese Yen and other major foreign currencies that the Licensed Person deals in; and
   2. b)Rates for major foreign currencies that the Licensed Person deals in against the local currency for remittances.

1. 4.9.1The SMS service must be integrated in the systems of the Licensed Person to notify parties involved in the money transfer transactions about the status of transactions as follows:
   1. a)SMS notifications must be sent to remitters of all outward remittances at the time of processing the payment instructions for transmitting to correspondents (such as foreign banks, exchange houses, etc.);
   2. b)SMS notification must be sent to remitters of all outward remittances in the case of outward instant money transfers;
   3. c)Two SMS notifications must be sent to beneficiaries of the agent specific inward remittance transactions. The first SMS at the time of receiving the payment instruction from the correspondent and the second SMS at the time of actual payment to the beneficiary;
   4. d)One SMS notification is sufficient, i.e. at the time of payment, in the case of inward instant money transfers which are not agent specific; and
   5. e)The Licensed Person must maintain a log in the system that shows the status of SMS notifications for each transaction.

1. 4.10.1The Licensed Person is not permitted to encumber any of its assets without obtaining a Letter of No Objection from the Banking Supervision Department;
2. 4.10.2The Licensed Person must obtain the Letter of No Objection from the Banking Supervision Department before providing deposits to be held under a lien or encumbrance or as collateral deposits to banks/financial institutions in order to:
   1. a)obtain bank guarantees favouring the Central Bank for licensing purposes;
   2. b)obtain remittance arrangements with local or foreign institutions (via cash deposits or guarantees); and
   3. c)obtain any other type of facilities from financial institutions or banks.
3. 4.10.3Deposits for labour guarantee or utility services do not require the Licensed Person to obtain the Letter of No Objection from the Banking Supervision Department;
4. 4.10.4Deposits of excess cash with a bank or financial institution for a fixed term/period by the Licensed Person must be available for liquidation immediately on demand; and
5. 4.10.5The Licensed Person must not act as a guarantor or a facilitator of any other person, natural or juridical, to avail any credit facility for such person.

1. 4.11.1Distribution of net annual profit for any financial year to the Owner/Partners/Shareholders must be made only after the audit of financial statements for that year, subject to the conditions under Paragraphs 4.11.2 to 4.11.5 of this Chapter;
2. 4.11.2The distribution of net annual profit among Partners/Shareholders must be in accordance with the agreed profit sharing ratio;
3. 4.11.3The annual audit of such financial statements must be carried out by an External Auditor appointed in accordance with the Paragraph 7.3.2 of Chapter 7;
4. 4.11.4The Licensed Person must ensure sufficient liquidity in the business at all times in accordance with Paragraph 4.18 of this Chapter; and
5. 4.11.5The share of profit must be paid off to the Owner/Partners/Shareholders within fifteen (15) calendar days from the date of decision to distribute such profit. If not, the Central Bank reserves the right to treat such amounts as the current account balance of the Owner/Partners/Shareholders (Refer to Paragraph 4.12 of this Chapter).

1. 4.12.1The Licensed Person is not permitted to borrow from or lend money to or maintain a current account in the name of its owners, shareholders, partners, directors, managers, controllers, group companies, subsidiaries or customers; and
2. 4.12.2Salary advance by a Licensed Person to its employees is permitted subject to the following conditions:
   1. a)The maximum advance must not exceed the total of immediately preceding six (6) months’ gross salary of the employee; and
   2. b)Such advance must be made only towards employee’s housing expenses, medical expenses, education/training fees, air tickets or on other humanitarian grounds such as death/illness of an immediate family member.

1. 4.13.1“Designated Remittance Intermediate Account” with a Bank:
   1. a)A Licensed Person who is in possession of a Category B or C license must maintain an account with a Bank licensed by the Central Bank of the UAE to be used exclusively as a “Designated Remittance Intermediate Account”;
   2. b)The Licensed Person who conducts remittance business must deposit the funds received from its remittance customers directly into the “Designated Remittance Intermediate Account” before the end of banking hours on the next business day (i.e. the next business day following the day on which the funds were received); and
   3. c)The Licensed Person must use the funds available in the “Designated Remittance Intermediate Account” solely for the purpose of settling the customers’ remittances with the foreign correspondents (i.e. correspondent banks, exchange houses, financial institutions or instant money transfer service providers).
2. 4.13.2Accounting Treatment:
   1. a)All outward remittance transactions must be initially recorded in a separate ledger account (in the General Ledger) titled as “Remittance Intermediate Account”;
   2. b)The Remittance Intermediate Account must be a separate control account in the General Ledger. The Licensed Person may maintain multiple sub accounts (either currency wise, country wise or correspondent wise at the discretion of the Licensed Person) under the above stated control account;
   3. c)Outward remittance transactions must be transferred to the respective ledger accounts of foreign correspondents (in the General Ledger) as and when the remittance instructions are issued (i.e. upon payment order transmission) to foreign correspondents;
   4. d)The remittance instructions must be issued to foreign correspondents only after prefunding the account, if the settlement is on a prefund basis; and
   5. e)An amount equal to the liabilities towards the remittance customers (i.e. the balance in the Remittance Intermediate Account in relation to unprocessed transactions) must be available at all times in the form of local currency, balances in the Designated Remittance Intermediate Account and foreign banks to cover the liabilities towards the remittance customers.
3. 4.13.3Agreed-Upon Procedures (AUP) on the Remittance Intermediate Account:
   1. a)External Auditors must perform Agreed-Upon Procedures (AUP) on the Remittance Intermediate Account and report their findings on a monthly basis to the Board of Directors (or to the Owner/Partners where there is no Board of Directors). Please refer to Appendix 6 for the minimum required Agreed-Upon Procedures to be performed by the External Auditor in this regard.
4. 4.13.4Exception:
   1. a)Standards related to the Remittance Intermediate Account are not applicable to remittance arrangements through instant money transfer service providers who do not require any prefunding by the Licensed Person to pay beneficiaries at the destination.

1. 4.14.1Application for the renewal of a license must be submitted to the Licensing Division of the Banking Supervision Department at least two (2) months prior to the date of expiry of the license; and
2. 4.14.2In case, the Licensed Person exhibits major non-compliance with applicable Laws, Rules, Regulations, Notices and the Standards, then the Central Bank reserves the right to refuse the renewal of the license or to renew it for a period shorter than one (1) year.

1. 4.15.1A copy of the license issued by the Central Bank must be displayed in all licensed premises at a prominent location in addition to the commercial or trading license issued by the competent authority of the respective Emirate; and
2. 4.15.2The Licensed Person must also visibly display a list of its permitted activities (i.e. whether the Licensed Person offers Foreign Currency Exchange, Remittance Operations or Payment of Wages using WPS) at a prominent location inside as well as outside (closer to the main door) of all licensed premises.

1. 4.16.1The working hours of branches/Head Office or Management Office must be visibly displayed at a prominent location inside as well as outside (closer to the main door) of the respective licensed premises.

1. 4.17.1The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department for establishing relationship with any foreign institution for importing and/or exporting of banknotes;
2. 4.17.2The Banking Supervision Department shall issue the Letter of No Objection based on the merit of each application from the Licensed Person provided that the following requirements are satisfied:
   1. a)Minimum paid-up capital of the Licensed Person and the bank guarantee favouring the Central Bank is:
      • •AED 50 million in case of Limited Liability Companies; and
      • •AED 10 million in other cases.
   2. b)The risk grading awarded to the Licensed Person by the Central Bank must be either Low or Medium.
3. 4.17.3The Licensed Person must provide the following information/documents along with the application for the Letter of No Objection:
   • •The full legal name and address of the foreign institution;
   • •Draft copy of the bilateral agreement;
   • •Nature of the intended business, whether it is import or export of banknotes or both;
   • •Purpose of importing banknotes from the respective foreign institution;
   • •Source of banknotes exported to the respective foreign institution;
   • •Separate list of currencies to be imported and/or exported from/to the respective foreign institution and the projected annual value for each currency for next three (3) years;
   • •Expected number of shipments (separately for import and export) per year and projected value of each shipment in local currency for next three (3) years;
   • •Confirmation that the Enhanced Due Diligence has been carried out on the respective foreign institution; and
   • •List of similar existing arrangements and the current yearly volume and value of business in each currency for each entity.
4. 4.17.4Import or export of banknotes must be made only from/to an institution which is a licensed financial institution from a well regulated jurisdiction;
5. 4.17.5The Licensed Person must carry out the Enhanced Due Diligence, in accordance with Paragraph 16.11.2 of Chapter 16, on such foreign institutions before requesting for the Letter of No objection from the Banking Supervision Department;
6. 4.17.6The Licensed Person must have appropriate agreements with such foreign institutions containing suitable clauses to cover all risks associated with importing and exporting of banknotes;
7. 4.17.7The Licensed Person must complete the settlement for each shipment, whether import or export, within a period of seven (7) business days from the date of receiving/dispatching the shipment;
8. 4.17.8The validity of the Letter of No Objection issued by the Banking Supervision Department is for a maximum period of three (3) years. The Central Bank reserves the right to restrict the validity of such Letter of No Objection for a period less than three (3) years depending on the risk grading of the Licensed Person; and
9. 4.17.9The Central Bank reserves the right, if it deems appropriate, to restrict the use of imported banknotes to be sold via own branches of the Licensed Person to its retail customers and not for supplying to other Licensed Persons or Financial Institutions that are operating inside or outside the UAE.

1. 4.18.1Current assets of a Licensed Person must be at least 1.2 times of the current liabilities at all times;
2. 4.18.2Current assets in this context consists of the following items from the Balance Sheet:
   1. a)Cash in hand (i.e. local and foreign currency stocks);
   2. b)Balances with banks (i.e. local and foreign bank balances);
   3. c)Receivables from the other financial institutions (local and foreign);
   4. d)Cheques which are within the validity period of six (6) months from the date of issue (i.e. valid cheques) received from the customers; and
   5. e)Unencumbered fixed deposits with banks or financial institutions with a remaining maturity period of less than three (3) months.
3. 4.18.3Item (c) of Paragraph 4.18.2 of this Chapter must be recoverable and are not dormant or inactive during the past thirty (30) calendar days;
4. 4.18.4For the computation of the current assets, the following items must not be considered:
   1. a)Post-dated cheques;
   2. b)Pre-payments;
   3. c)Mandatory deposits such as deposits for utility services, labor guarantee, etc.;
   4. d)Deposits under lien of any kind;
   5. e)Deposits which cannot be liquidated upon demand; and
   6. f)Debit balances in the current account of the owners, directors, controllers, managers, employees, customers, etc., if any (Refer to Paragraph 4.12 of this Chapter).
5. 4.18.5Current liabilities in this context consists of the following items from the Balance Sheet:
   1. a)Liabilities towards customers for any outward remittances (local and foreign including the amount of unclaimed funds);
   2. b)Sundry Creditors;
   3. c)Accruals;
   4. d)Liabilities towards the beneficiaries of the inward remittances if the funds are received by the Licensed Person;
   5. e)Liabilities related to WPS;
   6. f)Amounts payable to banks and other financial institutions upon demand or payable within three (3) months - local and foreign;
   7. g)Any valid cheques issued by the Licensed Person which is not netted off against the bank balance; and
   8. h)Credit balances in the current account of the owners, directors, controllers, managers, employees, customers, etc., if any (Refer to Paragraph 4.12 of this Chapter).
6. 4.18.6For the computation of current liabilities, the following items must not be considered:
   1. a)Post-dated cheques;
   2. b)Any kind of provisions including the provision for gratuity, leave salary, air tickets for the employees, annual maintenance contracts, etc.; and
   3. c)Amounts payable after three (3) months to banks and other financial institutions - local and foreign.

1. 4.19.1Total Equity of the Licensed Person must not fall below the minimum required paid-up capital as stipulated in Paragraph 2.3 of Chapter 2;
2. 4.19.2Total Equity includes:
   1. a)Paid-up Capital;
   2. b)Statutory/Legal Reserves;
   3. c)General Reserves or any other Reserves of similar nature;
   4. d)Current year profits or losses (i.e. profits to be added and losses to be deducted); and
   5. e)Retained earnings/accumulated profits or losses (i.e. retained earnings/profits to be added and losses to be deducted).
3. 4.19.3Debit balance in the current account of the owner/partners/shareholders, if any, must be deducted from the Total Equity;
4. 4.19.4Where the Total Equity falls below the minimum required paid-up capital, the Licensed Person must inject additional paid-up capital to balance the equity position after obtaining a Letter of No Objection from the Banking Supervision Department. Such injection of additional paid-up capital must be made within six (6) months from the date when the equity falls below the minimum required paid-up capital; and
5. 4.19.5In the case of a newly established business, the Licensed Person is entitled for a grace period of one (1) year from the date of commencement of the business before being required to inject additional paid-up capital to comply with the requirements of Paragraph 4.19.4 of this Chapter, unless specifically instructed by the Central Bank to do so.

1. 4.20.1The authorized signatory who signs correspondence (i.e. letters, requests for various purpose etc.) with the Central Bank must possess a Power of Attorney (PoA) from the Licensed Person or its Owner/Partners/Shareholders with exemptions under Paragraphs 4.20.3 and 4.20.4 of this Chapter, unless such person is the sole owner of the Licensed Person;
2. 4.20.2The Central Bank will not act on or respond to any correspondence signed by parties other than authorized signatories having Power of Attorney in accordance with Paragraph 4.20.1 of this Chapter;
3. 4.20.3The Compliance Officer of the Licensed Person may sign responses to ‘Search’ or ‘Search and Freeze’ notices from the Central Bank. The Suspicious Transaction Reports (STR) must be signed by the Compliance Officer at all times;
4. 4.20.4The Licensed Person or its authorized signatory may delegate the authority to other employees of the Licensed Person to sign the periodical returns/reports (such as monthly, quarterly, bi-annual or annual returns) to be submitted to the Central Bank. The Licensed Person and its authorized signatory shall retain the responsibility for the accuracy of all such returns even after the delegation;
5. 4.20.5The Licensed Person or its Board of Directors (or the Owner/Partner where there is no Board of Directors) must not grant a Power of Attorney of any kind to any party other than a full time employee, Director of the Board, Partner or a Shareholder of the Licensed Person; and
6. 4.20.6The Licensed Person or its Board of Directors (or the Owner/Partner where there is no Board of Directors) must not authorize any party other than a full time employee, Director of the Board, Partner or a Shareholder of the Licensed Person to act as an authorized signatory of its local or foreign bank account.

1. 4.21.1The Licensed Person may refer to Appendix 3 of the Standards for the list of returns/reports to be submitted to the Central Bank;
2. 4.21.2The Licensed Person must submit all returns/reports to the Central Bank on or before the reporting deadlines; and
3. 4.21.3The Licensed Person must obtain access to the Central Bank reporting portals, such as Daily Remittances Reporting System, IRR System (Integrated Regulatory Reporting System), Suspicious Transaction Reporting System, etc. for the submission of periodical online reports.

1. 4.22.1A short term business plan, called the “Budget”, must be agreed and approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors) at the beginning of each financial year;
2. 4.22.2A comparison of actual performance against budgets must be performed at the end of every financial year, at a minimum, and variances must be analysed to identify the events that led to the actual performance deviating from the budget; and
3. 4.22.3The Licensed Person must also have a long term business plan, preferably for a period of three to five (3 to 5) years, approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors).

1. 4.23.1The Licensed Person must ensure that the number of their UAE National employees is not less than 10% of the total number of employees or one UAE national employee in each office/branch, whichever is higher;
2. 4.23.2All UAE National employees must be registered with Ministry of Labor and General Pension and Social Security Authority;
3. 4.23.3The Licensed Person may deduct the number of ancillary staff (such as drivers, office boys, cleaning staff, security staff, etc.) from the total number of employees for the computation of 10% of the total number of employees; and
4. 4.23.4The Central Bank reserves the right to issue Regulations regarding Emiratisation in the Financial Industry from time to time. The Licensed Persons must comply with such future Regulations as and when the same are issued.

1. 4.24.1The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department to invest in or to open subsidiaries or offices of any kind, whether outside or inside the UAE; and
2. 4.24.2The paid-up capital of the Licensed Person after netting off investments in such subsidiaries or offices must not fall below the minimum required paid-up capital as stipulated in Paragraph 2.3 of Chapter 2.

1. 4.25.1The Licensed Person must immediately inform the Banking Supervision Department if it becomes aware that the Licensed Person or its Owner/Partners/Shareholders, Director of the Board, employees or subsidiaries is/are the subject of an investigation of criminal nature by a local or foreign investigating agency;
2. 4.25.2The Licensed Person must immediately inform the Banking Supervision Department if it becomes aware that it is a party to any litigation whether civil or criminal in nature; and
3. 4.25.3The Licensed Person must maintain appropriate registers and records related to such investigations and litigations.

1. 4.26.1The Licensed Person must comply with all applicable Laws (examples: Labor Law, Commercial Companies Law, etc.), Rules and Regulations of the UAE in addition to the Standards and Notices issued by the Central Bank at all times.

1. 4.27.1The Licensed Person must respond to the ‘Search’ or ‘Search and Freeze’ notices from the Central Bank and other Enforcement Authorities within the time frame provided in such notices; and
2. 4.27.2Appropriate evidence must be held in a separate file in order for the Central Bank Examiners to confirm the status of compliance with this requirement.

1. 4.28.1The Licensed Person must settle all transactions within the UAE in AED only via UAEFTS;
2. 4.28.2The Licensed Person may request the Banking Supervision Department for access to UAEFTS; and
3. 4.28.3The Central Bank will provide access to UAEFTS only if the systems of the Licensed Person meets the UAEFTS requirements.

1. 4.29.1The Licensed Person, its Owner/Partners/Shareholders, Directors on the Board, management or employees must not offer gifts (whether in cash or in kind) and entertainments to or attempt to influence employees of the Central Bank in any manner.

1. 4.30.1The Licensed Person must seek a Letter of No Objection from the Central Bank and provide a solid business case to support the pricing initiative prior to introducing new pricing or increasing pricing for products related to their licensed activities.

The Central Bank reserves the right to undertake an examination at a Licensed Person at any time when it deems it appropriate. This chapter provides information on the Central Bank examinations and responsibilities of the Licensed Person in relation to such examinations.

