6.3.1 Customer and Beneficial Owner Identification and Verification of the Identity
Effective from 13/7/2023(AML-CFT Decision Articles 4.2(b), 3(a), 5.1, 8.1, 9, 10, 11.2, 13.1, 14.2)
Grounded on the principles of “Know Your Customer” and risk-based CDD, the identification and verification of the identity of customers is a fundamental component of an effective ML/FT risk management and mitigation programme. In accordance with Cabinet Resolution no. 58 of 2020 regulating the Beneficial Owner Procedures (the UBO Resolution), FIs are obliged to identify customers, including the Beneficial Owners, beneficiaries, and controlling persons, whether permanent or walk-in, and whether a natural or legal person or Legal Arrangement, and to verify their identity using documents, data or information obtained from reliable and independent sources.
The specific requirements concerning the timing, extent, and methods of identifying and verifying the identity of customers and Beneficial Owners depend in part on the type of customer (whether a natural or legal person) and on the level of risk involved (also see Sections 6.4, Enhanced Due Diligence (EDD) Measures, and 6.5, Simplified Due Diligence (SDD) Measures). Thus, the type and nature of the customer (including Beneficial Owners, beneficiaries, and controlling persons) should be considered as risk factors in determining the type of CDD that should be applied, whether standard CDD, EDD or SDD. However, the core components of a customer’s identification generally remain the same in all cases. They are:
| • | Personal data, including details such as the name, passport or identity card number, country of issuance, date issuance and expiry date of the identity card or passport, nationality, date and place of birth (or date and place of establishment or incorporation, in the case of a legal person or arrangement); and |
| • | Principal address, including evidence of the permanent residential address of a natural person, or the registered address of a legal person or arrangement. |
In taking adequate CDD measures, FIs are obliged at a minimum to identify and verify the identity of the customer as specified in the relevant articles of the AML-CFT Decision. In fulfilling these requirements, FIs should use a risk-based approach to determine the internal policies, procedures and controls they implement in relation to the identification and verification of customers (including the Beneficial Owners, beneficiaries, and controlling persons). The CDD policies and procedures that FIs apply should be reasonable and proportionate to the risks involved, and, in formulating them, entities should consider the following guiding principles.
In relation to natural persons:
| • | The verification of a customer’s identity, including their address, should be based on original, official (i.e. government-issued) documents whenever possible. When that is not possible, FIs should augment the number of verifying documents or the amount of information they obtain from different independent sources. In particular, when verifying the UAE ID card, FIs licensed by the Central Bank must use the online validation gateway of the Federal Authority for Identity & Citizenship and keep a copy of the UAE ID and its digital verification.They should also identify the lack of official documents and the use of alternative means of verification as risk factors when assessing the customer’s ML/FT risk classification. | ||||||||
| An example of alternative verification means is verification by way of digital identification systems. Such a digital identification systems should rely upon technology, adequate governance, processes and procedures that provide appropriate levels of confidence that the system produces accurate results. The FATF Guidance on Digital Identity of March 2020 provides further information on how to making a risk-based determination of whether a particular digital ID system provides an appropriate level of reliability and independence. | |||||||||
| • | The identification data should include the name, nationality, date of birth and place of birth, and national identification number of a natural person. | ||||||||
| • | With regard to the identification and verification of the identity of foreign nationals, whether customers or Beneficial Owners, beneficiaries or controlling persons, FIs should take steps to understand and request only those types of identification documents that are legally valid in the relevant jurisdictions. Furthermore, when verifying the identity of foreign nationals associated with high-risk factors, FIs should validate the authenticity of customer identification documents obtained. Some of the methods that FIs may consider in order to do so, commensurate with the nature and size of their businesses, include but are not limited to:
| ||||||||
| • | The types of address verification that may generally be considered acceptable include, but are not limited to, the following categories of documents issued in the name of the customer:
|
In situations where natural persons do not have this documentation in their own name, for instance because they share accommodation or do not (yet) have a permanent or own residence, other evidence of address may be used as long as this evidence gives the FI reasonable confidence. Where the FI has determined that an individual has a valid reason for being unable to produce the usual documentation to verify the address and who would otherwise be excluded from establishing a business relationship with the FI, the address can be verified by other means, provided the FI is satisfied that the method employed adequately verifies the address of the natural person and any additional risk has been appropriately mitigated.
This can for instance be evidence of entitlement to a state or local authority-funded benefit, pension, educational or other grant, or a letter from a reputable employer or school stating the address.
In relation to legal persons and legal arrangements:
| • | In addition to the identifying and verifying the identity of customers, Beneficial Owners, beneficiaries, and controlling persons, FIs should verify the identity of any person legally empowered to act or transact business on behalf of the customer, whether the customer is a legal or natural person. Such persons may include:
| ||||||||
| In the event that a legally empowered representative is also a legal person or Legal Arrangement, the normal CDD procedures for such entities should be applied. | |||||||||
| • | When verifying that a person purporting to act on behalf of a customer is so authorised, the following types of documents may generally be considered to be acceptable:
| ||||||||
| • | As part of their procedures for identifying and verifying the identity of customers, and for authenticating the original documents upon which the verification is based, FIs should include procedures for the certification of the customer identification and address documentation they obtain. Such procedures may encompass certification by employees of the FI (for example, by including the name, title of position, date and signature of the verifying employee(s) on the copies of documents maintained on file), as well as by reputable third parties (for example, by including the name, organization, title of position, date and signature of the verifying person, along with a statement representing that the copy of the document is a “true copy of the original”). In cases where documents are obtained from foreign sources in countries which are members of The Hague Apostille Convention, consideration should be given to requesting documents certified by Apostille seal. | ||||||||
| • | Whenever possible, FIs should incorporate a “four-eyes” principle (review by at least two people) into their procedures with regard to the verification of customer identification documentation and other CDD information, as well as with regard to the entry of the relevant data into their information systems. |