Skip to main content

Sixth: The Reports on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations

Effective from 30/4/2020
  1. The insurance companies and the insurance-related professionals shall appoint a Compliance Officer to combat money laundering and terrorism financing as required by the laws, regulations, instructions, decisions and circulars in force.
  2. The insurance companies and the insurance-related professionals shall enable the staff specialized in anti-money laundering and combating the financing of terrorism to perform their work and send the periodic reports to the Insurance Authority.
  3. The Compliance Officers and the internal control staff must perform their work in a highly objective and professional way.
  4. The insurance companies and the insurance-related professionals must shape policies and procedures for combating the financial crimes including money laundering and the financing of terrorism and illegal organizations.
  5. The insurance companies and the insurance-related professionals shall present periodic reports as follows:
    1. The reports prepared by the Compliance Officers.
    2. The reports prepared by the internal control staff concerning the effective internal controls for anti-money laundering and combating terrorism financing.
    3. The report of the certified external auditor of the company concerning the effective internal controls for anti-money laundering and combating terrorism financing.
    4. The self-assessment reports prepared by the Compliance Officers including:
      1. A biannual self-assessment report in the intended e-form of the Insurance Authority to be filed prior to the end of 15 August every year in the e-systems of the Authority.
      2. An annual self-assessment report in the intended e-form of the Insurance Authority to be filed prior to the end of 15 February every year in the e-systems of the Authority.
    5. The Compliance Officers must attach their internal reports on the internal work policies, regulations and procedures to aforesaid electronic self-assessment reports according to the following determinants:
      • The regulations and policies on anti-money laundering and combating terrorism financing.
      • The internal regulations on the risk-based approach
      • Customer due diligence
      • • Enhanced customer due diligence.
      • Continuous due diligence.
      • The (STRs) uspicious Transaction Reports.
      • Compliance Officers.
      • Record keeping.
      • Training.
    6. All or any reports required by the Authority concerning the data and statistics on anti-money laundering and combating terrorism financing according to the Authority-set periods.
    7. The reports prepared by the internal audit staff concerning the effective internal controls for anti-money laundering and combating terrorism financing.
  6. The internal control staff of the insurance companies and the insurance-related professionals must file an annual report by the end of April every year on reviewing the internal policies, regulation and procedures for anti-money laundering and combating the financing of terrorism according to the intended E-Form No (4 ) as hereto attached.
  7. The internal audit report must contain:
    1. An executive summary of the internal auditing.
    2. A short background
    3. The objective and scope of participating in the audit
    4. The methodology used
    5. The main findings.
    6. The recommendations.
    7. The challenges.
  8. The report prepared by the internal control staff must imply a comprehensive review of at least the following internal controls:
    1. The regulations and policies for anti-money laundering and combating terrorism financing.
    2. The internal regulations on the risk-based approach.
    3. Customer due diligence.
    4. The enhanced the customer due diligence.
    5. The continuous due diligence.
    6. The (STRs) Suspicious Transaction Reports.
    7. Record keeping.
    8. Training.
    9. All or any other additional controls.
  9. The internal control staff can upload their report on reviewing the internal controls of the company associated with the e-report above.
  10. The report of the certified external auditor of the company concerning the effective internal controls for anti-money laundering and combating terrorism financing shall be in accordance with the following:
    1. The insurance companies and the insurance-related professionals shall fill in the e-form of the annual report prepared by the company’s external auditor when the audited annual financial statements and reports are provided to the Authority in Form No. ( 5 ) as hereto attached.
    2. The Authority must be provided by the company with a copy of the duly signed report of the external auditor when the e-report above is presented provided that the report shall comprehensively review at the least the following internal controls:

 

Scope

Details

Suspicious Transactions Reports

- Verifying from the Compliance Officer the applicable policies and procedures to ensure that any of the staff that deals or has an administrative liability for dealing with the transactions, which may involve money laundering or terrorism financing, files an immediate report to the Compliance Officer of the company, if he/she comes to know about a suspicious operation, and freezes the transactions.

- Verifying from the Compliance Officer if there are any suspicious or unusual transactions notified by the staff and if the FIU of the Central Bank of the UAE is notified of it after verifying that it is suspicious or unusual.

- Obtaining STR and SAR records, it should be confirmed if such reports are urgently notified only to the FIU of the Central Bank of the UAE, (ensuring that the reports are not filed to another regulator).

- Verifying from the Compliance Officer the applicable procedures to ensure that the higher management, officers and staff do not notify or inform by any (written or phone) means the (customer, the beneficiary or any related profession) about their information, notifying the relevant authorities and verifying that the company has policies, procedures, regulations and controls to prevent informing the customer in this event

- Verifying if the examined samples imply any contact or refers to a communication with the customer to inform him/her/it that he/she/it is a suspect

- Verifying that STR and SAR are timely filed to the FIU of the Central Bank of the UAE, describing the nature of the transactions which raise suspicion, and verifying if the notified transactions are timely frozen.