1. 5.1.1The type and scope of an examination will be determined by the Central Bank on a case by case basis. There are three types of examinations and they are discussed under Paragraphs 5.1.2 to 5.1.4 of this Chapter:
2. 5.1.2Full Scope Examination
   1. a)A full scope examination is primarily meant to cover all aspects of the business of a Licensed Person such as financial and non-financial in addition to the compliance with all applicable Laws, Rules, Regulations, Notices and the Standards;
   2. b)The time frame to complete a full scope examination is usually between seven to fourteen (7 to 14) business days depending on the nature, size and complexity of the business of the Licensed Person; and
   3. c)Findings of a full scope examination will be communicated to the Licensed Person through an appropriate Transmittal Letter.
3. 5.1.3Fast Track Examination
   1. a)A fast track examination is a quick examination which will be completed within a short period of two to three (2 to 3) business days depending on the nature, size and complexity of the business of the Licensed Person;
   2. b)A fast track examination is meant to assess the level of compliance of a Licensed Person with high level requirements of all applicable Laws, Rules, Regulations, Notices and the Standards; and
   3. c)Findings of a fast track examination will be communicated to the Licensed Person through an appropriate Transmittal Letter.
4. 5.1.4Special Examination
   1. a)The Central Bank reserves the right to undertake special examinations or surprise examinations at any time, if it deems necessary;
   2. b)The scope and the timeframe of special examinations will be decided by the Central Bank on a case by case basis; and
   3. c)The Central Bank reserves the right to decide whether findings of such examinations need to be communicated to the Licensed Person or not.

1. 5.2.1The ultimate responsibility to prepare for the Central Bank examination lies with the Manager in Charge of the Licensed Person;
2. 5.2.2The Licensed Person must give special attention to Paragraphs 5.2.2 (a) to (d) of this Chapter in relation to the preparation for an examination:
   1. a)The Licensed Person must prepare and keep all information or documents ready within the timeline provided by the Central Bank;
   2. b)The Licensed Person must provide appropriate work space within its premises and full assistance to the Central Bank Examiners in order to carry out the examination;
   3. c)The Manager in Charge or any other authorized person of the Licensed Person must be available at all times to answer the queries of the Central Bank Examiners; and
   4. d)The Compliance Officer and the Accountant must be present at the time when the Central Bank Examiners review their respective functions.

1. 5.3.1The Transmittal Letter is the official communication from the Central Bank to the Licensed Person which contains all findings of an examination;
2. 5.3.2The objective of issuing a Transmittal Letter is to inform the Licensed Person about the areas of non-compliance noted by the Central Bank Examiners during an examination;
3. 5.3.3Transmittal Letters are issued after full scope or fast track examinations provided that there are observations related to non-compliance with applicable Laws, Rules, Regulations Notices and the Standards;
4. 5.3.4The Transmittal Letter is normally divided into several sections, such as, (a) Major Issues (b) Violations under the Regulations and the Standards (c) Violations under AML/CFT Regulations (d) Reporting Issues (e) Operational and Control Issues and (f) Other Issues; and
5. 5.3.5The risk grading awarded to the Licensed Person, whether it is low, medium, high, very high or unacceptable, and details of predefined parameters based on which the overall risk grading is calculated will be indicated in the Transmittal Letter.

1. 5.4.1The Licensed Person must provide its response in writing for each finding in the Transmittal Letter within the time frame provided by the Central Bank;
2. 5.4.2The response from a Licensed Person must include the detailed plan of action on how and when the findings of a Transmittal Letter will be resolved;
3. 5.4.3If no specific time frame is provided by the Central Bank, then the Licensed Person must submit its response within thirty (30) calendar days from date of issue of the Transmittal Letter; and
4. 5.4.4The response to the Transmittal Letter must be submitted in original hard copy under the signature of the authorized signatory of the Licensed Person to the Supervision & Examination Division of the Banking Supervision Department.

1. 5.5.1The Central Bank shall review responses and action plans received from the Licensed Person; and
2. 5.5.2The Central Bank reserves the right to conduct follow up examinations in order to assess the progress of the Licensed Person in resolving the examination findings.

1. 5.6.1The Central Bank reserves the right to call the Manager in Charge, Compliance Officer, Functional Heads, Directors of the Board or Shareholders/the Owner/Partners of the Licensed Person for a meeting to discuss the examination findings;
2. 5.6.2Such meetings may be held either before the issue of Transmittal Letters (known as Exit Meetings) or after the issue of Transmittal Letters (known as Follow-up Meetings); and
3. 5.6.3The Licensed Person must attend such meetings without fail.

Corporate governance broadly refers to mechanisms and processes by which the Licensed Person is managed, controlled and directed. Governance structures and principles identify the distribution of powers and responsibilities within the management structure of a Licensed Person. This chapter provides standards on how to organize the Management and Governance framework of a Licensed Person.

1. 6.1.1The Licensed Person must have a Head Office within the UAE where the Manager in Charge and other functional heads must be based to carry out their responsibilities;
2. 6.1.2All files and physical records of the Licensed Person, whether they are related to the incorporation, governance, customers, transactions, accounting, employees, etc., must be available in the Head Office or otherwise accessible during the Central Bank examination;
3. 6.1.3The Central Bank expects the Licensed Person to maintain its Head Office at the same address as mentioned in the main license (or the first license) unless otherwise agreed by the Central Bank in writing;
4. 6.1.4The Head Office must not be located in a free zone or any other place (such as inside an Airport) where the free entry is restricted for the Central Bank Examiners to visit such office at any time to conduct an examination; and
5. 6.1.5The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department in order to re-locate the Head Office from its approved location to another location.

1. 6.2.1The Licensed Person may open a separate Management Office, after obtaining a Letter of No Objection from the Banking Supervision Department, to be used for the same purposes as mentioned under Paragraphs 6.1.1 and 6.1.2 of this Chapter in case the Head Office does not have sufficient space;
2. 6.2.2The Licensed Person is not permitted to carry out Exchange Business from its Management Office unless otherwise approved by the Central Bank in writing; and
3. 6.2.3Conditions under Paragraphs 6.1.4 and 6.1.5 of this Chapter are also applicable to the Management Office of a Licensed Person.

1. 6.3.1The organizational structure of the Licensed Person must be approved by its Board of Directors (or by the Owner/Partners where there is no Board of Directors); and
2. 6.3.2The organizational structure must reflect reporting lines of the Manager in Charge, Compliance Officer and other functional heads and must be free from any conflict of interests to ensure functional independence.

1. 6.4.1The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department prior to the appointment of its Manager in Charge by submitting a duly completed APA Form (Refer to Appendix 5 for this Form) along with all required documents to the Banking Supervision Department;
2. 6.4.2The Central Bank shall conduct a fit and proper test on the proposed Manager in Charge before issuing the Letter of No Objection. The Central Bank reserves the right to:
   1. a)interview the proposed Manager in Charge as part of the fit and proper test; and
   2. b)issue or decline the approval for the proposed Manager in Charge.
3. 6.4.3In case the prior approval is rejected by the Central Bank, the Licensed Person must propose a new Manager in Charge within the timeline provided by the Central Bank in the Letter of Rejection. If a specific timeline is not provided in the Letter of Rejection, then the Licensed Person must propose a new Manager in Charge within a period of one hundred and eighty (180) calendar days from the date of Letter of Rejection.
4. 6.4.4Minimum Qualification and Experience of the Manager in Charge:
   1. a)If the Licensed Person is in possession of a Category A License:
      • •A minimum of five (5) years of experience within any financial institution(s), of which at least two (2) years in senior management position(s), such as head of a core function, Manager in Charge, General Manager/CEO or member of the Board of Directors; and
      • •Sound knowledge of all applicable Laws, Rules, Regulations, Notices and the Standards related to Exchange Business in the UAE.
   2. b)If the Licensed Person is in possession of either a Category B or Category C License:
      • •A minimum of eight (8) years of experience within any financial institution(s), of which at least four (4) years in a senior management position(s), such as head of a core function, Manager in Charge, General Manager/CEO or member of the Board of Directors;
      • •Sound knowledge of all applicable Laws, Rules, Regulations, Notices and the Standards related to Exchange Business in the UAE; and
      • •Preference may be given to those with a Bachelor degree or higher in any discipline.
5. 6.4.5Employment Type and Residential Status of the Manager in Charge:
   1. a)The Manager in Charge must be a full time employee of the Licensed Person;
   2. b)The Manager in Charge is not permitted to hold any position or responsibility or role in or on behalf of any other entity or business, whether inside or outside the UAE;
   3. c)The Manager in Charge must be a resident in the UAE; and
   4. d)Foreign national must be under the employment visa of the Licensed Person when employed as a Manager in Charge.
6. 6.4.6Responsibilities of the Manager in Charge:
   1. a)The Manager in Charge is responsible for the effective management of all aspects/activities of a Licensed Person.
7. 6.4.7Resignation of the Manager in Charge and notification to the Central Bank:
   1. a)The Licensed Person must notify the Banking Supervision Department, within five (5) working days, in case the Manager in Charge resigns or vacates the office in any other manner with reasons thereof via email to: info.ehs@cbuae.gov.ae;
   2. b)The Licensed Person must also provide, in the above notification email, the contact details of an alternate person (i.e. Interim Manager in Charge) who will be responsible for managing the business until the position of the Manager in Charge is permanently filled in; and
   3. c)A permanent replacement must be appointed after obtaining a Letter of No Objection from the Banking Supervision Department within a period of one hundred and eighty (180) calendar days from the date when the position of the Manager in Charge falls vacant (Refer to Paragraphs 6.4.1, 6.4.2 and 6.4.3 of this Chapter).
8. 6.4.8Removal of the Manager in Charge:
   1. a)The Central Bank reserves the right to remove the Manager in Charge of a Licensed Person at its sole discretion;
   2. b)The Licensed Person, in such cases, must comply with Paragraphs 6.4.7 (b) and 6.4.7 (c) of this Chapter; and
   3. c)The Central Bank reserves the right to communicate or not to communicate the reasons to the Licensed Person for its decision to remove the Manager in Charge.

1. 6.5.1The Functional Heads must possess appropriate qualifications and experience required to carry out their responsibilities.

1. 6.6.1The Licensed Person must appoint a Compliance Officer and an Alternate Compliance Officer who will be primarily responsible for its AML compliance function; and
2. 6.6.2The Licensed Person must refer to Paragraphs 16.4 and 16.5 of Chapter 16 for additional standards regarding the appointment of the Compliance Officer and the Alternate Compliance Officer.

1. 6.7.1The Licensed Person must appoint a Board of Directors, if required by the prevailing Commercial Companies Law of the UAE;
2. 6.7.2Qualifications and Experience of Directors of the Board:
   1. a)A minimum of eight (8) years of experience within any financial institution(s), of which at least five (5) years in senior management position(s), such as head of a core function, Manager in Charge, General Manager/CEO or as member of the Board of Directors;
   2. b)Knowledge of all applicable Laws, Rules, Regulations, Notices and the Standards related to Exchange Business in the UAE;
   3. c)Preference may be given to those with a Bachelor degree or higher in any discipline; and
   4. d)The Licensed Person’s Shareholders, Partners and their immediate family members (i.e. father, mother, brother, sister, children or grandchildren, in laws, etc.) are eligible to become Directors on the Board regardless of their qualifications and experience (i.e. Paragraphs 6.7.2 (a) to (c) of this Chapter are not applicable in these cases).
3. 6.7.3Residential Status of Directors of the Board:
   1. a)The majority of Directors of the Board (i.e. more than 50% of Directors of the Board) must be resident in the UAE.
4. 6.7.4The Roles and Responsibilities of the Board of Directors:
   1. a)The Board of Directors is responsible for the oversight of all activities of the Licensed Person;
   2. b)The Board of Directors is also responsible to appoint and monitor the performance of the Manager in Charge in addition to the following:
      • •Maintain honesty, integrity and transparency throughout the business activities;
      • •Ensure that a robust and independent compliance function is established and maintained;
      • •Ensure that appropriate AML/CFT compliance and other related policies are implemented;
      • •Ensure that actions are taken by the relevant stakeholders to resolve internal/external audit findings and regulatory compliance issues including AML compliance in a timely manner;
      • •Ensure that sufficient time, freedom, resources, systems and tools are available for the Manager in Charge and Compliance Officer to fulfil their responsibilities effectively;
      • •Ensure that an internal audit function is established and maintained; and
      • •Review the effectiveness of the internal audit function at the end of every year.
5. 6.7.5The Resignation or Termination of Director of the Board:
   1. a)Upon the resignation or termination of a Director of the Board, a permanent replacement must be appointed within one hundred and twenty (120) calendar days from the date when the position of a Director of the Board falls vacant; and
6. 6.7.6In case a Licensed Person does not have any obligation to appoint a Board of Directors as per the prevailing Commercial Companies Law of the UAE, its Owner or Partners must be responsible for carrying out the responsibilities under Paragraph 6.7.4 of this Chapter.

1. 6.8.1Shareholders must meet at least once every year to approve the External Auditors’ report and financial statements for the previous financial year, annual budgets, appointment of External Auditors for the current financial year etc.;
2. 6.8.2The Board of Directors must meet at regular intervals, in accordance with the provisions of the prevailing Commercial Companies Law of the UAE, with a pre-agreed agenda to discuss all aspects of the business activities with the Manager in Charge, Compliance Officer and other functional heads;
3. 6.8.3Where the Licensed Person does not have a Board of Directors, the Owner/Partners, Manager in Charge, Compliance Officer and other functional heads must meet at least once in six (6) months to discuss all aspects of the business; and
4. 6.8.4The minutes of above meetings must be available for the verification of the Central Bank Examiners.

1. 6.9.1The Licensed Person, irrespective of its legal form or constitution, must constitute at least two committees as per Paragraphs 6.9.2 and 6.9.3 of this Chapter;
2. 6.9.2An Audit Committee must be constituted in order to:
   1. a)recommend the name(s) of appropriate External Auditors for the approval of the Board of Directors (or of the Owner/ Partners where there is no Board of Directors) to carry out the annual financial audit;
   2. b)review and ensure that the Internal Audit Charter and the Internal Audit Plan are appropriate to the nature, size and complexity of the business prior to obtaining approval from the Board of Directors (or from the Owner/Partners where there is no Board of Directors);
   3. c)review all internal/external audit reports, management letters, etc.;
   4. d)review action plans to address findings of the internal/external reports; and
   5. e)provide updates about various matters mentioned under Paragraphs 6.9.2 (a) to (d) of this Chapter to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).
3. 6.9.3A Compliance Committee must be constituted in order to:
   1. a)recommend the name(s) of appropriate External Auditors for the approval of the Board of Directors (or of the Owner/Partners where there is no Board of Directors) to perform an Agreed-Upon Procedures on the AML/CFT compliance function annually;
   2. b)review various ML/FT risks associated with the business and confirm that appropriate policies, procedures, controls, resources, etc. are in place to mitigate such risks;
   3. c)periodically review resources, systems and tools available to the Compliance Officer and ensure that they are appropriate to the nature, size and complexity of the business;
   4. d)review recommendations from the Annual Report of the Compliance officer;
   5. e)review findings of internal audit, independent review of the AML/CFT compliance function by External Auditors, the Central Bank examinations and all related action plans; and
   6. f)provide updates about various matters mentioned under Paragraphs 6.9.3 (a) to (e) of this Chapter to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).
4. 6.9.4Composition of Committees:
   1. a)The Audit Committee must include the following members at a minimum:
      • •at least one Director of the Board or the Owner or at least one Partner;
      • •Manager in Charge;
      • •Internal Auditor; and
      • •Any other functional heads, if the Licensed Person deems it necessary.
   2. b)The Compliance Committee must include the following members at a minimum:
      • •at least one Director of the Board or the Owner or at least one Partner;
      • •Manager in Charge;
      • •Compliance Officer;
      • •Alternate Compliance Officer; and
      • •Any other functional heads, if the Licensed Person deems it necessary.
5. 6.9.5Committees must meet at least once in every quarter and minutes of such meetings must be available for the verification of the Central Bank Examiners.

The Licensed Person must maintain appropriate books of accounts that reflect the true and fair view of its financial position at any point in time. This chapter provides standards to be maintained on Accounting and Auditing functions of the Licensed Person.

1. 7.1.1Appointment of an Accountant
   1. a)The Licensed Person must appoint an Accountant who is primarily responsible to maintain appropriate books of accounts and prepare periodical financial reports for submission to the Central Bank;
   2. b)The job title of the Accountant may vary at the discretion of the Licensed Person, for example Accounts Manager, Chief Accountant, etc.; and
   3. c)The Accountant must possess sufficient knowledge and appropriate experience to deal with all issues related to the bookkeeping, financial accounting, reporting to the Central Bank and to manage the annual audit of the books of accounts by External Auditors.
2. 7.1.2Accountant’s Responsibilities (the list is not exhaustive)
   1. a)Ensure accuracy and completeness in the bookkeeping and financial accounting;
   2. b)Arrange to submit accurate regulatory reports, such as monthly returns, quarterly returns, monthly remittance reports, audited financial statements, etc. within the submission deadlines to the Central Bank;
   3. c)Obtain statements related to remittances, foreign currency export/import, hedge accounts or special products/services from banks, remittance partners or other relevant institutions/partners to perform reconciliation of balances on a regular basis, preferably daily;
   4. d)Investigate differences identified during the reconciliation process and report all unreconciled items to the Manager in Charge immediately;
   5. e)Assess the amount of unclaimed funds as on the last day of every month; and
   6. f)Assess the liquidity position and capital adequacy on a regular basis to inform the Manager in Charge.
3. 7.1.3Books of Accounts
   1. a)The Licensed Person must maintain comprehensive and accurate books of accounts and supporting records that reflect its correct liquidity/financial positions at all times;
   2. b)The books of accounts and other records must be available within the UAE at all times and for the examination by the Central Bank;
   3. c)The Licensed Person must introduce automated books of accounts in order to generate periodical Central Bank returns with the aid of suitable accounting software; and
   4. d)The systems of the Licensed Person must be capable of generating appropriate reports related to the foreign currency exchange and remittance transactions at any point in time and for any period. Such reports must provide the below information at a minimum:
      • •Number, total value and average value of transactions for each product;
      • •Number, total value and average value of foreign currency exchange transactions for each currency;
      • •Number, total value and average value of outward/inward money transfers to/from each correspondent, country and for each currency; and
      • •Number, total value and average value of outward/inward money transfers via instant money transfer service providers to/from each service provider, country and for each currency.

