AML and Financial Crime (Non-Financial Services)
Financial crime such as money laundering and funding of criminal activities such as terrorism, trafficking and fraud, can take place through non-financial services entities. While the Dubai Financial Services Authority regulates entities that may have more common exposure to or propensity for financial crime, the DIFC Registrar of Companies (ROC) also is responsible for preventing financial crime happening through retail entities and other business types, including holding and prescribed companies. Taking such measures is known as anti-money laundering and countering / combatting financing of terrorism (AML/CFT).
To achieve this task, each business formation application is risk-assessed based on several factors and a methodology that considers who is funding the proposed DIFC entity, where they do business, their business activities and other relevant information.
The ROC has prepared a list of FAQs to help understand the main AML / CFT concerns that your company will need to be aware of in order to comply with applicable AML laws and regulations, and operate in an ethical, fair way.
What AML regulations apply in the DIFC?
Federal Decree No. (20) of 2018 on Anti-Money Laundering and Countering the Financing of Terrorism is applicable to all operations everywhere in the UAE. Any company register in the DIFC must be aware of the UAE AML Laws and comply to the extent that they apply.
Where can I find more information about the UAE AML Laws?
Please check the Ministry of Justice website regarding Laws and Legislation, Anti-Money Laundering and Terrorist Financing section. Guidance is available regarding the designated non-financial business and profession (DNFBP) category of businesses as well, to help you understand whether your entity’s activities are meant to be regulated by the DFSA as well.
What is the Financial Action Task Force or FATF?
FATF is an inter-governmental body that sets international AML/CFT standards. As a policy-making body, FATF evaluates whether countries’ AML/CFT regimes are sufficient for properly preventing financial crime. Where there are deficiencies cited, FATF may make recommendations to improve a country’s laws and policies, as well as even recommend that the certain restrictions are imposed until the country’s laws and regulations, and more importantly, the implementation of them, meet the appropriate standards and are evaluated as effective.
What is a DNFPB?
A designated non-financial business and profession (DNFBP) is a type of business that doesn’t necessarily engage in traditional financial services activities, but that requires additional supervision by a financial services regulator such as the DFSA.
What are the primary AML/CFT topics and definitions that I should know about when starting a non-financial services business in the DIFC?
The following definitions are pertinent to AML/CFT risk evaluation:
Regarding Ownership and Control Structures:
Ultimate Beneficial Owner (UBO): this is defined in Regulation 3.1.1 of the DIFC UBO Regulations enacted in November 2018 as:
… a natural person (other than a person acting solely in the capacity of a professional adviser or professional manager) who:
-- in relation to a company, owns or controls (directly or indirectly):
-- Shares or other Ownership Interests in the Registered Person of at least the Relevant Percentage;
-- voting rights in the Registered Person of at least the Relevant Percentage; or
-- the right to appoint or remove the majority of the Directors of the Registered Person;
-- in relation to a partnership, has the legal right to exercise, or actually exercises, significant control or influence over the activities of the partnership; or
-- in relation to a foundation or a Non Profit Incorporated Organisation, has the legal right to exercise, or actually exercises, significant control or influence over the activities of the Governing Body, person or other arrangement administering the property or carrying out the objects of the foundation or the Non Profit Incorporated Organisation.
Regulation 3.1.2 clarifies that beneficial ownership may be traced through any number of persons or arrangements of any description.
Affiliate: An organization or body corporate which is directly or indirectly controlled by, or in control of or under common control with the proposed entity.
Address: refers to residential address and, if different, an address for service of notices under the applicable regulations of the entity / Relevant Person or any individual involved with to the entity / Relevant Person
Personal investment vehicles: an investment entity such as a company or a fund that has not been established through securing capital using a traditional method, i.e., retail investors or the general public
Nominee directors: a director appointed to the board of a company to represent the interests of the appointer rather than the company itself, resulting often in at least one or more conflicts of interests.
Bearer shareholders: a person (legal or natural) that is presumed to wholly owns Shares by virtue of physically bearing or holding the Share or stock certificates
Complex control structures: business structures that do not clearly demonstrate ownership, financial or legal control, often comprised of multiple layers of corporate governance arrangements in virtual or offshore locations.
Trust: a right, enforceable solely in equity, to the beneficial enjoyment of property to which another person holds the legal title and includes a charitable trust, a purpose trust and a foreign trust
Multiple layered entities in various jurisdictions: see complex control structures
Shell/ brass plate companies: a company which serves as a vehicle for business transactions without having any significant assets or operations. Shell corporations are not necessarily illegal, but they can play a role in financial crime if they are used to obfuscate the governance and control structure of a business entity.
Other UAE free zone entities: any other free zone within the UAE, i.e., ADGM, DMCC, DCCA, JAFZA, etc.
A start-up entity: a company that is in the first stage of its operations, normally initially funded by investors while developing a potentially in-demand product or service.
