1- Financial Institutions and Designated Nonfinancial Businesses and Professions shall:

a) Identify the Crime risks within its scope of work as well as continuously assess, document, and update such assessment based on the various risk factors established in the Executive Regulation of this Decree Law and maintain a risk identification and assessment analysis with its supporting data to be provided to the Supervisory Authority upon request.

b) Take the necessary due diligence measures and procedures and define their scope, taking into account the various risk factors and the results of the national risk assessment and retain the records received during the implementation of this process. The Executive Regulation of the present Decree Law shall specify the cases in which such procedures and measures are applied, and the conditions for deferring the completion of a Customer or a Beneficial Owner identity verification.

c) Refrain from opening or conducting any financial or commercial transaction under an anonymous or fictitious name or by pseudonym or number, and maintaining a relationship or providing any services to it.

d) Develop internal policies, controls and procedures approved by senior management to enable them to manage the risks identified and mitigate them, and to review and update them continuously, and apply this to all subsidiaries and affiliates in which they hold a majority stake; the Executive Regulations of this Decree Law shall specify what should be included in said policies, controls and procedures.

e) Immediate implementation of the directives issued by the Competent Authorities in the State for implementing the resolutions issued by the United Nations Security Council under Chapter (7) of UN Charter for the Prohibition and Suppression of the Financing of Terrorism, and Proliferation of weapons of mass destruction and their financing, and other related directives.

f) Maintain all records, documents, and data for all transactions, whether local or international, and make this information available to the competent authorities promptly upon request, as stipulated in the Executive Regulation of this Decree Law.

g) Any other obligations stipulated in the Executive Regulation of this Decree Law.

2- For the purposes of this Decree Law, the Executive Regulation of this Decree Law shall regulates the following:

a) The obligations of Non-Profit Organisations.

b) Retaining information and records by the registrar, to be provided upon request and taking procedures for access by the public.

c) Retaining information and records by the legal person and legal arrangement, and making it available upon request.

Article (16) bis*

1. Any natural or legal person may not engage in the activities of virtual assets service providers or any of the financial activities without a license, registration or registration, as the case may be, from the competent supervisory authorities.
    
2. For the purposes of this Decree-Law, the Executive Regulations shall regulate the obligations of virtual assets service providers.

_{*Article (16) bis has been added by Federal Decree-Law No. (26) of 2021}.