1. 7.2.1Appointment of Internal Auditor
   1. a)The Licensed Person must appoint an Internal Auditor who is responsible to carry out regular audits across all aspects of its business; and
   2. b)The Internal Auditor must possess sufficient knowledge and appropriate experience to deal with all issues related to internal audit.
2. 7.2.2Scope of the Internal Audit
   1. a)The Licensed Person must have an Internal Audit Charter, that clearly states the purpose, scope and reporting lines of the Internal Auditor;
   2. b)The Internal Audit Charter must be reviewed by the Audit Committee and then approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors);
   3. c)The Internal Auditor must adhere to relevant auditing standards and code of ethics that are applicable to the internal audit profession;
   4. d)All business activities of the Licensed Person, core functions, non-core functions, branches, Head Office, Management Office (if any), reconciliation process, unreconciled items, unclaimed funds, liquidity, capital adequacy, etc. must be covered under the scope of internal audit in addition to the AML and regulatory compliance;
   5. e)The Internal Auditor must be given access to employees, data and records which may reasonably be required to fulfil all responsibilities;
   6. f)The Internal Auditor must be informed, on a timely basis, of any changes in the applicable Regulations, the Standards and the Licensed Person’s policies or procedures;
   7. g)The Internal Auditor must prepare the Annual Internal Audit Plan after discussing with the Audit Committee and obtain the approval of the Board of Directors (or of the Owner/Partners where there is no Board of Directors) at the beginning of each financial year;
   8. h)The Annual Internal Audit Plan must contain timelines for each internal audit, internal audit reporting deadlines, allocation of resources, areas to be audited, follow up audit plans etc.;
   9. i)Internal audits must be performed in accordance with the Annual Internal Audit Plan and the Board of Directors (or the Owner/Partners where there is no Board of Directors) must ensure that internal audit findings are addressed in a timely manner; and
   10. j)The Internal Audit Charter and Plan must be reviewed by the Audit Committee at the end of each year to assess the effectiveness of the internal audit function and a summary of such reviews must be presented to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).
3. 7.2.3Internal Audit Reporting Lines
   1. a)The Internal Auditor must report directly to the Board of Directors (or to the Owner/Partners where there is no Board of Directors); and
   2. b)Copies of all internal audit reports and corrective actions taken by the Manager in Charge must be available for verification by the Central Bank Examiners.
4. 7.2.4Independence and Conflict of Interest
   1. a)The Internal Auditor’s role must be handled by a dedicated resource and must not be combined with any other function of the Licensed Person; and
   2. b)The Internal Auditor must bring any matter affecting their independence such as creating any conflict of interest or limiting the scope of internal audit, restricting access to any information, etc. to the attention of the Board of Directors (or of the Owner/Partners where there is no Board of Directors).

1. 7.3.1Appointment of External Auditor
   1. a)The Licensed Person must appoint an External Auditor after obtaining a Letter of No Objection from the Banking Supervision Department for each financial year to audit its books of accounts and the financial statements;
   2. b)The Central Bank reserves the right to appoint an External Auditor at its sole discretion to audit the books of accounts of the Licensed Person for any financial year in the following cases:
      • •The Licensed Person had failed to obtain the Letter of No Objection from the Banking Supervision Department to appoint an External Auditor; and
      • •The Licensed Person had appointed an External Auditor contrary to instructions from the Banking Supervision Department.
   3. c)The Central Bank reserves the right to appoint additional External Auditors where it deems it appropriate, reasonable and necessary;
   4. d)In all cases of appointments as per Paragraphs 7.3.1 (a) to (c) of this Chapter, the audit fee payable to External Auditors must be paid by the Licensed Person; and
   5. e)The Central Bank reserves the right to instruct External Auditors to submit the audit report, financial statements and any other relevant information directly to the Central Bank if it deems it necessary.
2. 7.3.2Approval Process to Appoint the External Auditor
   1. a)The Licensed Person must submit the request for the Letter of No Objection to the Banking Supervision Department on or before 31^st May of each financial year; and
   2. b)The request letter must be signed by the authorised signatory of the Licensed Person and accompanied by the following documents:
      • •duly completed Form BSD IIIA & IIIB which must be signed by the proposed External Auditor; and
      • •a copy of the professional license of the proposed External Auditor.
3. 7.3.3Rotation of External Auditors
   1. a)The Licensed Person is permitted to appoint the same External Auditor to audit its books of accounts and financial statements for a maximum period of six (6) consecutive financial years provided that the following conditions are fulfilled:
      • •A Letter of No Objection from the Banking Supervision Department is obtained to appoint the same External Auditor for each financial year; and
      • •The audit partner is changed after a maximum period of three (3) consecutive financial years.
   2. b)After six (6) consecutive financial years, the Licensed Person must appoint a different External Auditor for a minimum period of one (1) financial year after obtaining a Letter of No Objection from the Banking Supervision Department in accordance with Paragraph 7.3.2 of this Chapter;
   3. c)In case the External Auditor is unable to change the audit partner after a period of three (3) consecutive financial years as required under Paragraph 7.3.3 (a) of this Chapter, the Licensed Person must appoint a different External Auditor for a minimum period of one (1) financial year after obtaining a Letter of No Objection from the Banking Supervision Department in accordance with Paragraph 7.3.2 of this Chapter;
   4. d)An External Auditor appointed for a period of less than one (1) year, usually for a start-up business, will be considered as one (1) full financial year for the purpose of calculating the limit of six (6) consecutive financial years under Paragraph 7.3.3 (a) of this Chapter; and
   5. e)The limit of six (6) consecutive financial years shall be applied retrospectively, starting from the financial year 2012.
4. 7.3.4Auditors’ Report and Financial Statements
   1. a)Audited Financial Statements and the Auditors’ Report for any financial year must be submitted to the Banking Supervision Department on or before 31^st March of the following year;
   2. b)External Auditors must expressly state their views on the following matters in the Auditors’ Report in addition to their audit opinion:
      • •Whether the Licensed Person has kept regular books of accounts and it was available in the UAE during the audit;
      • •Whether suitable accounting software has been implemented in accordance with Paragraphs 7.1.3 (c) and (d) of this Chapter; and
      • •Whether there is any major breach of the Regulations or the Standards applicable to Exchange Business.
   3. c)Where the Licensed Person has Subsidiaries, whether inside or outside the UAE, the Consolidated Financial Statements and Auditors’ Report must be submitted to the Central Bank within six (6) months from the end of each financial year;
   4. d)External Auditors must directly report to the Banking Supervision Department, if there are any serious violations or breaches of applicable Laws, Rules, Regulations, Notices and the Standards or deficiencies/manipulations in the books of accounts which comes to its attention during the course of audit engagement; and
   5. e)An External Auditor issuing a report under Paragraph 7.3.4 (d) of this Chapter to the Banking Supervision Department, in good faith, shall bear no liability to the Licensed Person or to its Owner, Partners, Shareholders or any other party for the breach or alleged breach of confidentiality.
5. 7.3.5The Management Letter
   1. a)The Licensed Person must request the External Auditor to issue a Management Letter highlighting all deficiencies in its internal controls along with recommendations for the mitigation of such deficiencies;
   2. b)The Licensed Person must provide its comments for each finding in the Management Letter;
   3. c)In case the Management Letter was not issued by an External Auditor, a letter stating the same and the reasons thereof must be issued by the External Auditor; and
   4. d)A copy of the Management Letter or the letter as per Paragraph 7.3.5 (c) of this Chapter must be submitted to the Banking Supervision Department along with the Auditors’ Report and financial statements for each financial year.

The Human Resources (HR) function plays a vital role in hiring and maintaining the appropriate employees for the Licensed Person. The Licensed Person may appoint a dedicated person to manage the HR function or combine the HR function with another suitable function subject to the conditions of Paragraphs 7.2.4 (a) of Chapter 7, 16.4.7 (a) and 16.5.1 (g) of Chapter 16. This chapter provides minimum standards to be maintained by the Licensed Person in relation to the HR function.

1. 8.1.1The Licensed Person must implement a Human Resource Policy approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors);
2. 8.1.2The Human Resource Policy must cover the following at a minimum:
   1. a)Recruitment and Know Your Employee (KYE) Policy;
   2. b)Induction and trainings;
   3. c)Job descriptions and KPIs;
   4. d)Segregation of duties;
   5. e)Staff rotation;
   6. f)Working hours and overtime pay;
   7. g)Leave, holidays and vacation;
   8. h)Performance evaluation;
   9. i)Rights and responsibilities of employees; and
   10. j)The Disciplinary Process.
3. 8.1.3The Human Resource Policy must be in line with all applicable Laws and Rules of the UAE. The Human Resource Policy must be reviewed at regular intervals.

1. 8.2.1The Licensed Person is responsible to establish and confirm the background of applicants prior to placing them in the employment; and
2. 8.2.2The KYE Procedure must include the following at a minimum:
   1. a)Initial screening of CVs;
   2. b)Verification of applicants’ academic qualifications;
   3. c)Testing and interview;
   4. d)Employment history verification by contacting previous employers to confirm the employee’s work experience and to gather information on previous role(s);
   5. e)Police Clearance Certification from the police authorities of each respective Emirate if the applicant is already in the UAE. In other cases, Police Clearance Certificates must be obtained from the home country of the candidate, if available; and
   6. f)Sanction checks must be applied on applicants before placing them in the employment.

1. 8.3.1Job descriptions must be precise and all employees must be provided with a copy of it in order for them to have clarity on their responsibilities; and
2. 8.3.2A copy of the job description signed by the employee and the Licensed Person must be held in the personal file of the employee.

1. 8.4.1The Licensed Person must segregate duties to ensure that no single employee has unlimited access to data or is responsible to carry out major tasks, especially in areas such as payment authorization, information access, reconciliations, cash management, etc.

1. 8.5.1The Licensed Person must rotate its employees at regular intervals among its different branches, among different sections within the same branch or within different roles in the same Department. However, this requirement is not applicable to the head of any function.

1. 8.6.1Succession Plan must be in place to ensure timely replacements of key personnel such as the Manager in Charge, Compliance Officer, Alternate Compliance Officer, Accountant, etc. immediately once such positions become vacant; and
2. 8.6.2The Succession Plan must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors).

1. 8.7.1The Licensed Person must have a Code of Conduct for its employees which must include the following at a minimum:
   1. a)Guidelines for acceptable behaviour;
   2. b)Require employees to comply with policies & procedures of the Licensed Person and all applicable Laws, Rules, Regulations, Notices and the Standards;
   3. c)Confidentiality;
   4. d)Conflict of interest;
   5. e)Disciplinary procedures; and
   6. f)Right to appeal.

Outsourcing is an arrangement whereby a third party performs a function as a whole or a part thereof, on behalf of the Licensed Person. This chapter provides standards in relation to outsourcing of functions considering its inherent vulnerabilities in relation to confidentiality, accessibility of information, etc.

1. 9.1.1The Licensed Person may outsource various functions, if necessary, with the exceptions under Paragraph 9.1.2 of this Chapter. The Licensed Person must fulfil the requirements of this Chapter at all times and also comply with any future Regulations in relation to outsourcing as and when issued by the Central Bank;
2. 9.1.2The Licensed Person is not permitted to outsource the following functions under any circumstances:
   1. a)AML compliance function with the exception of document retention to an external party. However, the Licensed Person is permitted to outsource specific AML compliance tasks (examples: Enhanced Due Diligence, AML/CFT Training, Framing AML/CFT Controls, System Support etc.) after obtaining the Letter of No Objection from the Banking Supervision Department; and
   2. b)Permitted Activities of the Licensed Person (examples: buying and selling of foreign currencies, acceptance/execution/disbursement of money transfers of customers, etc.).

1. 9.2.1The ultimate responsibility/accountability of an outsourced function remains with the Licensed Person and the Board of Directors (or with the Owner/Partners where there is no Board of Directors);
2. 9.2.2The Licensed Person must:
   1. a)ensure that it continues to satisfy all regulatory obligations with respect to an outsourced function;
   2. b)ensure that a dedicated employee, who is a subject matter expert, is appointed to manage the relationship between the Licensed Person and the Outsourcing Service Provider (i.e. “the Service Provider”) in the case of functions which are outsourced as per the conditions of this Chapter. Such dedicated employee may be allowed to manage the relationships for multiple outsourced functions provided that such multiple roles handled by the dedicated employee remains free from any conflict of interest;
   3. c)ensure that adequate mechanisms are implemented for monitoring the performance of the Service Provider;
   4. d)immediately inform the Banking Supervision Department of any material problems encountered with an outsourced function or the Service Provider; and
   5. e)continue to monitor the associated risks of outsourced functions and pay due attention to the security and effectiveness of internal controls implemented by the Service Provider to mitigate such risks.

1. 9.3.1The Licensed Person must have an outsourcing policy approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors); and
2. 9.3.2The outsourcing policy must cover the following aspects, at a minimum:
   1. a)Enhanced Due Diligence (EDD) process to be applied on the Service Provider;
   2. b)Responsibilities of the Licensed Person and the Board of Directors (or with the Owner/Partners where there is no Board of Directors) in relation to all outsourced functions;
   3. c)Annual risk assessment of outsourced functions;
   4. d)Control mechanisms to mitigate various outsourcing risks; and
   5. e)Requirement of a Service Level Agreement between the Licensed Person and the Service Provider.

1. 9.4.1The customer and transaction database must be held/stored within the UAE and held confidential at all times; and
2. 9.4.2The Licensed Person must have contractual rights to take legal action against the Service Provider in the event of breach of confidentiality.

1. 9.5.1The Licensed Person must ensure that the Central Bank and its Examiners have timely access to any information, that may be required to fulfil their responsibilities under the Regulations and the Standards, with respect to outsourced functions;
2. 9.5.2The Licensed Person must ensure that its Internal and External Auditors have timely access to any relevant information that they may be required to fulfil their responsibilities; and
3. 9.5.3Access must be given to the Central Bank and the Licensed Person’s Internal/External Auditors to conduct on-site reviews of outsourced functions at the Service Provider’s premises when it is necessary.

1. 9.6.1The Licensed Person must ensure that the Service Provider maintains and tests a plan to ensure the continuity of outsourced functions with a minimum disruption to the business in the event of unforeseen incidents;
2. 9.6.2The Licensed Person must maintain and regularly review a contingency plan to enable it to set-up alternative arrangements, with minimum disruption to the business, should the outsourcing contract suddenly be terminated or the Service Provider fails;
3. 9.6.3Such contingency plans must include various options, such as:
   1. a)the identification of alternative Service Providers;
   2. b)plans to in-source the outsourced functions; and
   3. c)any other practical interim arrangements.

1. 9.7.1The Licensed Person must have a Service Level Agreement with the Service Provider for each function to be outsourced;
2. 9.7.2This agreement must address the issues identified below, at a minimum:
   1. a)Details of functions and activities to be outsourced;
   2. b)Responsibilities, contractual liabilities and obligations of the Service Provider and the Licensed Person;
   3. c)Reporting of issues and escalation mechanism;
   4. d)Mechanisms for monitoring and assessing the performance of the Service Provider;
   5. e)Designated persons for maintaining the relationship between both parties;
   6. f)Confidentiality of customer data and related conditions;
   7. g)Disputes resolution arrangements;
   8. h)Access to information;
   9. i)Business continuity in case the Service Provider temporarily or permanently fails to provide service; and
   10. j)Termination clause.

1. 9.8.1Termination of the agreement by the Service Provider under any circumstances must be permitted only under a sufficient notice period within which the Licensed Person is able to identify another Service Provider or to in-source the function;
2. 9.8.2The Licensed Person must retain the right to terminate the Service Level Agreement without any notice period under the following conditions:
   1. a)The Service Provider fails to provide quality services as agreed;
   2. b)The Service Provider is in breach of any sanction laws or any other applicable laws;
   3. c)Ownership of the Service Provider changes that has an impact on the interest of the Licensed Person or has a conflict of interest with the Licensed Person; and
   4. d)The Service Provider becomes insolvent or bankrupt or is under liquidation.
3. 9.8.3The Service Level Agreement must provide for the return of all customer data to the Licensed Person in the event of the termination of such agreement without retaining any copies.

1. 9.9.1The Licensed Person must obtain a Letter of No Objection from the Banking Supervision Department in order to outsource specific tasks of the AML Compliance function as mentioned under Paragraph 9.1.2 (a) of this Chapter; and
2. 9.9.2The request for the Letter of No Objection must:
   1. a)be submitted to the Banking Supervision Department in writing and at least thirty (30) calendar days before the effective date of outsourcing the function; and
   2. b)be accompanied by the following documents:
      • •the profile of the Service Provider;
      • •a draft of the service level agreement between both parties;
      • •a confirmation letter signed by the Authorized Signatory of the Licensed Person stating that an Enhanced Due Diligence Process has been applied on the Service Provider; and
      • •a confirmation letter signed by the Owner/Partners/shareholders of the Licensed Person stating that ultimate responsibility/accountability of the outsourced function remains with the Licensed Person and the Board of Directors (or with the Owner/Partners where there is no Board of Directors).

Risk management refers to the practice of identifying potential risks in advance to measure, evaluate, record, mitigate and monitor risks in order to reduce the impact of such risks on the business of a Licensed Person. The Risk Management function must recognize the range of risks associated with the business and must mitigate them effectively. This chapter provides standards regarding an effective Risk Management Framework to be implemented by a Licensed Person.

1. 10.1.1The ultimate responsibility for the formulation and implementation of an effective risk management framework lies with the Board of Directors (or with the Owner/Partners where there is no Board of Directors);
2. 10.1.2The Licensed Person must maintain a Risk Management Policy approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors);
3. 10.1.3The Licensed Person must designate a Risk Officer who must be given the overall responsibility of the risk management function;
4. 10.1.4Depending on the nature, size and complexity of the business, the Licensed Person may appoint a dedicated Risk Officer or combine this role with another suitable function subject to the conditions under Paragraphs 7.2.4 (a) of Chapter 7, 16.4.7 (a) and 16.5.1 (g) of Chapter 16; and
5. 10.1.5The Risk Management Policy must be reviewed annually and updated if necessary.

1. 10.2.1The Risk Register is the record where the results of risk analysis, whether qualitative or quantitative, are logged including the mitigating measures and risk ownerships;
2. 10.2.2The Licensed Person must maintain a risk register in the appropriate format with the following information at a minimum:
   1. a)Risk Item;
   2. b)Description of Risk Item;
   3. c)Probability/ Likelihood;
   4. d)Impact/ Consequence;
   5. e)Risk Ranking;
   6. f)Mitigation Measures;
   7. g)Contingency Plan;
   8. h)Risk Ownership; and
   9. i)Deadlines for implementing mitigating measures.
3. 10.2.3The Risk Register must be reviewed at least quarterly to ensure that it is updated with upcoming, relevant risks and appropriate mitigating measures; and
4. 10.2.4Periodical reports on actions initiated to mitigate various risks must be submitted to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).

