Anti-money Laundering, Counter-terrorist Financing And Sanctions Module (AML)

AML/VER25/05-24

  1. Overview of the DIFC’s AML regime
  2. The DIFC is governed by two separate and complementary regimes in relation to AML regulation, both administered by the DFSA:

a. The Federal regime: Under Article 3 of Federal Law No. 8/2004, the provisions of Federal Decree-Law No. 20/2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations and Federal Law No. 7/2014 on Combating Terrorism Offences and the implementing regulations under those laws apply in the DIFC. The DFSA, as the DIFC’s supervisory authority for Relevant Persons for the purposes of those laws, is obliged to supervise and monitor Relevant Persons for compliance with provisions of the Federal laws and regulations. The DFSA may also impose administrative penalties for breaches of those laws and the implementing regulations. See Article 14 of Federal Decree-Law No. 20/2018Article 44 of Cabinet Decision No. 10/2019, and Article 22 of Cabinet Decision No. 74/2020; and

b. The DIFC regime: Under Article 70(3) of the DIFC Regulatory Law 2004 (the “Regulatory Law”), the DFSA has jurisdiction for the regulation of anti-money laundering in the DIFC relating to Relevant Persons (see para 4 below) and their officers, employees and agents. The DIFC specific regime is contained in Chapter 2 of Part 4 of the Regulatory Law and any DFSA Rules made in connection with anti-money laundering measures, policies and procedures.

  • Note that under Article 71(1) of the Regulatory Law, the DIFC regime requires compliance with the Federal regime. It follows that a failure to comply with a provision of Federal Decree-Law No. 20/2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations or Federal Law No. 7/2014 on Combating Terrorism Offences or the implementing regulations under those laws may also provide evidence of failure to comply with Article 71(1), which may then be addressed under the disciplinary and remedial provisions of the Regulatory Law and DFSA Rules.

Purpose of the AML module

  • 4. The AML module has been designed to provide a single reference point for all persons and entities (collectively called Relevant Persons) referred to in Rule 1.1.2 who are supervised by the DFSA for Anti-Money Laundering (AML), Counter-Terrorist Financing (CTF) and sanctions compliance. Accordingly it applies to Authorised Firms (other than Credit Rating Agencies), Authorised Market Institutions, Designated Non-Financial Businesses and Professions (DNFBPs), and Registered Auditors. The AML module takes into consideration the fact that Relevant Persons have differing AML risk profiles. A Relevant Person should familiarise itself with this module, and assess the extent to which the chapters and sections apply to it.
  • The AML module cannot be read in isolation from other relevant U.A.E. legislation or developments in international policy and best practice and, to the extent applicable, Relevant Persons need to be aware of, and take into account, how these aforementioned matters may impact on the Relevant Person’s day to day operations. This is particularly relevant when considering the list of persons and terrorist organisations issued under Cabinet Decision No. 20 of 2019 and the United Nations Security Council Resolutions (UNSCRs) which apply in the DIFC, and unilateral sanctions imposed by other jurisdictions which may apply to a Relevant Person depending on the Relevant Person’s jurisdiction of origin, its business and/or customer base.

Structure of the AML module

  • Chapter 1 of this module contains an application table which should assist a Relevant Person to navigate through the module and to determine which chapters are applicable to it. Chapter 1 also specifies who is ultimately responsible for a Relevant Person’s compliance with the AML module. The DFSA expects the senior management of a Relevant Person to establish a robust and effective AML/CTF and sanctions compliance culture for the business.
  • Chapter 2 provides an overview of the AML module and chapter 3 sets out the key definitions in the module. Note that not all definitions used in this module are capitalised.
  • Chapter 4 explains the meaning of the risk-based approach (RBA), which should be applied when complying with this module. The RBA requires a risk-based assessment of a Relevant Person’s business (in chapter 5) and its customers (in chapter 6). A risk-based assessment should be a dynamic process involving regular review, and the use of these reviews to establish the appropriate processes to match the levels of risk. No two Relevant Persons will have the same approach, and implementation of the RBA and the AML module permits a Relevant Person to design and implement systems that should be appropriate to their business and customers, with the obvious caveat being that such systems should be reasonable and proportionate in light of the AML risks. The DFSA expects the RBA to determine the breadth and depth of the Customer Due Diligence (CDD) which is undertaken for a particular customer under chapter 7, though the DFSA understands that there is an inevitable overlap between the risk-based assessment of the customer in chapter 6 and CDD in chapter 7. This overlap may occur at the initial stages of customer on-boarding but may also occur when undertaking on-going CDD.
  • Chapter 8 sets out when and how a Relevant Person may rely on a third party to undertake all or some of its CDD obligations. Reliance on a third-party CDD reduces the need to duplicate CDD already performed for a customer. Alternatively, a Relevant Person may outsource some or all of its CDD obligations to a service provider.
  • Chapter 9 sets out certain obligations in relation to correspondent banking, wire transfers and other matters which apply to Authorised Persons, and, in particular, to banks.
  • Chapter 10 sets out a Relevant Person’s obligations in relation to United Nations Security Council resolutions and sanctions, and government, regulatory and international findings (in relation to AML, terrorist financing and the financing of weapons of mass destruction).
  • Chapter 11 sets out the obligation for a Relevant Person to appoint a Money Laundering Reporting Officer (MLRO) and the responsibilities of such a person.
  • Chapter 12 sets out the requirements for AML training and awareness. A Relevant Person should adopt the RBA when complying with chapter 12, so as to make its training and awareness proportionate to the AML risks of the business and the employee role.
  • Chapter 13 contains the obligations applying to all Relevant Persons concerning Suspicious Activity Reports, which are required to be made under Federal Decree-Law No. 20/2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations.
  • Chapter 14 contains the general obligations applying to all Relevant Persons, including Group policies, notifications, record-keeping requirements and the annual AML Return.
  • Chapter 15 sets out specific Rules applying to DNFBPs, including the requirement to register with the DFSA, and Chapter 16 contains certain transitional Rules.

