Under Article 16 of the AML-CFT Decision, LFIs must monitor activity by all customers to identify behaviour that is potentially suspicious and that may need to be the subject of a Suspicious Transaction Report (STR), a Suspicious Activity report (SAR) or other report types. When monitoring and evaluating transactions, the LFI should take into account all information that it has collected as part of CDD. In all cases, the appropriate type and degree of monitoring should appropriately match the ML/FT risks of the institution’s customers, products and services, delivery channels, and geographic exposure. For more information, please consult the CBUAE’s Guidance for Licensed Financial Institutions on Transaction Monitoring and Sanctions Screening.

As required by Article 15 of the AML-CFT Law and Article 17 of the AML-CFT Decision, LFIs must file a STR, a SAR or other report types with the UAE FIU when they have reasonable grounds to suspect that a transaction, attempted transaction, or certain funds constitute, in whole or in part, regardless of the amount, the proceeds of crime, is related to a crime, or is intended to be used in a crime. STR filing is not sim ply a legal obligation; it is a critical element of the UAE’s effort to combat financial crime and protect the integrity of its financial system. By filing STRs with the UAE FIU, LFIs alert law enforcement authorities about suspicious behaviour and allow investigators to piece together transactions occurring across multiple LFIs.

As discussed above, in the case of extended, intermediated transaction chains such as those frequently seen in the Payment Sector, each LFI involved is ultimately responsible for monitoring all transactions processed or conducted through the LFI, using the information available to it. Although LFIs cannot outsource their responsibility to report suspicious activity, they can outsource certain aspects of transaction monitoring. In the prepaid card scheme described in section 2.1.7, for example, the bank that offers the prepaid cards may outsource automated transaction monitoring to the program manager, which has more direct insight into individual transactions. The bank in this situation, and any LFI that outsources any elements of transaction monitoring, nevertheless retains ultimate responsibility for identifying and reporting suspicious transactions.