The risk management function at the Licensed Person must identify, evaluate, mitigate and monitor the following risks at a minimum:

1. 10.3.1Operational Risk
   1. a)Operational risk is defined as the risk of loss, resulting from inadequate or failed processes, people and systems or from external events.
2. 10.3.2Market Risk (Currency Rate Risk)
   1. a)Market risk is the risk that the value of an asset may decrease due to movements of market factors;
   2. b)The most important type of market risk for a Licensed Person is the risk of fluctuation in the foreign currency rates; and
   3. c)The Licensed Person must ensure that all market forces are continuously evaluated for prudent management of market risk.
3. 10.3.3Counterparty Risk
   1. a)The risk that the other party to an agreement may default is the counterparty risk. The Licensed Person must identify, measure, monitor and control counterparty risk prior to establishing the business relationship; and
   2. b)Exposure limits assigned to counterparties must be continuously monitored.
4. 10.3.4Compliance Risk
   1. a)Compliance risk is the exposure to legal penalties, financial penalties and material losses that the Licensed Person faces when it fails to act in accordance with applicable Laws, Rules, Regulations, Notices and the Standards.
5. 10.3.5Reputational Risk
   1. a)Reputational risk is the risk of loss, resulting from damages to a Licensed Person’s reputation, such as loss of revenue or increased operating, capital or regulatory costs; and
   2. b)Reputational risk includes the risk to the country’s image resulting from unacceptable business practices of the Licensed Person.
6. 10.3.6Security Risk
   1. a)Information security risk is caused by unauthorized access to the information or systems which can result in unauthorized use of such information or systems; and
   2. b)A Licensed Person must refer to Chapter 13 on General Security and Chapter 14 on Information Security for illustrative mitigating measures.
7. 10.3.7Money Laundering/Terrorist Financing Risk
   1. a)Money laundering risk is the risk of the Licensed Person being involved in, whether deliberately or not, transforming the proceeds of a crime into apparently legitimate money or other assets. The risk on account of financing terrorism, directly or indirectly, is also included here; and
   2. b)Licensed Persons must refer to Chapter 16 on AML/CFT Compliance to understand the expectations of the Central Bank regarding measures to be implemented in order to prevent money laundering and to combat terrorist financing.

Fraud is a major challenge that the Licensed Person faces in its day to day operations. Fraud is an intentional deception for unfair or unlawful personal gain. Fraud is not always limited to obtaining cash and tangible benefits. This chapter outlines the minimum requirements of an Anti-Fraud Framework that every Licensed Person must introduce to prevent, detect, investigate and respond to fraud incidents.

1. 11.1.1Frauds are broadly classified into Internal and External Frauds which are defined below:
   1. a)Fraud carried out by individual(s) employed by the Licensed Person is called Internal Fraud; and
   2. b)Fraud committed by an external party against the business of the Licensed Person is referred to as External Fraud.
2. 11.1.2Fraud normally includes the following acts, although the list is not exhaustive:
   1. a)Misappropriation;
   2. b)Misrepresentation:
      • •Misrepresentation of Financial Statements; and
      • •Misrepresentation of Non-Financial Statements.
   3. c)Corruption:
      • •Bribery; and
      • •Illegal gratuities.
   4. d)Misconduct:
      • •Breach of internal policies and procedures; and
      • •Breach of applicable Laws, Rules, Regulations, Notices and the Standards.
   5. e)Any other deliberate deception for unlawful personal gain.
3. 11.1.3Throughout this chapter, the terminology “Fraud” includes all types of frauds mentioned under Paragraphs 11.1.1 and 11.1.2 of this Chapter.

1. 11.2.1The Licensed Person must implement an appropriate Anti-Fraud Framework in order to prevent, detect, investigate and respond to fraud incidents; and
2. 11.2.2The following are the four basic elements that must be included in the Anti-Fraud Framework at a minimum, depending on the nature, size and complexity of the Licensed Person:

1. 11.3.1The Manager in Charge and the Board of Directors (or the Owner/Partners where there is no Board of Directors) of the Licensed Person have the overall responsibility to create a culture of zero tolerance to fraud and to oversee the implementation of the Anti-Fraud Framework;
2. 11.3.2The Licensed Person must appoint or designate a Fraud Prevention Officer who must be responsible to design, implement and manage an appropriate Anti-Fraud Framework;
3. 11.3.3Depending on the nature, size and complexity of the business, the Licensed Person may appoint a dedicated Fraud Prevention Officer or combine this role with another suitable function subject to the conditions under Paragraphs 7.2.4 (a) of Chapter 7, 16.4.7 (a) and 16.5.1 (g) of Chapter 16;
4. 11.3.4The Licensed Person’s recruitment process must fulfil the requirements of Paragraph 8.2 of Chapter 8 at a minimum;
5. 11.3.5Fraud investigations must be undertaken by a team that includes the Fraud Prevention Officer, Internal Auditor and the concerned functional head at a minimum. The Licensed Person must ensure that a person, who is suspected in relation to a fraud incident, is not involved in the investigation. The investigation report must be submitted to the Board of Directors (or to the Owner/Partners where there is no Board of Directors);
6. 11.3.6The Licensed Person must consult the legal advisors (internal or external) before, during or after the investigation for guidance on civil and criminal proceedings and recovery of losses;
7. 11.3.7The Human Resources Department of the Licensed Person must take disciplinary action against employees who are involved in perpetrating internal fraud;
8. 11.3.8The Internal Auditor is responsible for:
   1. a)conducting Fraud Risk Assessments jointly with the Fraud Prevention Officer on an annual basis and submit the report to the Board of Directors (or to the Owner/Partners where there is no Board of Directors);
   2. b)reviewing the adequacy of related policies and procedures;
   3. c)confirming the availability of insurance cover to protect the interest of the Licensed Person;
   4. d)confirming the recruitment process is in line with Paragraph 8.2 of Chapter 8;
   5. e)confirming that appropriate anti-fraud trainings are given to employees; and
   6. f)confirming that fraud incidents are appropriately reported in accordance with Paragraph 11.4 of this Chapter.

1. 11.4.1All fraud incidents must immediately be reported to:
   1. a)the police authorities for investigation;
   2. b)the FID via the STR system in the form of a fraud report; and
   3. c)the Banking Supervision Department by using the “Fraud Incident Reporting (FIR) Form” (Refer to Appendix 5 for FIR Form) if the amount of loss is equal to or above AED 100,000.
2. 11.4.2Fraud incidents must be reported to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) immediately when the amount of loss is equal to or above AED 50,000. A summary of other fraud incidents must be sent to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) on a monthly basis, at a minimum.

1. 11.5.1The Licensed Person must ensure that:
   1. a)appropriate and documented anti-fraud training is provided to all employees;
   2. b)two such trainings are provided to employees during the first year of their employment and annual training is given thereafter;
   3. c)training is provided to prevent fraud incidents from taking place at the Licensed Person’s business;
   4. d)training covers fraud typologies, fraud detection, fraud prevention, the Licensed Person’s policies/procedures and reporting procedures at a minimum; and
   5. e)employees are assessed annually to test their understanding of fraud prevention measures.
2. 11.5.2Anti-fraud training may be in-house, external/outsourced, web based or a combination of all these.

1. 11.6.1The Licensed Person must maintain appropriate register to record the following information about fraud incidents and this register must be available for the verification by the Central Bank Examiners during an examination:
   1. a)Date of fraud incident;
   2. b)Brief description of the fraud incident;
   3. c)Parties involved;
   4. d)Amount of loss;
   5. e)Was the loss covered by insurance or not?
   6. f)Date of reporting to the police, FID and the Banking Supervision Department;
   7. g)Other actions taken; and
   8. h)Disciplinary actions taken, if applicable.
2. 11.6.2A review of Fraud Incident Register must be carried out at the end of every financial year to identify the anti-fraud training needs of employees for the following year.

Counterfeit money is an imitation currency produced without any legal sanction of the Government. Producing, circulating or using counterfeit money is a form of fraud/forgery and is a criminal offence. This chapter provides the minimum standards that every Licensed Person must implement to detect counterfeit currencies and report such incidents to the competent authorities.

1. 12.1.1The Licensed Person must introduce robust procedures to detect counterfeit currencies and report such incidents to the competent authorities. Such procedures must include the following at a minimum:
   1. a)Methods of undertaking checks to detect counterfeit currencies;
   2. b)Usage of devices for checking currencies;
   3. c)Internal reporting procedures for counterfeit incidents;
   4. d)External reporting procedures (for reporting counterfeit incidents to the competent authorities such as police and to the Central Bank);
   5. e)Maintain appropriate registers to record counterfeit incidents; and
   6. f)Provide counterfeit detection training to relevant employees.
2. 12.1.2The counterfeit currency procedures must be approved by the Manager in Charge; and
3. 12.1.3The effectiveness of the counterfeit procedures must be reviewed at the end of every financial year and then the procedures must be updated if necessary.

1. 12.2.1Each licensed premises must have counterfeit detection machines and ultraviolet lamps (i.e. UV lamps);
2. 12.2.2Counterfeit detection machines must be programed to check five (5) major currencies, at a minimum, including the local currency; and
3. 12.2.3The software programs of such machines must be regularly updated in order to ensure the effectiveness of the counterfeit detection process.

1. 12.3.1The Licensed Person must ensure that:
   1. a)properly documented periodical training is provided to all employees handling cash;
   2. b)training is provided to detect counterfeits, both in local as well as in foreign currencies;
   3. c)the training material covers complete counterfeit detection procedures, internal/external reporting procedures and identification features of relevant currencies that the Licensed Person may usually buy or sell across its branches;
   4. d)two such trainings are provided to employees during the first year of their employment and annual training is given thereafter; and
   5. e)identification features of newly introduced currencies, whether local or foreign, must be communicated immediately to all relevant employees.
2. 12.3.2Counterfeit identification training may be in-house, external/outsourced, web based or a combination of all these;

1. 12.4.1The Licensed Person must ensure that:
   1. a)all counterfeit incidents are reported to the police authorities of the respective Emirate where the incident has occurred;
   2. b)all counterfeit currency cases are reported to the FID as a fraud case via the STR reporting system;
   3. c)all local currency counterfeit incidents, irrespective of the value of counterfeits, must be immediately reported to the Banking Supervision Department using the “Counterfeit Incident Reporting (CIR) Form” (Refer to Appendix 5 for CIR Form); and
   4. d)foreign currency counterfeit incidents, where the total value of counterfeits in a single transaction or multiple transactions by the same person is equal to or above AED 36,000, must be reported immediately to the Banking Supervision Department using CIR Form (Refer to Appendix 5 for this Form).

1. 12.5.1The Licensed Person must ensure that:
   1. a)an appropriate register is maintained to log full details of every counterfeit currency incident; and
   2. b)a review of such Counterfeit Currency Register is carried out at the end of every financial year to identify the training needs of employees for the following year.

1. 12.6.1The scope of internal audit must include the effectiveness of counterfeit detection, reporting and training procedures.

Security is an important aspect of Exchange Business and Licensed Persons must comply with below security standards at a minimum. Depending upon the nature, size and complexity of the business and the level of risk, the Licensed Person must introduce additional security measures wherever necessary. Further, the Licensed Person must ensure that it complies with all security requirements of the police or other competent authorities in the respective Emirate.

1. 13.1.1The main door of the licensed premises must be well protected by appropriate metal shutters during closing hours;
2. 13.1.2Where there are difficulties to use metal shutters as required under Paragraph 13.1.1 of this Chapter due to unavoidable leasing conditions (example: licensed premises inside an Airport or a Shopping Mall), the Licensed Person must introduce appropriate additional security measures to protect its assets; and
3. 13.1.3Other external doors of the licensed premises must be protected with metal shutters.

1. 13.2.1Panic alarm systems and intrusion detection systems must be in place;
2. 13.2.2Both panic alarm and intrusion detection systems must comply with all requirements of the police or any other competent authorities of the respective Emirate, at a minimum;
3. 13.2.3Kick bars and/or hold up buttons for the panic alarm systems must be available throughout the cashier/teller areas, office room of the Manager in Charge and other back offices;
4. 13.2.4Panic alarm systems and intrusion detection systems must be tested at regular intervals, at least once in a year; and
5. 13.2.5The panic alarm systems and intrusion detection systems must be under an Annual Maintenance Contract from a recognised service provider in the respective Emirate.

1. 13.3.1Cash, other than the amount required by tellers during working hours, must be held in the Safe/Vault;
2. 13.3.2The Safe/Vault must be firmly secured on a solid floor;
3. 13.3.3The Safe/Vault must always be kept out of sight of customers or general public;
4. 13.3.4The Safe/Vault must be held/operated under joint custody of two people (i.e. under dual control) at all times, preferably, with one key and a code/biometric lock;
5. 13.3.5Cash movements outside the licensed premises must be carried out through an approved Cash In Transit (CIT) agent;
6. 13.3.6Customers, strangers or other outside parties must not be given access inside the teller areas, cash room where the banknotes are sorted/counted, Safe/Vault room and other back offices, etc. without having an appropriate justification; and
7. 13.3.7Appropriate registers must be maintained to log the details of visitors who access teller areas, the cash room, Safe/Vault room and back offices.

1. 13.4.1Licensed premises must be under CCTV monitoring at all times. The CCTV system and cameras must meet requirements of the police or other competent authorities of the respective Emirate;
2. 13.4.2CCTV recordings of immediately preceding ninety (90) calendar days must be available in the system, at a minimum. If the police or other competent authorities of the respective Emirate require more than ninety (90) calendar days of CCTV recordings, then the Licensed Person must comply with such requirements;
3. 13.4.3CCTV cameras must cover, at a minimum:
   1. a)All entrances and exits;
   2. b)Customer service areas, such as reception, service counter, visitors’ sitting area, etc.;
   3. c)Cashier areas or cash room where the banknotes are sorted, counted and packed; and
   4. d)Safe/Vault area.
4. 13.4.4A notice that “Premises Under Continuous CCTV Monitoring” must be displayed outside the licensed premises (i.e. on or closer to the main entrance) in addition to the customer service area;
5. 13.4.5The CCTV system must be checked daily to confirm that it is properly recording before the opening as well as the closing of business hours and the results of such checks must be logged in a separate register; and
6. 13.4.6The CCTV system must be under an Annual Maintenance Contract from a recognised service provider of the respective Emirate.

1. 13.5.1The Licensed Person must at all times be fully covered by a valid insurance policy issued by an insurance company licensed within the UAE. The following insurance cover must be available, at a minimum:
   1. a)Various risks related to internal and external frauds (i.e. Bankers Blanket Bond Insurance/Crime Insurance). Employees infidelity/dishonesty, counterfeit incidents, theft and allied risks must be adequately covered including the cash in the Safe/Vault, cash with the teller and cash in transit;
   2. b)Electronic/Computer Crimes (ECC) and Cyber Crimes;
   3. c)Electronic Equipment;
   4. d)Fire, theft and other allied risks; and
   5. e)Third party liabilities.

1. 13.6.1The Licensed Person must set branch wise daily limits for the total value of remittances that can be executed via an instant money transfer service provider;
2. 13.6.2Such daily limits must be set in each instant money transfer application/system based on the expected daily activity of each branch of the Licensed Person;
3. 13.6.3There must be a written procedure to increase such daily limits to meet the growing business requirements of each branch by introducing an escalation process seeking the approval of the Manager in Charge in such occasions;
4. 13.6.4The daily limits must be reviewed on a regular basis to ensure that such limits are not disproportionately higher than the expected daily activity of each branch; and
5. 13.6.5Internal Auditor must verify and confirm that the set daily limits are appropriate to the size of the business of each branch of the Licensed Person.

Computer systems are used by Licensed Persons to process large numbers of transactions and provide quality service to its customers. While efficiency of processing transactions is the main objective of computerizing operations of a Licensed Person, the security of customer information and related transaction data is vital. Licensed Persons must not compromise in introducing information security measures appropriate to the complexity and size of their business. This Chapter contains a few illustrative (but not exhaustive) security measures which all Licensed Persons must implement at a minimum at all times. Additional measures must be introduced depending on the size and the complexity of the business and considering the results of penetration tests and IT audits by external experts.

1. 14.1.1Independent email exchange systems must be in use for all official communications by the Licensed Person and its employees. Public emails (example: Yahoo, Gmail, etc.) must not be used under any circumstances;
2. 14.1.2The Licensed Person must have a dedicated email ID styled cbuae@abcexchange.com or cbuae@abcexchange.ae for communicating with the Central Bank. The Central Bank will restrict sending or receiving communications only to/from such designated emails IDs;
3. 14.1.3The Licensed Person must inform their designated email ID to the Banking Supervision Department in writing under the signature of its authorized signatory; and
4. 14.1.4Employees must be prohibited from using office computer systems for accessing private emails, social networking sites or websites that are not related to the business, (example: Yahoo, Gmail, Hotmail, Facebook, etc.).

1. 14.2.1An Information security policy must be implemented prescribing controls on usage of emails, internet browsing, passwords, workstations, data communication, network security, etc.;
2. 14.2.2The Information security policy must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors) and must be communicated to all employees and obtain their acknowledgement; and
3. 14.2.3Information security policy must be reviewed annually at a minimum.

1. 14.3.1All User IDs in the Point of Sale system, email and computer systems must be created only by the designated IT person;
2. 14.3.2A Separate user ID must be created for each employee and users shall not be allowed to share their User IDs in order to preserve the segregation of duties;
3. 14.3.3“Administrator rights” must be restricted only to authorized IT persons and must be restricted in number;
4. 14.3.4User names of employees who resign must be de-activated immediately upon them leaving the Licensed Person;
5. 14.3.5Emails of an employee, who has resigned, may be diverted to another employee, if necessary, with the special approval of the Manager in Charge and this must be covered in the IT policy; and
6. 14.3.6Privileges assigned to the users must be reviewed at regular intervals and ensure the timely removal of unnecessary privileges.

1. 14.4.1Work stations and all applications must have appropriate and needs based access controls with user names and passwords;
2. 14.4.2The password must be of sufficient length, preferably eight digits or above, and must be alpha numeric with special characters;
3. 14.4.3Mandatory “Password Change” settings must be activated in all systems and applications. The password change for normal users must be at least once in ninety (90) calendar days and thirty (30) calendar days in the case of Administrators; and
4. 14.4.4“Auto Password Save” option must not be activated on any PC or in any work stations or for any applications.

1. 14.5.1Where the data is shared outside of own network or when the data is related to any card transactions, the Licensed Person must use stronger encryption techniques to suitably encrypt such data;
2. 14.5.2The customer and transaction database must be held/stored within the UAE;
3. 14.5.3Outside parties must not be given access to the customer/transaction database which must be held completely proprietary at all times. Restricted access may be given to the IT service provider, in case the IT function is outsourced, to carry out maintenance of computer hardware, network or applications;
4. 14.5.4Appropriate policies must be introduced for the back-up and off-site storage of back-up data of all enterprise servers, databases, network servers and system software;
5. 14.5.5The Licensed Person must have a procedure for the back-up of systems that may include details of back-up frequency, information to be backed-up, storage media, back-up retention period, recirculation of the media and periodical testing of the back-up copies for data availability; and
6. 14.5.6Disaster Recovery (DR) drills must be conducted at regular intervals to ensure that the DR set-up is functional.

1. 14.6.1All computer systems including servers, work stations, personal computers (PCs), laptops and other handheld devices must have appropriate anti-virus solutions to prevent information loss due to viruses, Trojans, worms and bots;
2. 14.6.2Anti-virus solutions on all computer systems must be updated automatically;
3. 14.6.3Daily automated antivirus scanning must be activated for every computer system and at the network level;
4. 14.6.4Anti-virus configuration settings must be comprehensive and robust to prevent vulnerabilities from all external interferences, malicious attacks and intrusions;
5. 14.6.5Antivirus scanning must be undertaken automatically at regular intervals;
6. 14.6.6All incoming and outgoing emails with files attached must be auto screened before the mail reaches the end user mail box. In case of doubt, the system must block such emails and automatically notify the IT team to carry out further investigation; and
7. 14.6.7Users must not be given privileges to alter the settings of the antivirus solutions.