Charities: an institution which is established for charitable purposes only, and is subject to laws with respect to charities.
Regarding Business Activities
Precious metals: metals or materials considered to be rare and/or have a high economic value and may be used in transactions in exchange for high cash value
Non-regulated online trading platforms: online applications or services that all for business transactions in an unregulated environment, i.e., no specific law applies to the transaction such that specific requirements or direct criminal liability may be imposed.
Non-regulated cryptocurrency or coin offerings: use of virtual or “cryptocurrency” for exchanges of value that are transacted in an unregulated environment, i.e., there is no specific regulatory authority in place to enforce an applicable law and / or no specific law applies to the transaction such that specific requirements or direct criminal liability may be imposed.
Non-regulated advisory or corporate services to private wealth or SFOs: financial or other corporate services provided in an unregulated environment, i.e., there is no specific regulatory authority in place to enforce an applicable law and / or no specific law applies to the transaction such that specific requirements or direct criminal liability may be imposed
Business in other UAE free zones: business conducted in other UAE free zones
Cash intensive businesses (i.e. receiving cash in excess of $15,000 frequently) – a business entity that is established by or deals excessively in large amounts of cash transactions on a frequent basis.
Governance and Controls
Politically Exposed Person (PEP): A politically exposed person (PEP) is an individual who is or has been entrusted with a prominent public function. Due to their position and influence, it is recognized that many PEPs are in positions that potentially can be abused for the purpose of committing money laundering (ML) offences and related predicate offences, including corruption and bribery, as well as conducting activity related to terrorist financing (TF). This risk also extends to members of their families and to close associates.
Source / Origin of Funds (guidance only): Source / origin of funds or income refers to the origin of the particular funds or assets which are the subject of the business relationship between the applicant and its (potential) clients, vendors or other third parties. In order to ascertain this element of a business’ profile, the information obtained should be substantive, relevant and able to establish the fund’s origin and the method/circumstances under which the funds were acquired. This should not simply be restricted to knowing from which bank or financial institution the funds may have been received. Any information should provide an indication as to the volume of wealth the applicant would reasonably be expected to have, and provide a picture of how it was acquired. It is important to get a good sense of whether the funds or income is obtained legally, if the applicant itself can easily identify the sources of income, whether large sums of cash are part of the daily transactions of the business, or whether any other red flags may come to light in the applicant’s responses.
What is the UAE Central Bank’s role in AML / CFT and financial crime prevention?
The CBUAE established a dedicated department in August 2020 to handle all Anti-Money Laundering and Combatting the Financing of Terrorism matters (AML/CFT), which the Banking Supervision Department handled previously. Please review the detailed information about the Central Bank’s work to prevent financial crime on its AML / CFT website.
How do we know which countries are considered high risk for corruption?
Is there a conflict between AML and Data Protection Laws?
There are at times issues where AML / CFT obligations mean sharing Personal Data and often Special Category data such as criminal history. The DIFC DP Law 2020 aims to protect and enable processing of Personal Data in an ethical, minimized and purpose-specific way, but where other laws take precedent, i.e., for the prevention of crime of to fulfil a substantial public interest, certain data must be shared with the relevant authorities. Article 28 of the DP Law 2020 in particular aims to encourage the receiving authorities to handle Personal Data in the same or substantially the same way as in would be handled in the DIFC under the protection of the DIFC DP Law.
What are my data protection rights when my personal data is being shared for risk assessment?
Please review the DIFC Data Protection Commissioner’s guidance on individual access rights, what you may request of an entity processing your data, and whether there are any limitations on providing access to it or restricting processing of it. If for example it is being processed by a public authority for prevention of financial crime, your rights to access or know about what or whether they are processing it may be limited, sometimes quite heavily.
Where can I read about the DIFC and DFSA financial crime prevention programme?
DIFC Authority and Dubai Financial Services Authority play an active leadership role reduce the risks of money laundering, the financing of terrorism, proliferation, and to uphold the highest global standards. Explore the report on the DIFC’s Financial Crime Prevention Programme (2021), prepared jointly by the DFSA and DIFC Authority, to learn how DIFC is helping to safeguard the integrity of the international financial system.
What is the DIFC doing to implement recently imposed sanctions against Russia and Belarus, and certain individuals from these countries??
In order to implement the many new sanctions from around the world recently imposed on Russia, Belarus, and specific individuals, DIFC entities (both existing and under formation) may receive additional queries and information requests in both the application process and the monitoring and inspection process.
What is the impact on DIFC regarding the FATF greylisting decision?
Please note that the recent FATF action to increase monitoring of various countries is being implemented in the DIFC to support better financial crime prevention controls within government and private companies. As such, additional queries and information requests may be made of DIFC entities or prospective entities during both the application process and the monitoring and inspection process.