The U.A.E. criminal law

  1. The U.A.E. criminal law applies in the DIFC and, therefore, persons in the DIFC must be aware of their obligations in respect of the criminal law as well as these Rules. Relevant U.A.E. criminal laws include Federal Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations, Federal Law No. 7/2014 on Combating Terrorism Offences and the Penal Code of the U.A.E.
  2. Under Federal AML legislation a Person may be criminally liable for certain conduct, such as:
    1. a. money laundering;
    1. b. financing terrorism;
    1. c. financing illegal organisations;
    1. d. ‘tipping off’;
    1. e. violation of sanctions;
    1. f. failure to declare currency or precious metals brought into or taken out of the U.A.E.
  3. The U.A.E Central Bank has the power under Federal AML legislation to freeze funds or other assets suspected of relating to money laundering, terrorist financing or the financing of illegal organisations. Other Federal authorities also have powers to apply for the freezing or confiscation of funds or other assets that have been used for such purposes.
  4. In a number of places in this module, Guidance cross-refers to specific requirements in Federal AML legislation. Rules or Guidance in this module should not be relied upon to interpret or determine the application of the Federal AML legislation. Relevant Persons should refer to the guidelines issued under the Federal AML legislation to understand their obligations under that legislation.

Financial Action Task Force

  • The Financial Action Task Force (FATF) is an inter-governmental body whose purpose is the development and promotion of international standards to combat money laundering and terrorist financing.
  • The DFSA has had regard to the FATF Recommendations in making these Rules. A Relevant Person may wish to refer to the FATF Recommendations and interpretive notes to assist it in complying with these Rules. However, in the event that a FATF Recommendation or interpretive note conflicts with a Rule in this module, the relevant Rule takes precedence.
  • A Relevant Person may also wish to refer to the FATF typology reports which may assist in identifying new money laundering threats and which provide information on money laundering and terrorist financing methods. The FATF typology reports cover many pertinent topics for Relevant Persons, including corruption, new payment methods, money laundering using trusts and company service providers, and vulnerabilities of free trade zones. These typology reports can be found on the FATF website www.fatf-gafi.org
  • The U.A.E., as a member of the United Nations, is required to comply with sanctions issued and passed by the United Nations Security Council (UNSC). These UNSC obligations apply in the DIFC and their importance is emphasised by specific obligations contained in this module requiring Relevant Persons to establish and maintain effective systems and controls to comply with UNSC sanctions and resolutions (See chapter 10).
  • The FATF has issued guidance on a number of specific UNSC sanctions and resolutions regarding the countering of the proliferation of weapons of mass destruction. Such guidance has been issued to assist in implementing the targeted financial sanctions and activity based financial prohibitions. This guidance can be found on the FATF website www.fatf-gafi.org
  • In relation to unilateral sanctions imposed in specific jurisdictions such as the European Union, the U.K. (HM Treasury) and the U.S. (Office of Foreign Assets Control), the DFSA expects a Relevant Person to consider and take positive steps to ensure compliance where required or appropriate.

Tax Issues and Exchange of Information for Tax purposes

  • The DIFC benefits from an international customer base with a growing number of customers who may be investing with financial institutions outside their country of residence. These factors create a risk of the services of Relevant Persons being used to hide assets which are subject to taxation, or to launder the unlawful proceeds of tax crimes.
  • The DFSA is committed to protecting the DIFC from being used to facilitate tax crimes and believes that strong AML policies, procedures, systems and controls, including robust customer due diligence requirements, are needed to mitigate the risk of tax crimes.
  • Such measures will also ensure that a Relevant Person is able to comply with other international obligations such as the OECD Automatic Exchange of Information for Tax Purposes Programme and FATF Recommendations, which were updated in 2012 to expand the scope of money laundering predicate offences to include tax crimes (related to direct and indirect taxes).
  • A Relevant Person should therefore establish and maintain appropriate policies, procedures, systems and controls to enable it to detect and deter the laundering of proceeds of tax crimes. For example, as part of its risk-based approach under chapter 4, it should consider its tax risk exposure as a result of the nature of its business, customers, products, services and other relevant factors. It should also conduct appropriate customer due diligence to identify customers who may be subject to tax crime risk (see also the Guidance after Rule 6.1.4).

Virtual Asset Service Providers

  • Federal Cabinet Decision No. 10/2019 applies the requirements under Federal AML legislation to Virtual Asset Service Providers (VASPs), in addition to Financial Institutions and DNFBPs. The DFSA’s AML regime applies in addition to the Federal AML legislation. For the purposes of the DFSA’s AML regime, VASPs will typically be Authorised Firms or Authorised Market Institutions.

NFTs and Utility Tokens The DFSA excludes a Non-Fungible Token (NFT) and a Utility Token from its Crypto Token definition where such a Token meets specified criteria (see GEN A2.5). The DFSA has, however, prescribed in AML Rule 3.2.1 that a person who carries on the business or profession of issuing or providing services related to a NFT or Utility Token is a DNFBP. An exclusion applies, in the case of an issuer, if the value of each NFT or Utility Token issued is less than $15,000 and, in the case of a service provider, if the service is IT support or advice to an issuer.

Tags

What do you think?

Related Articles