1. 14.7.1All employees must be given training related to Information Security and a copy of the Information Security Policy at the time of joining;
2. 14.7.2Refresher training must be given annually at a minimum;
3. 14.7.3Employees of the Information Security Department must be provided with specialized annual training to remain updated with recent trends, threats and required controls in information security; and
4. 14.7.4The training plan, training registers, training materials, etc. must be held in the records for verification by the Central Bank.

1. 14.8.1All changes to the hardware, software, applications, databases, configuration, etc. must be subject to the formal change control procedures;
2. 14.8.2Changes to the application systems must be carried out only in accordance with approved change request process and subject to a formal risk assessment process; and
3. 14.8.3All changes must be tested under all possible scenarios before adding them into production.

1. 14.9.1The Licensed Person must conduct internal and external vulnerability scanning and penetration tests on the network and systems on an annual basis at a minimum and take appropriate mitigating actions in order to address the issues identified during such tests; and
2. 14.9.2The strength of the information security controls and IT Security controls must be audited by external experts at regular intervals, annually at a minimum, depending on the nature, size and complexity of the business.

1. 14.10.1The privilege to download software (licensed and not free or pirated software) must be given only to the designated IT person. Users of computers must not be allowed to download any software to computers;
2. 14.10.2The “Auto-logout” feature must be activated for all applications related to the business of the Licensed Person when they are not in use;
3. 14.10.3The “Auto-lock” feature must be available by using a screen saver password on all work stations or operating systems when they are not in use;
4. 14.10.4Appropriate Firewall systems and protection must be available for PCs, Servers, Operating Systems, Database and network equipment;
5. 14.10.5All the Operating systems, server machines, hardware equipment, system software, applications, utility programs, anti-virus programs must be licensed by the respective vendor at all times along with valid agreements;
6. 14.10.6The Licensed Person must review all warning notices issued by the Central Bank on cyber threats and take necessary actions immediately to ensure adequate protection to its computer systems against such threats; and
7. 14.10.7Cyber fraud/crime incidents must be immediately reported to the Banking Supervision Department and police authorities.

Business Continuity Management is to ensure timely resumption of the Licensed Person’s business in the event of a disruption by minimising the consequential damages. The Licensed Person must implement appropriate Business Continuity Management and comply with the following standards at a minimum.

1. 15.1.1The Licensed Person must identify, define and analyse all types of risk that may result in a business disruption and assess the impact thereof; and
2. 15.1.2The Licensed Person must implement an appropriate Business Continuity Plan to ensure the continuity of the business during a disruption.

1. 15.2.1Business Continuity Plan must include:
   1. a)Identification and assessment of potential crises, disasters and risks including their impact on the business;
   2. b)Ways and means to deal with such crises, disasters and risks;
   3. c)Plans to provide protection to the Licensed Person and its employees in case of unforeseen disasters;
   4. d)Plans to avoid suspension of operations or plans to minimize the period of suspension of operations to minimise losses;
   5. e)Tools and processes for storing sensitive information and the recovery thereof to avoid loss of information during the occurrence of disasters; and
   6. f)Guidelines to contact relevant authorities and partners (i.e. the Central Bank, foreign correspondents, etc.) to inform them about the disaster and suspension of operations, if necessary.
2. 15.2.2The Licensed Person must follow the below standards while implementing the Business Continuity Plan:
   1. a)A sufficient number of experienced employees must be available for the purpose of recovery and resumption of the business;
   2. b)Roles, responsibilities and powers of employees in relation to the Business Continuity Plan must be clearly defined;
   3. c)Resumption priorities must be clearly agreed and documented; and
   4. d)Appropriate training must be provided to employees for the effective implementation of the Business Continuity Plan.

1. 15.3.1Testing of the Business Continuity Plan must be undertaken at regular intervals in order to assess the capability of the Licensed Person to resume business after a disruption;
2. 15.3.2Accordingly, the Licensed Person must:
   1. a)Test the Business Continuity Plan at least annually;
   2. b)Testing must also be undertaken considering any key changes in the business model, products, systems and relevant infrastructure; and
   3. c)Testing details and results must be documented for verification by the Central Bank Examiners during an examination.
3. 15.3.3Testing results must be reviewed by the Manager in Charge and by the Board of Directors (or by the Owner/Partners where there is no Board of Directors); and
4. 15.3.4The Business Continuity Plan must be reviewed and updated based on the results of such testing.

Global efforts to prevent the abuse of financial systems to launder money or finance terrorist activities is extremely important. This chapter provides standards that every Licensed Person must follow at all times in order to protect the Licensed Person from abuse by money launderers and/or terrorist financiers. The Licensed Person must ensure that its Anti-Money Laundering and Combating Financing of Terrorism (AML/CFT) Compliance is in line with applicable Laws and Regulations of the UAE regarding Criminalization of Money Laundering (“AML/CFT Laws and Regulations”).

1. 16.1.1The Licensed Person must carefully design, document and effectively implement its compliance program based on standards under Paragraphs 16.2 to 16.30 of this Chapter at a minimum; and
2. 16.1.2The Licensed Person must implement additional AML/CFT procedures, systems, controls and measures as appropriate to the risk profile of its business.

1. 16.2.1The Licensed Person must identify, assess and understand the money laundering and financing of terrorism (ML/FT) risks associated with its business on a regular basis;
2. 16.2.2The Licensed Person must implement a ML/FT risk assessment methodology as appropriate to the nature, size and complexity of its business;
3. 16.2.3Money laundering and terrorist financing risks associated with the following parameters of the Licensed Person must be assessed at a minimum:
   1. a)Customer Risk;
   2. b)Counterparty Risk (i.e. foreign correspondent banks, financial institutions, agents, etc.);
   3. c)Product Risk;
   4. d)Jurisdictional Risk or Country Risk; and
   5. e)Delivery Channel Risk or Interface Risk.
4. 16.2.4The Licensed Person must identify and assess ML/FT risks based on additional parameters that may be relevant to the nature, size and complexity of its business before entering into any business relationships;
5. 16.2.5In assessing ML/FT risks, the Licensed Person must have the following in place:
   1. a)Documented risk assessment methodology, process and findings;
   2. b)Determine the level of overall risk, acceptable level of risk and mitigating measures to be applied to minimise the impact of risks;
   3. c)Keep risk assessments up-to-date through periodic reviews; and
   4. d)Establish appropriate mechanisms to provide information on risk assessments to the Central Bank and to Examiners, whenever required.
6. 16.2.6The Licensed Person should also be guided by the results of the National Risk Assessment in conducting its own ML/FT risk assessments which will be issued by the competent authority in the UAE in future; and
7. 16.2.7The Licensed Person must identify and assess the ML/FT risks that may arise in relation to the development of new products and services including new delivery mechanisms and the use of new or developing technologies for both new and existing products, as follows:
   1. a)Undertake the risk assessment prior to the launch or use of such products, services and technologies;
   2. b)Take appropriate measures to manage and mitigate risks;
   3. c)Notify the Banking Supervision Department of the product and its risks, risk mitigation measures; and
   4. d)Obtain a Letter of No Objection from the Banking Supervision Department prior to launching the product.

1. 16.3.1The Licensed Person must introduce a comprehensive and documented AML/CFT Policy, based on its ML/FT risk assessment in accordance with Paragraph 16.2 of this Chapter, which must be the foundation of its compliance function;
2. 16.3.2The AML/CFT Policy must clearly define the roles and responsibilities of the Manager in Charge, Compliance Officers, Compliance Committee and employees in relation to AML/CFT compliance. The AML/CFT Policy must also provide for regular and timely reporting to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) regarding ML/FT risks and the culture/values to be adopted within the business of the Licensed Person to prevent money laundering, terrorist financing and related crimes;
3. 16.3.3The AML/CFT Policy must affirm the roles and responsibilities of the Board of Directors (if any) and of the Owner/Partners/Shareholders in relation to implementing a robust compliance program across the business of the Licensed Person;
4. 16.3.4Effective AML/CFT Procedures must also be implemented for employees to follow while they carry out their day to day responsibilities in order to ensure that ML/FT risks are mitigated in the day to day operations of the Licensed Person;
5. 16.3.5The AML/CFT Policy and Procedures must be based on the UAE’s existing AML/CFT Laws, Regulations, Notices and the Standards as well as international best practices and guidance notes from the FATF, MENAFATF, EGMONT Group and other similar bodies;
6. 16.3.6The AML/CFT Policy and Procedures must be approved by the Manager in Charge, the Compliance Officer and by the Board of Directors (or by the Owner/Partners where there is no Board of Directors);
7. 16.3.7The AML/CFT Policy and Procedures must be reviewed and updated, annually at a minimum, to make it consistent with all applicable Laws, Regulations, Notices, the Standards and other international best practices and to make it effective in mitigating the existing as well as emerging ML/FT risks;
8. 16.3.8Copies of the AML/CFT Policy and Procedures must be held in all licensed premises and must be accessible to all employees at all times; and
9. 16.3.9The AML/CFT Policy and Procedures must be circulated among all employees upon the completion of periodical reviews.

1. 16.4.1The Licensed Person must appoint a Compliance Officer who must be given the specific responsibility of managing its AML/CFT compliance function;
2. 16.4.2The Compliance Officer of the Licensed Person must:
   1. a)be a member of Senior Management;
   2. b)report directly to the Board of Directors (or to the Owner/Partners where there is no Board of Directors);
   3. c)be provided with sufficient resources including time, systems, tools and support staff depending on the nature, size and complexity of its business; and
   4. d)be provided with unrestricted access to all information related to products or services, business partners, correspondent agents, remittance partners, customers and transactions.
3. 16.4.3The following are some of the major responsibilities of the Compliance Officer (the list is not exhaustive):
   1. a)Design an appropriate AML/CFT compliance program for the Licensed Person to remain compliant with applicable AML/CFT Laws, Regulations, Notices, the Standards and international best practice at all times;
   2. b)Establish and maintain appropriate AML/CFT policies, procedures, processes and controls;
   3. c)Ensure day-to-day compliance of the business against internal AML/CFT policies and procedures;
   4. d)Act as the key contact point regarding all AML/CFT related matters/ queries from the Central Bank and any other competent authorities;
   5. e)Receive suspicious transaction alerts from employees and analyze them to take appropriate decisions to report all suspicious cases to the FID;
   6. f)On-going monitoring of transactions to identify high-risk, unusual and suspicious customers/transactions;
   7. g)Submit Suspicious Transaction Reports to the FID in a timely manner;
   8. h)Cooperate with and provide the FID with all information it requires for fulfilling their obligations;
   9. i)Develop and execute AML/CFT training programs considering all relevant risks of ML/FT and financing illicit organizations including the ways/means for addressing them;
   10. j)Provide necessary reports to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) on all AML/CFT issues, on a quarterly basis at a minimum;
   11. k)Arrange to retain all necessary supporting documents for transactions, KYC, monitoring, suspicious transaction reporting and AML training for the minimum period for record retention as per Paragraph 16.24 of this Chapter;
   12. l)Conduct regular gap analysis between the Licensed Person’s existing AML/CFT Procedures and current Laws, Regulations, Notices and the Standards of the UAE in order to determine the extent of the Licensed Person’s level of compliance;
   13. m)Propose actions required to address gaps, if any; and
   14. n)Prepare Bi-Annual Compliance Reports in accordance with Paragraph 16.25 of this Chapter.
4. 16.4.4The Compliance Officer must have the following qualifications and experience at a minimum:
   1. a)If the Licensed Person is in possession of a Category A License:
      • •A minimum of three (3) years of experience in AML/CFT compliance, audit or risk management within any financial institution(s).
   2. b)If the Licensed Person is in possession of either a Category B or Category C License:
      • •A minimum of eight (8) years of experience in AML/CFT compliance, audit or risk management within any financial institution(s); or
      • •A minimum of five (5) years of experience in AML/CFT compliance, audit or risk management within any financial institution(s) and possess a specific certification related to AML/CFT compliance.
   3. c)Examples of specific certifications related to AML/CFT compliance includes ACFCS, CFE, ICA Diplomas, CAMS or any other certification associated with financial crime control or AML/CFT compliance which is acceptable to the Central Bank; and
   4. d)The Compliance Officer, in all above cases, must possess sound knowledge of all applicable AML/CFT Laws, Regulations, Notices, the Standards and other relevant international best practices.
5. 16.4.5Grace Period to comply with Paragraph 16.4.4 of this Chapter:
   1. a)A Licensed Person, who has obtained the license to carry out Exchange Business prior to the date of issuing the Standards, must comply with the requirements of Paragraph 16.4.4 of this Chapter on or before 31^st December 2018; and
   2. b)Regardless of the grace period under Paragraph 16.4.5 (a) of this Chapter, the Central Bank reserves the right to instruct any Licensed Person to comply with the requirements of Paragraph 16.4.4 of this Chapter at any time prior to 31^st December 2018, if it deems it necessary.
6. 16.4.6Employment Type and Residential Status of the Compliance Officer:
   1. a)The Compliance Officer must be a full time employee of the Licensed Person;
   2. b)The Compliance Officer must not engage in any part time employment or act as a consultant outside the business of the Licensed Person;
   3. c)The Compliance Officer must be a resident in the UAE; and
   4. d)A foreign national must be under the employment visa of the Licensed Person when employed as a Compliance Officer.
7. 16.4.7Conflict of Interest in Multiple Roles:
   1. a)The role of Compliance Officer must not be combined with any other functions of the Licensed Person.
8. 16.4.8Reporting Lines and Independence:
   1. a)The Compliance Officer must directly report to the Board of Directors (or to the Owner/Partners where there is no Board of Directors); and
   2. b)The Compliance Officer must have authority to act without any interference from the Manager in Charge or other employees of the Licensed Person.
9. 16.4.9Prior Approval for Appointment:
   1. a)A Letter of No Objection must be obtained for appointing a Compliance Officer by submitting the following documents to the Banking Supervision Department:
      • •Letter from the authorized signatory of the Licensed Person seeking the Letter of No Objection from the Central Bank;
      • •Duly completed APA Form (Refer to Appendix 5 for this Form) along with all required supporting documents; and
      • •Undertaking letter from an authorized signatory of the Licensed Person confirming the binding commitment of the Compliance Officer and the Licensed Person to comply with Paragraphs 16.4.6, 16.4.7 and 16.4.8 of this Chapter.
   2. b)The Central Bank shall conduct a fit and proper test on the proposed Compliance officer of the Licensed Person. The Central Bank reserves the right to:
      • •interview the proposed Compliance Officer as part of the fit and proper test, if it deems it necessary; and
      • •issue or decline the approval for the proposed Compliance Officer.
   3. c)In case the prior approval is rejected by the Central Bank, the Licensed Person must propose a new Compliance Officer within the timeline provided by the Central Bank in the Letter of Rejection. If a specific timeline is not provided in the Letter of Rejection, then the Licensed Person must propose a new Compliance Officer within a period of one hundred and eighty (180) calendar days from the date of Letter of Rejection; and
   4. d)Full details of the Compliance Officer must be provided to the FID via email to: cbuaeamlscu@cbuae.gov.ae (Refer to Notice Number 1401/2010 issued by the Central Bank on 16^th March 2010).
10. 16.4.10Resignation of the Compliance Officer and Notification to the Central Bank:
    1. a)The Licensed Person must notify the Banking Supervision Department, within five (5) working days, in case the Compliance Officer resigns or vacates the office in any other manner with reason thereof via email to: info.ehs@cbuae.gov.ae;
    2. b)The Licensed Person must appoint a permanent replacement, within a period of one hundred and eighty (180) calendar days from the date when the position of the Compliance Officer falls vacant, after obtaining a Letter of No Objection from the Banking Supervision Department (Refer to Paragraph 16.4.9 of this Chapter for more information); and
    3. c)The Alternate Compliance Officer must be available to ensure the continuity of the AML/CFT compliance function during the period when the Compliance Officer’s position is vacant.
11. 16.4.11Outsourcing of Compliance Function:
    1. a)The Licensed Person must not outsource the role of the Compliance Officer nor the entire compliance function under any circumstances. However, the Licensed Person is permitted, under certain circumstances, to outsource some specific AML compliance tasks after obtaining the Letter of No Objection from the Banking Supervision Department. Please refer to Paragraph 9.1.2 (a) of Chapter 9.
12. 16.4.12Removal of the Compliance Officer:
    1. a)The Central Bank reserves the right to remove the Compliance Officer of a Licensed Person at its sole discretion;
    2. b)The Licensed Person, in such cases, must comply with Paragraph 16.4.10 (b) of this Chapter; and
    3. c)The Central Bank reserves the right to communicate or not to communicate reasons to the Licensed Person for its decision to remove the Compliance Officer.

1. 16.5.1The Licensed Person must appoint an Alternate Compliance Officer to strengthen the AML/CFT compliance function subject to the following conditions:
   1. a)The Alternate Compliance Officer must be a full time employee of the Licensed Person;
   2. b)The Alternate Compliance Officer must not engage in any part time employment or act as a consultant outside the business of the Licensed Person;
   3. c)The Alternate Compliance Officer must be a resident in the UAE;
   4. d)A foreign national must be under the employment visa of the Licensed Person when employed as an Alternate Compliance Officer;
   5. e)The Alternate Compliance Officer must directly report to the Compliance Officer or to the Board of Directors (or to the Owner/Partners where there is no Board of Directors) during the absence of the Compliance Officer;
   6. f)The Alternate Compliance Officer must have authority to act without any interference from the Manager in Charge or other employees of the Licensed Person;
   7. g)If the Licensed Person is in possession of either a Category B or Category C License, the role of its Alternate Compliance Officer must not be combined with any other function of the Licensed Person; and
   8. h)If the Licensed Person is in possession of a Category A License, the role of its Alternate Compliance Officer may be combined with any other function of the Licensed Person which does not create any conflict of interest.
2. 16.5.2Prior Approval for the Appointment:
   1. a)A Letter of No Objection must be obtained for appointing an Alternate Compliance Officer by submitting the following to the Banking Supervision Department:
      • •Letter from the authorized signatory seeking the Letter of No Objection from the Central Bank;
      • •Duly completed APA Form (Refer to Appendix 5 for this Form) and supporting documents; and
      • •Undertaking letter from the authorized signatory of the Licensed Person confirming the binding commitment of the Alternate Compliance Officer and the Licensed Person to comply with Paragraphs 16.5.1 (a) to (g) of this Chapter.
   2. b)The Central Bank shall conduct a fit and proper test on the proposed Alternate Compliance officer of the Licensed Person. The Central Bank reserves the right to:
      • •interview the proposed Alternate Compliance Officer as part of the fit and proper test, if it deems it necessary; and
      • •issue or decline the approval for the proposed Alternate Compliance Officer.
   3. c)In case the prior approval is rejected by the Central Bank, the Licensed Person must propose a new Alternate Compliance Officer within the timeline provided by the Central Bank in the Letter of Rejection. If a specific timeline is not provided in the Letter of Rejection, then the Licensed Person must propose a new Alternate Compliance Officer within a period of one hundred and eighty (180) calendar days from the date of Letter of Rejection; and
   4. d)Full details of the Alternate Compliance Officer must be provided to the FID via email to cbuaeamlscu@cbuae.gov.ae (Refer to Notice Number 1401/2010 issued by the Central Bank on 16^th March 2010).
3. 16.5.3Resignation of the Alternate Compliance Officer and Notification to the Central Bank:
   1. a)The Licensed Person must notify the Banking Supervision Department, within five (5) working days, in case the Alternate Compliance Officer resigns or vacates the office in any other manner with reasons thereof via email to: info.ehs@cbuae.gov.ae; and
   2. b)The Licensed Person must appoint a permanent replacement, within a period of one hundred and eighty (180) calendar days from the date when the position of the Alternate Compliance Officer falls vacant, after obtaining a Letter of No Objection from the Banking Supervision Department (Refer to Paragraph 16.5.2 of this Chapter for more information).
4. 16.5.4Removal of the Alternate Compliance Officer:
   1. a)The Central Bank reserves the right to remove the Alternate Compliance Officer of a Licensed Person at its sole discretion;
   2. b)The Licensed Person, in such cases, must comply with Paragraph 16.5.3 (b) of this Chapter; and
   3. c)The Central Bank reserves the right to communicate or not to communicate reasons to the Licensed Person for its decision to remove the Alternate Compliance Officer.