- Verifying that the company has an activated account in “GO-AML” and the number of STR and SAR sent to the FIU during the year.

Compliance Officer

- Verifying the documents of the appointment or assignment of any of the company’s employees as a (Compliance Officer) and requesting the documentary evidence of the
appointment/assignment which were notified to the Insurance Authority

- Verifying through the administrative structure that the
(Compliance Office) filed his/her reports directly to the higher management of the company and that there are no other tasks assigned to the Compliance Officers

- Ensuring that the Compliance Officer is responsible for all obligations in Article 21 of Cabinet Resolution No 10 of 2019 on the Executive Regulations of Federal Law No 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations

- Verifying that the company asked the appointed external auditors to prepare and file a report on the compliance with Law on Anti-Money Laundering to the Insurance Authority by 30 April of the next year and that the findings of such report were received and addressed by the company.

- Verifying the qualifications of the (Compliance Officer),(including the professional certificates and the training courses attended by the (Compliance Officer)

- Verifying that the (Compliance Officer) files a biannual report to the higher management and the Insurance Authority.

Due Diligence procedures

1) Performing all obligations for “Know Your Customer”, customer due diligence and enhanced due diligence as set out in Cabinet Resolution No 10 of 2019 on the Executive Regulations of Federal Law No 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations:

a. For natural persons, as set out in the above Cabinet Resolution.

b. For corporate persons, as set out in the above Cabinet
Resolution.

c. For NGOs, as set out in the above Cabinet Resolution.

d. In the event of conducting transactions for another person or
entity, verifying the identity of such person or entity and obtaining the required information and documents, as set out in the above Cabinet Resolution.

2) Verifying from the staff of the company if all necessary information and documents of the customers, including the ultimate beneficiary owners, are obtained prior to establishing any business relationships, whether the customer is a natural or corporate person, and if such information is regularly updated

3) Verifying from the Company if the applicable procedures establish the identity of the beneficiaries, which are not the customer, obtaining and recording full information there, and ensuring whether:

a) The company determines and verifies the identity of this party prior to conducting any payment transactions

b) In the event of identifying the beneficiary as a corporate person or taking a legal arrangement with high risk, the customer due diligence procedures of the company shall include procedures based on premises to determine and verify the real identity of the beneficiary of the insurance policy upon payment

4) Ensuring through the staff of the company whether the customer due diligence procedures are adopted:

a) The company takes measures based upon premises to understand the ownership and nature of the corporate person

b) The company ensures the nature and type of the business relationship, which is established with a natural or corporate person

c) The company controls on a continuous basis the business relationship with its customers,

to the effect that it verifies the transactions conducted to ensure that they are in accordance with KYC and the details of the customer business and its risks as well as the source of the funds, as required.

5) Verifying if the company enters into business with a customer by using a false name or with an unknown person or opening an account with a fictitious name and if the name of the account holder is in accordance with the identity card or a copy of the passport or the trade license and if the staff in charge verifies that such copies are authentic and signed.

6) Verifying from the staff of the company if the following procedures and terms are adopted and complied with:

a. Applying the due diligence procedures to the current customers, if:

(1) There is a substantial change in the nature or ownership of the customer

(2) There is doubt about the correctness or accuracy of the information of the customer

(3) A big transaction is about to be concluded with or for the customer

(4) There is another reason that may be held adequate by the company

b. If the company is unable to identify the customer by a reliable and independent source of information, the company must:

1) End any relation with the customer immediately.

2) Consider the need for filing suspicious transaction reports to the competent unit.

Enhanced Due Diligence

Performing all obligations for “Know Your Customer”, customer due diligence and enhanced due diligence, as set out in Cabinet Resolution No 10 of 2019 of the Executive Regulations of Federal Law No 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations

1) Verifying that the company has a process for identifying the customers and/ or the real beneficiaries from the politically exposed persons (PEP) and ensuring that:

a. Suitable risk management regulations are applied to determine whether the customer or the real beneficiary is a PEP or not.

b. The approval of the higher management is obtained for establishing or proceeding with a business relationship, if the customer or the real beneficiary is a PEP.

c. The source of the wealth and assets of the real beneficiary is determined by any available reasonable means.

d. It during the business relationship conducts enhanced due diligence.

2) In the event of large documents, as specified in Article 6 of Cabinet Resolution No 10 of 2019 above, verifying that the documents of the financial situation of the customer, the source of the funds and the net income as well as the names of the banks, which the customer deals with, are kept and maintained over the past three years.

3) Ensuring that the company provides, in addition to the due diligence procedures, the due diligence under Cabinet Resolution No 10 of 2019 above.

