Skip to main content

4.4. Customer Due Diligence

Effective from 11/11/2021

The goal of the CDD process is to ensure that LEH understand who their customer is and the purpose for which the customer will use the LEH’s services. Where a LEH cannot satisfy itself that it understands a customer, then it must not accept the customer. If there is an existing business relationship, the LEH should not continue it. LEH should also consider filing an STR, SAR or other report types to the FIU as discussed in section 5 below. This guidance is not an exhaustive list of CDD obligations and LEH should consult the legal and regulatory framework in force in the UAE for the measures to be taken.

Under Article 8 of AML-CFT Decision, LEHs are required to identify and verify the identity of all customers. In particular, when verifying the Emirates ID card (either physically or by way of digital or e-KYC solutions) the LEH must use the online validation gateway of the Federal Authority for Identity & Citizenship, the UAE-Pass Application, or other UAE Government supported solutions, and keep a copy of the Emirates ID and its digital verification record. Where acceptable IDs other than the Emirates ID are used in the KYC process, a copy must be physically obtained from the original ID and certified as “Original Sighted and Verified” by the employee who carries out the CDD process.

As required by Paragraph 16.7 of the Standards, LEH must implement a strong Know Your Customer (“KYC”) process that is based on clear and comprehensive written policies and procedures. Implementation of an effective KYC process is an essential cornerstone of a LEH’s AML/CFT Program and is necessary in order to:

 Understand who LEH’s customers and counterparties are.
 Detect suspicious activity or transactions in a timely manner.
 Promote safe and sound business practices.
 Minimize the risk that the LEH is abused by illicit actors.
 Reduce the risk of processing transactions when the customer is involved in criminal activity.
 Protect the reputation of the LEH.
 Comply with statutory obligations.
 

The KYC process must be risk-based and, as such, the KYC measures applied must be commensurate with the ML/FT risks associated with their customers or transactions. Accordingly, Paragraph 16.7.3 of the Standards requires three types of KYC processes that must be applied depending on the customer’s risk and the nature of the transaction and customer. These are:

 Customer Identification (CID);
 Customer Due Diligence (CDD); and
 Enhanced Due Diligence (EDD).
 

Please refer to the table below on when to use each KYC measure and to refer to the respective paragraphs in the Standards for the detailed requirements:

Customer TypeCustomer ActivityValue of TransactionPreventive Measure RequiredParagraph in the Standards, Version 1.20
Natural PersonsCurrency ExchangeEqual to or greater than AED 3,500 and less than AED 35,000CID16.8
Equal to or greater than AED 35,000 and less than AED 55,000 within a 90-day periodCID and
CDD
16.8
16.9
Equal to or greater than AED 55,000 within a 90-day periodCID,
CDD, and
EDD
16.8
16.9
16.10
Money TransferAny value less than AED 55,000CID and
CDD
16.8
16.9
Equal to or greater than AED 55,000 within a 45-day periodCID,
CDD, and
EDD
16.8
16.9
16.10
All Legal Persons or ArrangementsAny ActivityAny ValueCDD and
EDD
16.11
Counterparty RelationshipsAny ActivityAny ValueCDD and
EDD
16.11.8 to
16.11.12
16.11.2
PEPsAny ActivityAny ValueCID,
CDD, and
EDD
16.13
DNFBPs/DPMSAny ActivityAny ValueCID (if the customer is a natural person), CDD, and
EDD
16.14/16.15
High-Risk Natural PersonsAny ActivityAny ValueCID,
CDD, and
EDD
16.16
16.8,
16.9
16.10
High-Risk circumstancesAny ActivityAny ValueCID (if the customer is a natural person), CDD, and
EDD
16.16
16.8,
16.9
16.10/11
Third Party TransactionsAny ActivityAny ValueCID (if the customer is a natural person), CDD, and
EDD
16.20
16.8,
16.9
16.10/11