1. 16.6.1The Compliance Officer, Alternate Compliance Officer and other employees of the AML/CFT Compliance Department must undergo a minimum of forty eight (48) hours external training in AML/CFT compliance every year; and
2. 16.6.2Participation in any one or a combination of the following is acceptable in relation to CPD programs in this context:
   1. a)AML/CFT conferences or meetings or workshops whether inside or outside the UAE;
   2. b)face to face training by external agencies whether inside or outside the UAE;
   3. c)training by industry associations or regulatory bodies; and
   4. d)Web based training.

1. 16.7.1The Licensed Person must carry out KYC process for its customers in order to confirm who its customers are, and to ensure that the funds involved in their transactions are originating from legitimate sources and used for legitimate purposes;
2. 16.7.2The Licensed Person must apply an appropriate KYC Process for its customers depending on the ML/FT risks associated with each customer or transaction; and
3. 16.7.3There are three different types of KYC Processes that must be applied based on the ML/FT risk associated with a customer. These are:
   1. a)Customer Identification (CID) Process;
   2. b)Customer Due Diligence (CDD) Process; and
   3. c)Enhanced Due Diligence (EDD) Process.

1. 16.8.1The Customer Identification (CID) process, in accordance with Paragraphs 16.8.2 to 16.8.5 of this Chapter, must be applied for natural persons who carry out “foreign currency exchange” transactions of value between AED 3,600 and AED 35,999.75. Please refer to Paragraph 16.13.1 of this Chapter for KYC process to be applied for natural persons who repeatedly exchange foreign currency of value below AED 3,600 per transaction;
2. 16.8.2The Customer Identification process is the verification of the original identification documents of the customer who is a natural person and systematically recording basic customer information in the Point of Sale system;
3. 16.8.3The Licensed Person must not accept any identification document (ID) other than one from the below list (in the order of preference) with an exception provided under Paragraph 16.13.2 of this Chapter:
   1. a)Emirates ID; or
   2. b)Passport with valid visa; or
   3. c)GCC National ID for GCC nationals.
4. 16.8.4Customer’s full legal name, residential status, mobile number, nationality, date of birth, ID type (whether Emirates ID, Passport or GCC national ID) and ID number must be recorded in the Point of Sale system;
5. 16.8.5The following customer information must be printed on the transaction receipt:
   1. a)Full legal name;
   2. b)Residential status (whether UAE Resident or UAE Non-Resident);
   3. c)Mobile number;
   4. d)Nationality;
   5. e)ID type (whether Emirates ID or Passport or GCC national ID); and
   6. f)ID number.

1. 16.9.1The Customer Due Diligence (CDD) process, in accordance with Paragraphs 16.9.2 to 16.9.11 of this Chapter, must be applied for a natural person who carries out the following transactions:
   1. a)Foreign currency exchange transactions, either one off or multiple in ninety (90) calendar days, of value between AED 36,000 and AED 99,999.75; and
   2. b)Money transfers, whether inward or outward, of value between AED 1 and AED 74,999.75.
2. 16.9.2Customer Due Diligence (CDD) is the process where additional information about the customer, who is a natural person, is collected via a customer onboarding process in accordance with Paragraph 16.9.3 of this Chapter;
3. 16.9.3The Licensed Person must create a customer profile by recording the customer information in its Point of Sale system and then provide a permanent “Unique Identification Number (UIN)” to the customer. The customer must be allowed to carry out transactions at the branch(es) of the Licensed Person only by using the Unique Identification Number. The Licensed Person must also comply with Paragraph 16.13.12 of this Chapter at all times;
4. 16.9.4The following customer information, at a minimum, must be captured in the Point of Sale system in addition to the verification of the original ID in accordance with Paragraph 16.8.3 of this Chapter:
   1. a)Full legal name;
   2. b)Residential status (whether UAE Resident or UAE Non-Resident);
   3. c)Address in the UAE (for UAE Residents);
   4. d)Temporary address in the UAE and the permanent address in the home country (for UAE Non-Residents);
   5. e)Mobile number;
   6. f)Email, if available;
   7. g)Date of Birth;
   8. h)Nationality;
   9. i)Country of Birth;
   10. j)ID type (whether Emirates ID or Passport or GCC national ID);
   11. k)ID number;
   12. l)ID place of issue;
   13. m)ID issue date;
   14. n)ID expiry date;
   15. o)Profession; and
   16. p)Expected annual activity (i.e. expected annual value and number of transactions for future transaction monitoring).
5. 16.9.5Area or district, city, Emirate or state or province and country must be recorded in the Point of Sale system as part of the address. The Licensed Person is expected to record the P.O Box number, house number/name, apartment or room number, building number/name, street name in the system wherever practically possible;
6. 16.9.6A copy of the ID must be retained from the original identification document which must be certified (i.e. certified copy) as “Original Sighted and Verified” under the signature of the employee who carries out the customer due diligence process;
7. 16.9.7The UIN given to a customer by a Licensed Person must be unique in nature and the same UIN must not be assigned to more than one customer. The same customer must not be given more than one UIN by a Licensed Person. Appropriate validation rules must be implemented in the system to comply with this requirement;
8. 16.9.8The customer profile must be reviewed and updated either annually or upon the expiry of the Identification Document whichever comes first. The original ID as per Paragraph 16.8.3 of this Chapter must be verified and its certified copy must be held in the records during the review of a customer profile;
9. 16.9.9Information on the “source of funds” and “purpose of transaction” must be captured in the Point of Sale system for each transaction that undergoes the CDD process;
10. 16.9.10The below customer information must be printed on the transaction receipt, at a minimum:
    1. a)Unique Identification Number (UIN) of the customer;
    2. b)Full legal name of the customer;
    3. c)Address in the UAE (required when the customer is a UAE Resident) - P.O Box number and street (if available), city, Emirate;
    4. d)Permanent address in the home country (required only when the customer is a UAE NonResident) - P.O Box number and street (if available), city, state or province, country;
    5. e)Mobile number;
    6. f)Nationality;
    7. g)ID type (whether Emirates ID or Passport or GCC national ID);
    8. h)ID number;
    9. i)ID place of issue;
    10. j)ID issue date;
    11. k)Method of payment (whether cash or cheque, etc.);
    12. l)Source of funds;
    13. m)Purpose of transaction; and
    14. n)Beneficiary’s name and bank account details (wherever applicable).
11. 16.9.11The receipt must be signed by the customer and must be retained in the records along with all KYC supporting documents in accordance with Paragraph 16.24 of this Chapter.

1. 16.10.1During the Enhanced Due Diligence for natural persons, the source of funds and purpose of transaction must be verified and confirmed in accordance with Paragraphs 16.10.2 to 16.10.5 of this Chapter in addition to the CDD process as per Paragraph 16.9 of this Chapter;
2. 16.10.2Below are the thresholds for the Enhanced Due Diligence for natural persons:
   1. a)Foreign currency exchange transactions of value equal to or above AED 100,000:- Evidence for the source of funds (example: bank statements) must be collected for verification in case the customer pays cash. Complete information of the purpose of the transaction must be collected. Appropriate evidence must be collected for the verification of the purpose of transaction in case there is any doubt or suspicion about the information provided by the customer;
   2. b)Outward money transfers of value equal to or above AED 75,000:- Evidence for the source of funds (example: bank statements) must be collected for verification if the customer pays cash. Complete information on the purpose of the transaction must be collected. Appropriate evidence must be collected for the verification of the purpose of transaction in case there is any doubt or suspicion about the information provided by the customer; and
   3. c)Inward money transfers of value equal to or above AED 75,000:- Full information for the source of funds and the purpose of transaction must be collected and recorded. Appropriate evidences must be collected for the verification of the purpose of transaction in case there is any doubt or suspicion about the information provided by the customer.
3. 16.10.3The following customer information must be printed on the transaction receipt, at a minimum:
   1. a)Unique Identification Number (UIN) of the customer;
   2. b)Full legal name of the customer;
   3. c)Address in the UAE (required when the customer is a UAE Resident) - P.O Box number and street (if available), city, Emirate;
   4. d)Permanent address in the home country (required only when the customer is a UAE NonResident) - P.O Box number and street (if available), city, state or province, country;
   5. e)Mobile number;
   6. f)Nationality;
   7. g)ID type (whether Emirates ID or Passport or GCC national ID);
   8. h)ID number;
   9. i)ID place of issue;
   10. j)ID issue date;
   11. k)Method of payment (whether cash or cheque, etc.);
   12. l)Source of funds;
   13. m)Purpose of transaction; and
   14. n)Beneficiary’s name and bank account details (wherever applicable).
4. 16.10.4The receipt must be signed by the customer and must be retained in the records along with all KYC supporting documents in accordance with Paragraph 16.24 of this Chapter; and
5. 16.10.5The Licensed Person must give special attention to transactions by natural persons who are visitors in the UAE. The Licensed Person may decide to perform the Enhanced Due Diligence on such customers regardless of their transaction value in case there is any doubt or suspicion about the information provided by such customers.

1. 16.11.1The EDD process, in accordance with Paragraphs 16.11.2 to 16.11.11 of this Chapter, must be applied for a customer at the time of onboarding (i.e. prior to entering into any business relationship), if it is a legal entity. The EDD must include verification of the identity of the legal entity (i.e. its licenses, incorporation documents, etc.) and identification of its ultimate beneficial owners;
2. 16.11.2The Licensed Person must verify appropriate documents and retain copies to confirm information under Paragraph 16.11.3 of this Chapter. The following process must be followed at a minimum while onboarding a legal entity as a customer:
   1. a)An appropriate KYC Questionnaire of the Licensed Person must be completed and signed by the legal entity;
   2. b)Ownership structure of the legal entity must be collected including the purpose and nature of the intended business relationship;
   3. c)Collect copies of valid permissions/licenses of the entity from competent authorities to carry out the business (examples: certificate of incorporation, trading license or equivalent, license issued by the Central Bank or other competent authorities where applicable, etc.). Certify these copies as “Original Sighted and Verified” by the employee of the Licensed Person who carries out the KYC process after the verification of originals;
   4. d)Licensed Person must carry out a ML/FT risk assessment on business activities of the legal entity by visiting its business location. Also, carry out a risk assessment of its customers;
   5. e)Original identification documents (in accordance with Paragraph 16.8.3 of this Chapter) of Ultimate Beneficial Owners (UBO) must be verified and retain the copies after certification by the employee of the Licensed Person as “Original Sighted and Verified”;
   6. f)Collect the list of authorized signatories and verify their original identification documents (copies to be certified as “Original Sighted and Verified” and must retain in the records);
   7. g)Assess and record the expected annual activity (annual value and number of transactions for future transaction monitoring);
   8. h)Authorization letter must be taken for representatives of the legal entity who carry out transactions on its behalf;
   9. i)Verify original identification documents of representatives, who have authorization to carry out transactions, in accordance with Paragraphs 16.8.3 and 16.9.6 of this Chapter (copies to be certified as “Original Sighted and Verified” and must retain in the records). Such representatives must be UAE residents. The relationship of such representative with the legal entity must be established;
   10. j)Apply sanction checks and internet searches on the name of the legal entity, Ultimate Beneficial Owners, group companies, subsidiaries and the names of representatives of the legal entity who are authorized to carry out transactions on its behalf;
   11. k)Apply FPEP checks on Ultimate Beneficial Owners and where the Ultimate Beneficial Owner is a FPEP, the Licensed Person must collect the information about the source of wealth of such UBO; and
   12. l)Both the Manager in Charge and the Compliance Officer must approve the business relationship with legal entities. Where an Ultimate Beneficial Owner is FPEP, the business relationship with such legal entity must be established only after obtaining approval of the Board of Directors (or of the Owner/Partners where there is no Board of Directors).
3. 16.11.3The following information about the customer, which is a legal entity, must be recorded in the Point of Sale system, at a minimum, to create the customer profile and the “Unique Identification Number” (UIN) after completing the Enhanced Due Diligence process under Paragraphs 16.11.1 and 16.11.2 of this Chapter:
   1. a)Full legal name of the entity;
   2. b)Residential status (whether incorporated/operating within the UAE or outside the UAE);
   3. c)Address (P.O Box, Shop No., Building name, Street, City, Emirate, Country);
   4. d)Phone numbers;
   5. e)Fax number;
   6. f)Email;
   7. g)Date of establishment;
   8. h)ID type (whether trade license or the equivalent);
   9. i)Trade license (or the equivalent) number;
   10. j)Trade license (or the equivalent) place of issue;
   11. k)Trade license (or the equivalent) issue date;
   12. l)Trade license (or the equivalent) expiry date;
   13. m)Type of business of the entity;
   14. n)Names and ID details, such as ID types and ID numbers, of Ultimate Beneficial Owners of the entity;
   15. o)Names and ID details, such as ID types and ID numbers, of persons authorized to carry out transaction on behalf of the entity; and
   16. p)Expected annual activity (i.e. expected annual value and number of transactions for future transaction monitoring).
4. 16.11.4The Licensed Person must collect appropriate documents to verify and confirm the source of funds, purpose of transaction and the commercial/economic reason for each transaction by legal entities;
5. 16.11.5The following customer information must be printed on the transaction receipt, at a minimum:
   1. a)Unique Identification Number assigned to the entity (UIN);
   2. b)Full legal name of the entity;
   3. c)Address (P.O Box, Shop No., Building name, Street, City, Emirate, Country);
   4. d)Phone number;
   5. e)Name and ID number of the person representing the legal entity to carry out transactions on its behalf;
   6. f)Country of incorporation;
   7. g)ID type (whether trade license or the equivalent);
   8. h)Trade license (or the equivalent) number;
   9. i)Trade license (or the equivalent) place of issue;
   10. j)Trade license (or the equivalent) issue date;
   11. k)Trade license (or the equivalent) expiry date;
   12. l)Method of payment (whether cash or cheque, etc.);
   13. m)Source of funds;
   14. n)Purpose of transaction; and
   15. o)Beneficiary name and bank account details (wherever applicable).
6. 16.11.6The receipt must be signed by the representative of the legal entity who carries out the transaction on its behalf and must be retained in the records along with all KYC supporting documents in accordance with Paragraph 16.24 of this Chapter;
7. 16.11.7The Enhanced Due Diligence must be repeated and the customer profile, including the supporting evidence as per Paragraph 16.11.2 of this Chapter, must be updated annually at a minimum. The Licensed Person must ensure that copies of valid licenses are available in the records at all times. The Enhanced Due Diligence must also be repeated whenever there is a change in the profile of the customer, such as any change in the ownership of an entity;
8. 16.11.8The Enhanced Due Diligence in accordance with Paragraph 16.11.2 of this Chapter must also be undertaken before entering into below types of business relationships:
   1. a)Foreign correspondent banking arrangements, such as those with banks, exchange houses or any other financial institutions, for the purpose of money transfer services;
   2. b)Money transfer arrangements with instant money transfer service providers;
   3. c)Hedging arrangements with local or foreign institutions;
   4. d)Arrangements to import or export banknotes from/to foreign institutions, such as Banks, exchange houses or other financial institutions outside the UAE; and
   5. e)Arrangements with local or foreign entities to offer special products/services.
9. 16.11.9All business relationships under Paragraph 16.11.8 of this Chapter must be approved by the Compliance Committee of the Licensed Person;
10. 16.11.10While undertaking Enhanced Due Diligence as per Paragraph 16.11.8 of this Chapter on entities located outside the UAE, the Licensed Person may:
    1. a)visit the business locations of entities which are located in high risk countries in order to carry out risk assessment as per Paragraph 16.11.2 (d) of this Chapter (i.e. no site visit is required when such entities are located in low or medium risk countries);
    2. b)apply 20% (instead of 5% as per the definition under Appendix 1) in order to identify the Ultimate Beneficial Owners provided that it is a regulated banking institution and 10% (instead of 5% as per the definition under Appendix 1) in all other cases; and
    3. c)collect copies of the identification documents of Ultimate Beneficial Owners on a risk sensitive basis which are certified as “Original Sighted and Verified” by the Compliance Officer of such foreign entities, in case the verification of original documents by the Licensed Person is practically impossible.
11. 16.11.11The Licensed Person must not enter into any business relationship with a Shell Company or a Shell Bank.

1. 16.12.1The Licensed Person must not accept societies such as Co-operative Societies, Charitable Societies, Social or Professional Societies as customers unless they produce a certificate signed by H.E Minister of Community Development confirming their identities and permitting them to collect donations or to make money transfers out of the UAE;
2. 16.12.2Enhanced Due Diligence in line with 16.11 must be carried out before entering into any business relationship with societies; and
3. 16.12.3Business relationships with societies must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors) of the Licensed Person.