4) Ensuring that the insurance company takes reasonable measures to identify the beneficiary or the beneficial owner of the life insurance and Family Takaful insurance policies. If he/she is identified as a PEP, the company shall inform the higher management prior to paying to the beneficiaries or prior to exercising any rights thereof, do a comprehensive examination of all business relationships and consider notifying a STR to the Unit

Maintaining Documents

- The number of the years of maintaining the documents (in the event of a court case and after the end of the court case or in the event that there is no legal action)

- The existing transaction details (type, sum, etc.), including whether an STR or SAR is notified

- The method of maintaining the data (in soft or hard files)

- The existing system for document maintenance

- If the system includes the dates of the commencement and end of the business relationship

- In the event of notifying STR or SAR whether the database contains a request from the FIU and what is the timeframe of dealing with such requests

- The minimum requirements for storing (soft and hard) records, which may include the safety and the availability of the data in the event of a crisis

Risk-Based Approach

The company relays on a risk-based approach, which includes:

- Assessing the risks of money laundering and financing of terrorism faced by the company, including

a. The type of the company’s customers (and the purpose of the relationship)

b. The products and services provided by the Company (and their objective)

c. The technology used by the company (and the objective of this use) to provide such products and services

- Establishing the required procedures for mitigating such risks

- The existing classification and description of the risks of the business relationship, taking into consideration at least four risk factors of this business relationship: customer risk, product risk, operational risk and competent department risks

Policies & Procedures

Ensuring that the policies and procedures:

- Are authenticated and approved for anti-money laundering and combating terrorism financing.

- Include specified actions and standards for identifying the customers with high risk.

- Include a specified and periodic mechanism for updating the lists of terrorism in Cabinet Resolution No 20 of 2019 and informing the regulator if the case is identified

- Include the standards for notifying STR or SAR, (including the notification timeframe).

- Require a timeframe for the regular update of the policies and procedures

- Performing by the internal auditor a regular audit of the procedures for anti-money laundering and combating terrorism financing, which are adopted by the departments of the company

- Verifying if the company adopts a policy for periodically reviewing the sufficient customer due diligence and enhanced due diligence for the customers and ultimate beneficiary owner and ensures a continuous update of the information, particularly, about the customers with high risk.

- Verifying that the company adopts a process for periodically and regularly updating the tests of AML diligence.

AML Systems & Control

Verifying that:

- An independent internal control unit exists in the company and inquiring from the internal auditor about the way of ensuring compliance with the policies, procedures, regulations and controls for anti-money laundering and combating terrorism financing.

- The internal auditor files his/her reports to the audit committee.

- Verifying from the Compliance Officer that there are confidential information agreements with the related professions, with which the company deals.

- Verifying from the compliance officer that the information about the company is disclosed only as far as required in the investigations or the court cases, which are subject to the applicable legislations of the State

- The company adopts and adheres to procedures for anti-money laundering and combating terrorism financing applicable to all of its branches inside and outside the UAE.

- If the requirements for anti-money laundering and combating terrorism financing in the host country are less strict than the UAE requirements, the company applies all UAE requirements save for anything not permitted under the laws and regulations of the host country.

- In the event that the branch or the subsidiary, which operates abroad, is unable to adhere to the highest standards, the company notifies the Insurance Authority of the matter and adheres to the additional directives dedicated by the Authority.

Staff Training & Employment

- Verifying if the training of the (Compliance Officer) and all staff remains updated and suitable for the activities of the company and the different customer types, and if the training is provided on a regular and continuous basis

- Ensuring that the (Compliance Officer) does a periodic examination of all (newly appointed staff – current staff)

- Verifying that a high level scientific training is provided to the(compliance officer)

Continuous Control

- Reviewing and updating the AML procedures on a regular basis

- Verifying that the (Compliance Officer) ensures a continuous examination of all databases of the customers of the company and compares such examination with the terrorist lists in the law and legislations in force

Full compliance with Cabinet Resolution No 20 of 2019 on the Regulations of the Terrorist Lists and implementing the Security Council’s Resolutions concerning the Prevention and Suppression of Terrorism and its Financing and Proliferation of Armaments and the Relevant Resolutions shall be completely implemented.

  1. The details of those on the lists of the sanctions committees, (as defined in said Resolution) shall be followed up on a daily basis by directly referring to the resolutions approved by the Security Council and registering to this end on the website of the Executive Office of the Committee for Goods and Materials Subjected to Import & Export Control: https://uaeiec.gov.ae/ar-ae/United-Nations-Securoty/Council-Saction
  2. The customer databases and any information obtained about the potential or current customers shall continually be verified and compared with the names on the penalty list. An updated list shall be maintained in a database of the terrorist persons and organizations on such list.
  3. The Authority shall be immediately notified in the event that funds are frozen so that it shall notify the Executive Office of the Committee for Goods and Materials Subjected to Import & Export Control in accordance with the provisions of the legislations in force.
  4. The Authority shall be notified if it is found that one of the previous customers of the company or any incidental customer which the company dealt with is a person or an organization on the penalty list.
  5. The Authority shall be notified of not taking action as a result of similar names and failing to eliminate such similarity by the available or accessible information.