1. 16.13.1The Licensed Person must apply the CID process in accordance with Paragraph 16.8 of this Chapter for a natural person who repeatedly exchanges foreign currency (example: once in a week) of value below AED 3,600 per transaction;
2. 16.13.2The Licensed Person may accept a Seaman’s Pass/ID in order to complete the KYC Process, instead of acceptable IDs listed under Paragraph 16.8.3 of this Chapter, from natural persons who carry out the following transactions:
   1. a)Foreign currency exchange transactions of aggregate value up to AED 35,999.75 per week; and
   2. b)Money transfer transactions of aggregate value up to AED 27,000 per week.
3. 16.13.3The Licensed Person, while accepting transactions under Paragraph 16.13.2 of this Chapter, must apply the CID process in accordance with Paragraph 16.8 of this Chapter for foreign currency exchange transactions and the CDD process in accordance with Paragraph 16.9 of this Chapter for money transfer transactions (except Paragraph 16.8.3 of this Chapter) at a minimum;
4. 16.13.4The Licensed Person must apply the EDD process that is effective and proportionate to the ML/FT risks, including obtaining the approval of the Manager in Charge and the Compliance Officer, for establishing business relationships or one-off transactions with:
   1. a)FPEPs (Refer to Paragraph 16.20 of this Chapter);
   2. b)customers from high risk jurisdictions as identified by FATF and/or similar bodies;
   3. c)unusually complex transactions or those which have no clear economic or legal purpose;
   4. d)UAE Non-Resident customers; and
   5. e)transactions which the Licensed Person considers as high risk.
5. 16.13.5The Licensed Person must conduct the EDD process for a customer, irrespective of the value of transaction, if it has reasonable ground to suspect that the customer is engaging in money laundering or terrorist financing. In case the suspicion continues to exist even after the EDD, the Licensed Person must immediately report such cases to the FID in accordance with Paragraph 16.21 of this Chapter;
6. 16.13.6The Licensed Person must also conduct the EDD on its existing customers, if:
   1. a)there is a material change in the nature or ownership of a customer who is a juridical person;
   2. b)there is doubt about the reliability or adequacy of information previously obtained in relation to the customer; or
   3. c)there is any other reason that the Licensed Person deems it appropriate.
7. 16.13.7If it is unable to verify the customer’s identity using reliable and independent sources of data or information, the Licensed Person must:
   1. a)immediately terminate any relationship with the customer; and
   2. b)consider whether it should make a suspicious transaction report to the FID.
8. 16.13.8The Licensed Person must be able to demonstrate to the Central Bank Examiners that the KYC Process that has been applied is appropriate in view of its risks related to the money laundering, terrorist financing or related financial crimes;
9. 16.13.9The Licensed Person must carry out the CDD process for every pre-paid card customer in addition to introducing appropriate velocity controls to monitor the activity of the customer based on the number of cards purchased (whether non-reloadable or reloadable) or number of times reloaded (where it is a reloadable card). These transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts;
10. 16.13.10The customer using automated machines (i.e. Kiosks) for executing transactions must have the Unique Identification Number (UIN) issued by the Licensed Person. In such cases, the Licensed Person must ensure that the customer is not given privileges to add new beneficiaries for conducting money transfers via such Kiosks directly. The Licensed Person must also set a maximum limit, which shall not exceed AED 3,600 per transaction for money transfers via such machines. In any case, the total value of money transfers by a customer via such machines shall not exceed AED 10,000 per month. All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts;
11. 16.13.11The Licensed Person must comply with the instructions and conditions that are stated in the Letter of No Objection issued by the Banking Supervision Department for special products or services;
12. 16.13.12The Licensed Person must implement appropriate measures/controls to ensure that the Unique Identification Number issued to a customer is being used only by that customer at all times. The Licensed Person may consider the following to comply with this requirement:
    1. a)Verification of the original ID as per Paragraph 16.8.3 of this Chapter prior to accepting transactions from a customer; or
    2. b)Issue ID/Membership/Loyalty Cards that contain the basic customer details (such as name, date of birth, nationality, UIN etc.) including a recent photograph and such original cards must be verified prior to accepting transactions from customers; or
    3. c)Introduce appropriate biometric systems.
13. 16.13.13 Natural persons, who do not have a valid visa to stay in the UAE, must not be permitted to carry out transactions unless they are in the grace period upon cancellation or expiry of the residence permit or on amnesty;
14. 16.13.14The Licensed Person must understand the purpose and intended nature of the business relationship and obtain further information in higher risk situations;
15. 16.13.15 The Licensed Person must have measures/controls in place for conducting on-going due diligence to determine whether transactions are consistent with the profile of the customer;
16. 16.13.16 The Licensed Person must comply with wire transfer rules as specified in FATF Recommendation 16 for originating institution, beneficiary institution and intermediary institution, as applicable, notwithstanding the amount involved; and
17. 16.13.17 The Licensed Person must apply the following KYC process for a customer who exchanges low denomination currency notes to larger ones:
    1. a)Customer Due Diligence (CDD) process, in accordance with Paragraph 16.9 of this Chapter, must be applied for a natural person when the value of such transaction is between AED 36,000 and AED 99,999.75;
    2. b)Enhanced Due Diligence (EDD) process, in accordance with Paragraph 16.10 of this Chapter, must be applied for a natural person when the value of such transaction is equal to or above AED 100,000;
    3. c)Enhanced Due Diligence (EDD) process, in accordance with Paragraph 16.11 of this Chapter, must be applied in case the customer is a legal entity irrespective of the value of such transaction; and
    4. d)If there are any reasonable grounds to suspect money laundering and/or terrorist financing, the Licensed Person must file a Suspicious Transaction Report (STR) with the FID, irrespective of the value of such transaction. Please refer to Paragraph 16.21.2 of this Chapter for more information on suspicious transaction reporting.

1. 16.14.1A transaction is treated as a third party transaction when it is carried out by a person (hereafter known as ‘the representative’) on behalf of another natural person or a legal entity (hereafter known as ‘the beneficial owner of funds’). The Licensed Person must not accept third party transactions except in cases that are mentioned under Paragraphs 16.14.2 to 16.14.6 of this Chapter;
2. 16.14.2The Licensed Person may accept the transaction by a natural person on behalf of another natural person subject to the following conditions:
   1. a)The representative must produce a duly executed Power of Attorney (PoA) from the beneficial owner of funds to carry out such transactions. Where there is no PoA, the beneficial owner of funds must issue a letter authorizing the representative to carry out transactions on his/her behalf. The beneficial owner of funds must visit the Licensed Person to sign such letter of authority, the validity of which shall not exceed two (2) years from the date of issue;
   2. b)The letter of authority must refer to the type of transactions (whether currency exchange or money transfer) which the representative is authorized to carry out on behalf of the beneficial owner of funds as well as the identification details of both parties. The letter must also include the beneficiary details in the case of a money transfer transaction;
   3. c)The signature of the beneficial owner of funds in the letter of authority must be verified against that in the passport or the Emirates ID;
   4. d)The representative and the beneficial owner of funds must both be resident in the UAE;
   5. e)Original identification documents of both parties must be collected and verified in addition to retaining the copies of such identification documents certified as “Original Sighted and Verified”;
   6. f)The beneficial owner of funds must undergo the CDD process in accordance with Paragraph 16.9 of this Chapter. The EDD process must be applied, when applicable, in accordance with Paragraph 16.10 of this chapter;
   7. g)All transactions must be recorded in the system against the Unique Identification Number of the beneficial owner of funds. Name and ID details of the representative must also be recorded in the Point of Sale system;
   8. h)The names of both parties must be subjected to the sanction/FPEP screening. In the case of money transfer transactions, the beneficiary’s name as well as the name of beneficiary bank must also be appropriately screened;
   9. i)The name of the representative must be printed separately on the transaction receipt in addition to the information of the beneficial owner of funds in accordance with Paragraph 16.9.10 or 16.10.3 of this Chapter, whichever is applicable; and
   10. j)All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts.
3. 16.14.3The Requirement under Paragraph 16.14.2 of this Chapter is not applicable, where the transaction is carried out by a natural person on behalf of another natural person who is either working as domestic helper (examples are: house maid, cook, servant, cleaner, etc.) or unable to visit the licensed premises due to the inherent nature of their work/living conditions, subject to the following conditions:
   1. a)The representative must produce a letter signed by the beneficial owner of the funds authorizing the representative to carry out transactions. This letter of authority must refer to the type of transactions (whether currency exchange or money transfer) which the representative is authorized to carry out on behalf of the beneficial owner of funds as well as the identification details of both parties. The letter must also include the beneficiary details in the case of a money transfer transaction;
   2. b)The total value of transactions, whether foreign currency exchange or inward/outward remittance, shall not exceed AED 24,000 during a rolling three hundred and sixty five (365) days from the date of the first transaction for each beneficial owner of funds;
   3. c)The representative and the beneficial owner of funds must both be resident in the UAE;
   4. d)Original identification documents of both parties must be collected and verified in addition to retaining the copies of such identification documents certified as “Original Sighted and Verified”;
   5. e)The representative must undergo the CDD process in accordance with Paragraph 16.9 of this Chapter. The EDD process must be applied, when applicable, in accordance with Paragraph 16.10 of this Chapter. The Licensed Person is expected to take all measures practically possible to confirm that such transactions are genuine without leaving any chance for doubt or confusion for misuse of this arrangement;
   6. f)All such transactions must be recorded in the system against the Unique Identification Number of the representative. The name and ID details of the beneficial owner of funds must also be recorded in the Point of Sale system. The SMS notifications in accordance with Paragraph 4.9 of Chapter 4 must go directly to the beneficial owner of funds;
   7. g)The names of both parties must be subjected to sanction/FPEP screening. In the case of money transfer transactions, the beneficiary’s name as well as the name of beneficiary bank must also be appropriately screened;
   8. h)The name of the beneficial owner of funds must be printed separately on the transaction receipt in addition to the information of the representative in accordance with Paragraph 16.9.10 or 16.10.3 of this Chapter, whichever is applicable;
   9. i)All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts; and
   10. j)In case of any doubt or confusion regarding the documents submitted or information provided by the representative, the Licensed Person must insist the beneficial owner of funds to personally visit the Licensed Person to complete the KYC process. If the beneficial owner of the funds refuses to visit the Licensed Person, the relationship must be terminated and the case must be reported to the FID immediately where necessary.
4. 16.14.4Transactions by a natural person on behalf of another legal entity in the UAE falls under the scope of the EDD Process under Paragraph 16.11 of this Chapter. The conditions under Paragraph 16.14.5 of this Chapter must be applied where the remittance transactions are for importing goods or payment for services;
5. 16.14.5Remittance transactions from legal entities in the UAE for importing goods or payment for services (i.e. trade related transactions), must only be accepted subject to the below conditions:
   1. a)Enhanced Due Diligence (Please refer to Paragraph 16.11 of this Chapter) must be completed for each legal entity before onboarding the customer;
   2. b)The Licensed Person must establish the commercial/economic reason for each remittance transaction;
   3. c)The Licensed Person must ensure that supporting documents, such as Invoices, are in the name of the legal entity in the UAE and the goods are destined for the UAE;
   4. d)The names of all parties involved in the transaction such as names of remitter (i.e. legal entity), its Owner/Partners/Shareholders, authorized person who carries out the transaction (i.e. the representative) and beneficiary must undergo sanction/FPEP screening for each transaction;
   5. e)Preference must be given to settle such transactions through a bank, either by cheque or via bank transfer, instead of accepting cash;
   6. f)The Licensed Person must collect the original Bill of Lading/Airway Bill for the post transaction (i.e. after executing such transactions) verification, whenever the same is issued. A copy of the original Bill of Lading/Airway Bill certified as “Original Sighted and Verified” under the signature of the employee who carries out the KYC Process must be retained;
   7. g)The Licensed Person must also track the movement of such goods using an appropriate container/vessel tracking system when the settlement of the underlying transaction is in cash. Appropriate logs and evidences must be maintained by the Licensed Person for such tracking;
   8. h)All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts; and
   9. i)The authorized person who carries out the transaction (i.e. the representative) on behalf of the legal entity must be a resident in the UAE.
6. 16.14.6Where a legal entity in the UAE (i.e. the remitter) which remits on behalf of another entity outside the UAE (i.e. beneficial owner of funds) who imports goods or pays for services, the Licensed Person must accept such transactions subject to the below conditions:
   1. a)The Licensed Person must undertake the EDD on the remitter which must be in accordance with Paragraph 16.11 of this Chapter;
   2. b)The Licensed Person must also undertake the EDD on the beneficial owner of funds;
   3. c)There must be at least one shareholder or partner common to both entities (i.e. legal entity in the UAE and the entity outside the UAE);
   4. d)In case, there is no shareholder or partner common to both entities, then there must be a legally valid agreement between the remitter and the beneficial owner of funds, authorizing the remitter to carry out such transaction;
   5. e)All documents related to the incorporation of the entity outside the UAE (i.e. beneficial owner of funds) and the agreement between both the parties must be appropriately attested by relevant authorities in the respective foreign country and in the UAE;
   6. f)The name of the beneficial owner of the funds and its Owner/Partners/Shareholders must be captured in the POS system in addition to the required information of the remitter as per Paragraph 16.11.3 of this Chapter. Names of all parties involved in the transaction such as names of the remitter, beneficial owner of funds, Owner/Partners/Shareholders of both entities, authorized person who carries out the transaction (i.e. the representative) and beneficiary must undergo sanction/FPEP screening for each transaction;
   7. g)The Licensed Person must establish the commercial/economic reasons for each remittance transaction;
   8. h)The Licensed Person must ensure that supporting documents, such as invoices, are in the name of the beneficial owner of funds and the goods are destined for the home country of the beneficial owner of the funds;
   9. i)Preference must be given to settle such transactions through bank, either by cheque or via bank transfer, instead of accepting cash;
   10. j)The name of beneficial owner of funds must be printed on the receipt in addition to the information of the remitter as per Paragraph 16.11.5 of this Chapter;
   11. k)The Licensed Person must collect the original Bill of Lading/Airway Bill for post transaction verification whenever it is issued. A copy of the original Bill of Lading/Airway Bill certified as “Original Sighted and Verified” under the signature of the employee who carries out the KYC Process must be retained;
   12. l)The Licensed Person must track the movement of goods via an appropriate container/vessel tracking system in all cases of such remittance transactions. Appropriate logs and evidences must be maintained by the Licensed Person for such tracking;
   13. m)All such transactions must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts;
   14. n)In case of any doubt or confusion regarding the documents submitted or information provided by the beneficial owner of funds, remitter or representative, then the Licensed Person must exit the relationship and the case must be reported to the FID immediately; and
   15. o)The authorized person who carries out the transaction (i.e. the representative) on behalf of the legal entity in the UAE must be a resident in the UAE.
7. 16.14.7The Licensed Person must not accept any transactions from a natural person, who is acting in personal capacity, on behalf of any foreign entity or a natural person who is a UAE Non-Resident.

1. 16.15.1The Licensed Person must comply with the Cash Declaration Regulations dated 09^th January 2011 and any subsequent amendments thereto;
2. 16.15.2The Licensed Person must collect and retain the original DRIC if the customer exchanges the full amount as stated in the DRIC;
3. 16.15.3In case the customer exchanges only part of the total amount stated in the DRIC, then the actual amount of currency exchanged by the Licensed Person must be endorsed on the original DRIC under the signature of the employee who carries out the KYC process and under the official stamp of the Licensed Person. In such cases, the original DRIC can be returned to the customer, but its copy after endorsement must be retained with the Licensed Person;
4. 16.15.4In case the amount of any partial exchange is endorsed on a DRIC, the Licensed Person who accepts such DRIC must exchange only the balance of the amount of currencies to ensure that the total amount of currency exchanged by the customer using the same DRIC does not exceed the total value stated in the DRIC; and
5. 16.15.5The DRIC form collected from a customer must not be treated as evidence for the source of funds or the purpose of a transaction. Appropriate due diligence procedures must be conducted and supporting documents as evidence for the source of funds or purpose of transaction must be collected whenever and wherever necessary.

1. 16.16.1The Licensed Person must implement an appropriate recruitment and Know Your Employee process for hiring employees in accordance with Paragraph 8.2 of Chapter 8.

1. 16.17.1The Licensed Person must provide comprehensive AML/CFT compliance training to all employees including its Manager in Charge, functional heads, Directors of the Board and Owner/Partners/Shareholders. The Licensed Person is required to coordinate with the FID regarding such training;
2. 16.17.2The AML/CFT compliance training must be provided to all new joiners within thirty (30) calendar days from the date of joining. The new joiners must not be allowed to serve any customer independently until they have successfully completed such training. Refresher training must be provided to all employees at regular intervals;
3. 16.17.3The frequency of refresher AML/CFT compliance training may be determined based on the ML/FT risk exposure of each employee. Employees who deal directly with customers, products or services must be trained at least annually at a minimum;
4. 16.17.4Refresher training must also be provided whenever there are changes in the AML Laws, Regulations, Notices, the Standards or the Licensed Person’s AML policy/procedures;
5. 16.17.5Appropriate processes must be implemented to periodically assess the AML/CFT awareness of employees and repeat training must be planned based on the result of such assessment process;
6. 16.17.6Appropriate AML/CFT training registers must be maintained in order for the Central Bank Examiners to verify the training history of each employee;
7. 16.17.7Evidence for all trainings conducted such as, the training policy, training materials, training register, training plan, training schedules, assessment sheets, training certificates, etc. must be retained for the verification by the Central Bank Examiners;
8. 16.17.8The AML/CFT training materials must be reviewed and updated at regular intervals or whenever there are changes in the AML Laws, Regulations, Notices, the Standards and the Licensed Person’s AML Policy/ Procedures; and
9. 16.17.9The AML/CFT training materials must cover, at a minimum:
   1. a)Money laundering and terrorist financing, definitions, typologies as well as recent trends;
   2. b)ML/FT risks associated with the products and services offered by the Licensed Person;
   3. c)AML/CFT policies and procedures including the highlights on recent changes;
   4. d)The regulatory responsibilities and obligations of employees under AML/CFT Laws, Regulations, Notices and the Standards;
   5. e)Description of Know Your Customer process and its importance;
   6. f)Due Diligence measures and procedures for monitoring transactions;
   7. g)Sanction screening and FPEP screening procedures;
   8. h)Red flags to identify unusual transactions or transaction patterns or customer behaviours;
   9. i)Processes and procedures of making internal disclosures of unusual transactions;
   10. j)Roles of the Compliance Officer and Alternate Compliance Officer including their full contact details;
   11. k)Tipping off;
   12. l)Record retention policy;
   13. m)Reference to industry guidance and other sources of information;
   14. n)Emerging ML/FT risks and measures to mitigate such risks;
   15. o)Penalties for non-compliance with the AML/CFT Laws, Regulations, Notices and the Standards; and
   16. p)Disciplinary procedures to be applied on employees for not adhering to the AML Policy and Procedures.

1. 16.18.1The Licensed Person must continuously monitor transactions on a risk-sensitive basis which must consist of the following:
   1. a)Scrutinizing the transactions concluded by a customer to ensure that transactions are consistent with the Licensed Person’s knowledge of the customer, the customer’s business, risk profile, the source of funds and where necessary, source of the customer’s wealth; and
   2. b)Reviewing the records of a customer to ensure that documents and information collected using KYC measures and ongoing monitoring for the customer are kept up-to-date and relevant.
2. 16.18.2The Licensed Person must introduce automated systems and tools to support transaction monitoring appropriate to the nature, size and complexity of its business;
3. 16.18.3The monitoring systems must be configured to identify abnormal/unusual transactions, patterns of activities or behaviours of customers by defining sufficient number of rules and parameters within the system. Special attention must be given to third party transactions while defining rules and parameters;
4. 16.18.4Information related to the expected annual activity collected at the time of customer onboarding process must be used to assess any deviations or unusual behaviours/patterns;
5. 16.18.5All abnormal/unusual transactions must be investigated and supporting records must be retained for the minimum retention period as per Paragraph 16.24 of this Chapter; and
6. 16.18.6After investigation of abnormal/unusual transactions, if reasonable grounds are established to suspect money laundering, terrorist financing and/or financing of illicit organizations, such transactions must be reported to the FID immediately. Please refer to Paragraph 16.21.2 of this Chapter for further information.

1. 16.19.1Appropriate systems must be introduced for real time screening, as part of the KYC process, on all parties involved in a transaction against all applicable sanction lists (i.e. the UN sanction lists and the names contained in the ‘search notices’/‘search and freeze notices’ issued by the Central Bank);
2. 16.19.2Written processes and procedures for the escalation and clearing of potential sanction matches must be introduced;
3. 16.19.3The logs/records related to the clearing of potential sanction matches must be available in the system for five (5) years;
4. 16.19.4The UN sanction lists must regularly and automatically be updated within the Point of Sale/computer systems of the Licensed Person preferably without any manual intervention. Addition and deletion of names in the UN sanction lists must be immediately updated by the Licensed Person as and when such changes are announced by the UN Security Council. Appropriate logs must be maintained in the system to confirm such updates;
5. 16.19.5In case the name of a customer is an exact match (i.e. a true match) to a name or names in the UN sanction lists or ‘search and freeze notices’ issued by the Central Bank, the Licensed Person must immediately freeze the funds of that customer. The Licensed Person must immediately inform the FID along with the details of the customer and the amount of funds frozen for further instructions. The Licensed Person must not defreeze such amounts without obtaining a confirmation from the FID;
6. 16.19.6In case the name of a party to a transaction is an exact match to a name or names in ‘search notices’ issued by the Central Bank, the Licensed Person must immediately follow the instructions provided in such notices; and
7. 16.19.7Sanction screening must be applied in the below cases:
   1. a)In the case of foreign currency exchange transactions, the customer’s name must be screened against the sanction lists;
   2. b)In the case of money transfer transactions, the Remitter’s name and Beneficiary’s name as well as the name of beneficiary bank must be screened against sanction lists;
   3. c)Where the transactions are conducted by a legal entity, the name of the authorised person who carries out the transaction (i.e. the representative) must be screened against sanctions lists in addition to the name of the entity and its Ultimate Beneficial Owners. The Licensed Person, where applicable, must also comply with Paragraph 16.19.7 (b) of this Chapter; and
   4. d)The Licensed Person must also comply with the sanction screening requirements, in the case of third party transactions, as required by Paragraph 16.14 of this Chapter.

1. 16.20.1The Licensed Person must implement appropriate systems and tools to determine whether a customer, who is a natural person or the beneficial owner of a juridical person, is a FPEP or HIO or family members or associates of such a person. The Licensed Person must also carry out a periodic review of existing customers to determine if any of them is a FPEP or HIO or a family member or associate of such a person;
2. 16.20.2Where a natural person is found to be a FPEP or a family member or associate of a FPEP, the Licensed Person must carry out Enhanced Due Diligence to establish business relationship and to conduct transactions accordingly. In addition to this, the Licensed Person must also take reasonable measures to determine the source of funds and collect the information regarding the source of wealth of such customers, if it deems it necessary;
3. 16.20.3Where a natural person is found to be a HIO or a family member or associate of a HIO, the Licensed Person must assess the level of risks involved and must conduct Enhanced Due Diligence to take measures as appropriate, in case the risk is considered High for ML/FT;
4. 16.20.4Approval from the Compliance Officer and the Manager in Charge must be obtained before processing any transaction in the Point of Sale system for a natural person who is a FPEP and for high risk HIO;
5. 16.20.5The Licensed Person must refer to Paragraphs 16.11.2 (k) and (l) of this Chapter for requirements while entering into business relationships with juridical persons (i.e. legal entities) owned by FPEPs; and
6. 16.20.6All transactions by a FPEP or HIO or by an entity where the Ultimate Beneficial Owner is a FPEP or HIO must be closely monitored by the Compliance Officer. The systems must have the capability to support monitoring of such transactions and must generate necessary exception reports and alerts.

1. 16.21.1Internal disclosure requirements:
   1. a)The Licensed Person must implement procedures, controls, systems and tools for its employees to internally disclose all suspected cases of money laundering or terrorist financing directly to the Compliance Officer or to an appropriate member of the compliance department without any interference from the Manager in Charge or any other employee of the Licensed Person;
   2. b)All internal disclosures must be thoroughly investigated to confirm if there are reasonable grounds for suspicion;
   3. c)If the investigation of an internal disclosure does not reveal reasonable grounds for suspicion, then the Compliance Officer may decide either to close the case or keep it open for future monitoring; and
   4. d)The Compliance Officer must retain documentary evidence regarding all internal disclosures, details of investigations undertaken and reasons for closing a case or keeping the case open for future monitoring under watch list or for reporting to the FID.
2. 16.21.2External Reporting to the FID:
   1. a)As a primary requirement of submitting Suspicious Transaction Reports (STR), the Licensed Person must obtain access to the online STR reporting portal of the Central Bank. The Licensed Person may contact the FID or the Banking Supervision Department for appropriate guidance to obtain access to the STR reporting portal;
   2. b)The Compliance Officer must report all cases where there are reasonable grounds to suspect money laundering, terrorist financing and/or financing of illicit organizations to the FID including any attempted transactions by suspicious customers;
   3. c)Procedures and controls must be implemented to ensure timely reporting of suspected cases to the FID;
   4. d)The Licensed Person must comply with all directions of the FID in relation to STRs submitted to them;
   5. e)The Licensed Person must keep appropriate records of STRs reported to the FID; and
   6. f)The Licensed Person must freeze the funds involved in any suspicious transactions related to terrorism, terrorist organizations, foreign terrorist fighters or for terrorism purposes and immediately report to the FID without any delay.

1. 16.22.1Tipping off is prohibited and is a punishable criminal offence. The Licensed Person or its employees must not inform customers or any persons or third parties, either directly or indirectly, that their transactions are subject to monitoring, are under investigation or have been reported to the FID as suspicious transactions; and
2. 16.22.2The Compliance Officer must ensure that all employees of the Licensed Person are aware of the consequences of tipping off such as penalties and imprisonment. Sufficient AML/CFT training must be provided to all employees to avoid tipping off.

1. 16.23.1The Licensed Person must watch out for its employee’s behaviour, such as, an employee whose lifestyle cannot be supported by his/her salary or an employee who is reluctant to take a vacation or is associated with unusually large numbers of transactions, etc.

1. 16.24.1All documents/records related to transactions such as transaction receipts (except the receipts as per Paragraph 16.8.5 of this Chapter), KYC, Customer Due Diligence and Enhanced Due Diligence must be retained for a minimum period of five (5) years from the date of transaction;
2. 16.24.2Records, in the context of Paragraph 16.24.1 of this Chapter, include electronic communication and documentation as well as physical, hard copy communication and documentation;
3. 16.24.3Records retained by the Licensed Person must be sufficient to permit the reconstruction of individual transactions;
4. 16.24.4AML training registers, training plans, AML training materials and other evidence for providing AML training must be retained for a period of five (5) years from the date of training;
5. 16.24.5Supporting documents for the transaction monitoring and investigations carried out on unusual transactions must be retained for a minimum period of five (5) years;
6. 16.24.6All documents related to STRs including internal disclosures by employees must be retained for a minimum period of five (5) years from the date the STR was reported. In case the matter is subject to litigation in a court or under investigation by an enforcement agency, the supporting documents related to such transactions or STR must be retained until the final verdict is received from the court or until the Licensed Person is notified that the investigation is completed; and
7. 16.24.7Any other records to demonstrate compliance with the AML/CFT Laws, Regulations, Notices and the Standards must also be retained.

1. 16.25.1The Compliance Officer must prepare Bi-Annual Compliance Reports (i.e. reports for the six (6) months period ending on 30^th June and 31^st December of the respective financial year) in order to assess the effectiveness of the Licensed Person’s AML/CFT policies, procedures, systems and controls to prevent money laundering and terrorist financing;
2. 16.25.2Bi-Annual Compliance Reports must be submitted within one (1) month from the end of each reporting period to:
   1. a)the Compliance Committee; and
   2. b)the Board of Directors (or the Owner/Partners where there is no Board of Directors).
3. 16.25.3Bi-Annual Compliance Reports must cover at least the following:
   1. a)Assessment of ML/FT risks associated with the business of the Licensed Person and the effectiveness of its Policies, Procedures, Systems and Controls;
   2. b)Summary of the gap analysis between the AML/CFT Program of the Licensed Person and existing AML Laws, Regulations, Notices and the Standards as well as the actions taken by the Compliance Officer to bridge or resolve such gaps;
   3. c)Details of AML/CFT breaches highlighted in the most recent Central Bank examination report and the reports by Internal/External Auditors;
   4. d)The number of internal suspicious disclosures made by employees and the number of cases investigated, closed, kept open for future monitoring or reported to the FID as STRs during the reporting period;
   5. e)The number of suspicious transactions detected and reported to the FID via independent transaction monitoring by the Compliance Officer during the reporting period;
   6. f)Changes in the AML/CFT policies and procedures reviewed and the details of any AML/CFT policy or procedures newly introduced during the reporting period;
   7. g)Statistics on total employees, new joiners during the reporting period, number of employees trained and the number of employees not trained (if any) including reasons for not training employees;
   8. h)Areas where the AML/CFT training programme must be improved and proposals made to enhance the training;
   9. i)Recommendations to the Manager in Charge and the Board of Directors (or to the Owner/Partners where there is no Board of Directors) for the improvement of the AML/CFT function of the Licensed Person;
   10. j)Details of Compliance Officer’s requests for additional human resources, systems, controls, tools and technology changes for the attention of the Board of Directors (or of the Owner/Partners where there is no Board of Directors);
   11. k)An action plan to improve the AML/CFT compliance function for the next six (6) months along with the current status of similar action plan for previous six (6) months; and
   12. l)The conclusion of the Compliance Officer about the effectiveness of the existing AML/CFT function of the Licensed Person.
4. 16.25.4The Bi-Annual Compliance Report must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors); and
5. 16.25.5A copy of the Bi-Annual Compliance Report must be submitted to the Banking Supervision Department and the FID along with comments from the Board of Directors (or from the Owner/Partners where there is no Board of Directors) within four (4) months from the end of each reporting period.

1. 16.26.1The Compliance officer’s function must undergo regular audit by the Internal Auditor. Internal audit findings must be reported to the Board of Directors (or to the Owner/Partners where there is no Board of Directors);
2. 16.26.2External Auditors must perform Agreed-Upon Procedures on the AML/CFT Compliance function annually and report their findings directly to the Board of Directors (or to the Owner/Partners where there is no Board of Directors). The Licensed Person must submit a copy of this report to the Banking Supervision Department within four (4) months from the end of each financial year; and
3. 16.26.3The Board of Directors (or the Owner/Partners where there is no Board of Directors) must ensure that appropriate actions are taken by the Compliance Officer, Manager in Charge and other functional heads to resolve findings of internal and external auditors in a timely manner.

1. 16.27.1The Licensed Person must upload remittance data to the Central Bank Remittances Reporting System on a daily basis. Remittance data must be uploaded before the end of the next business day; and
2. 16.27.2The Licensed Person must also introduce appropriate systems and tools to enable immediate responses to the enquiries received from the Central Bank (example: Search or Freeze notices) and other competent authorities in the UAE.

1. 16.28.1The Licensed Person must pay special attention to any ML/FT risk that may arise from new or developing technologies, products or transactions that may favour anonymity and take measures to prevent the use of such products to launder money or finance terrorism.

1. 16.29.1Please refer to Paragraph 6.9.3 of Chapter 6 for the roles and responsibilities of the Compliance Committee.

1. 16.30.1The standards under this Chapter shall apply to all Licensed Persons and their branches, offices and subsidiaries operating in the UAE as well as their employees, Board of Directors, Owner/Partners/Shareholders; and
2. 16.30.2The standards under this Chapter also apply to all branches and subsidiaries of the Licensed Person operating in foreign jurisdictions where the AML/CFT compliance requirements are less stringent than that contained in this Chapter.

1. 16.31.1AML/CFT Standards of this Chapter must be read in conjunction with the following Laws and Regulations of the UAE:
   1. a)Federal Law number 4 of 2002 regarding Criminalization of Money Laundering;
   2. b)Federal Law Number 9 of 2014 regarding amendment of some provisions in Federal Law number 4 of 2002;
   3. c)Decree Number 38 of 2014 Regarding the Executive Bye Law of the Federal Law number 4 of 2002;
   4. d)Notice No. 24/2000 issued on 14^th November 2000 and its subsequent amendments;
   5. e)Notice No. 1401/2010 issued on 16^th March 2010; and
   6. f)Any other Notices, Circulars or Regulations issued hereafter by the Central Bank of the UAE on AML/CFT compliance.

The Central Bank expects the Licensed Person to provide services to its customers in an utmost professional manner and to ensure their rights are appropriately protected. This chapter summarizes the minimum standards that a Licensed Person must maintain at all times in order to handle complaints from its customers effectively and efficiently.

1. 17.1.1The Licensed Person must implement appropriate processes and procedures to resolve complaints from its customers in a timely manner.

1. 17.2.1The Licensed Person must assign a dedicated phone number and an email ID for its customers to lodge their complaints;
2. 17.2.2The designated phone number and the email ID must be printed on all receipts given to the customer and also must be displayed at a prominent location in the licensed premises;
3. 17.2.3The Licensed Person must appoint/designate, subject to Paragraph 17.2.4 of this Chapter, an officer for handling customer complaints at its Head Office. The responsibilities of this officer must include the following:
   1. a)Receive complaints from customers either directly or through the branches;
   2. b)Record all complaints irrespective of its nature in a separate register;
   3. c)Resolve customer complaints; and
   4. d)Submit periodical reports to the Manager in Charge.
4. 17.2.4Depending on the nature, size and complexity of the business, the Licensed Person may appoint a dedicated Officer to handle customer complaints or combine this role with another suitable function subject to the conditions under Paragraphs 7.2.4 (a) of Chapter 7, 16.4.7 (a) and 16.5.1 (g) of Chapter 16;
5. 17.2.5Appropriate registers and log sheets must be maintained to record all customer complaints. Adequate entries must be made in such registers to demonstrate when the complaint was received or how and when it was resolved; and
6. 17.2.6All customer complaints must be dealt with fairly and promptly.

1. 17.3.1The Licensed Person must send a confirmation upon the receipt of every complaint to the customer within two (2) business days via SMS or email;
2. 17.3.2All complaints must be resolved within a reasonable period of time which shall not exceed ten (10) business days;
3. 17.3.3A final response must be provided to the customer within ten (10) business days; and
4. 17.3.4In case, a complaint is not resolved within ten (10) business days (i.e. an overdue complaint), the Licensed Person must update the customer, on the very next business day, with reasonable justifications for the possible delay.

1. 17.4.1The details of all overdue complaints for each month must be reported to the Manager in Charge within five (5) business days from the end of every month; and
2. 17.4.2The Manager in Charge must evaluate the effectiveness of the customer complaint procedure based on the report on overdue complaints.

1. 17.5.1The scope of the internal audit must include the overall efficiency of the Licensed Person in addressing customer complaints; and
2. 17.5.2The Internal Auditor must give special attention to the turnaround time for each customer complaint and investigate the reasons for overdue complaints.

As part of protecting the interest of customers, the Licensed Person has an obligation to assess, document and disclose the amount of unclaimed funds and monitor such funds until it is paid to the respective customer(s). This chapter describes the meaning, treatment and disclosure requirements related to unclaimed funds.

1. 18.1.1Funds involved in any money transfer transaction shall be treated as unclaimed funds under the following conditions:
   1. a)The funds involved in an outward money transfer to a bank account, whether local or foreign, will be considered as unclaimed funds if the Licensed Person fails to pay it back to the respective customer within seven (7) calendar days upon cancellation of that transaction by the remitter or upon being returned by the beneficiary bank as it could not credit the beneficiary’s account for various reasons. The Licensed Person must collect the funds back from the foreign or local bank if the settlement of such transaction has already been completed with the bank;
   2. b)The funds involved in an outward remittance via an instant money transfer service provider or any other financial institutions to be paid to the beneficiary in cash will be treated as unclaimed funds if the beneficiary fails to collect the funds within ninety (90) calendar days from the date of transaction. The Licensed Person must collect the funds back from the instant money transfer service provider or the financial institution if the settlement of such transaction has already been completed;
   3. c)The funds involved in a demand draft issued by the Licensed Person shall be considered as unclaimed funds if the beneficiary fails to cash such draft prior to the date of its expiry. The Licensed Person must collect the funds back from the foreign correspondent bank in case the settlement has already been completed;
   4. d)Inward remittance transaction for which the Licensed Person received the settlement funds from a foreign correspondent will be treated as unclaimed funds if it is not paid to the beneficiary within thirty (30) calendar days from the date of receiving the payment instruction unless it is refunded to such foreign correspondent; and
   5. e)WPS Funds held by the Licensed Person against the WPS SIF File rejected (due to errors in the SIF File) by the Central Bank must be classified as unclaimed funds if the client (i.e. the employer) fails to provide the correct file to the Licensed Person within five (5) business days from the date of rejection.

1. 18.2.1The Licensed Person must ensure that unclaimed funds are assessed, documented, monitored and disclosed on a monthly basis subject to the below standards:
   1. a)The Licensed Person must implement Policies and Procedures to assess, document, disclose and monitor unclaimed funds. These Policies and Procedures must be approved by the Board of Directors (or by the Owner/Partners where there is no Board of Directors);
   2. b)Roles and responsibilities in relation to the management of unclaimed funds must be clearly defined;
   3. c)The unclaimed funds must be segregated and held as cash in local currency stock or kept in the local bank account. This fund must not be used for day to day business activities;
   4. d)The Licensed Person must constantly try to communicate with the respective customer(s) to refund unclaimed funds;
   5. e)The Licensed Person must assess the amount of unclaimed funds as on the last day of every month and disclose it as a separate item under “Current Liabilities” of the monthly return Form No. 1; and
   6. f)The Internal Auditor must review the procedures and the management of unclaimed funds as stated under Paragraphs 18.2.1 (a) to (e) of this Chapter and report its findings to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).