AML / CFT

FATF is an inter-governmental body that sets international AML/CFT standards. As a policy-making body, FATF evaluates whether countries’ AML/CFT regimes are sufficient for properly preventing financial crime. Where there are deficiencies cited, FATF may make recommendations to improve a country’s laws and policies, as well as even recommend that the certain restrictions are imposed until the country’s laws and regulations, and more importantly, the implementation of them, meet the appropriate standards and are evaluated as effective.

A designated non-financial business and profession (DNFBP) is a type of business that doesn’t necessarily engage in traditional financial services activities, but that requires additional supervision by a financial services regulator such as the DFSA.

The following definitions are pertinent to AML/CFT risk evaluation:

Regarding Ownership and Control Structures:

Ultimate Beneficial Owner (UBO): this is defined in Regulation 3.1.1 of the DIFC UBO Regulations enacted in November 2018 as:

… a natural person (other than a person acting solely in the capacity of a professional adviser or professional manager) who:

-- in relation to a company, owns or controls (directly or indirectly):

-- Shares or other Ownership Interests in the Registered Person of at least the Relevant Percentage;

-- voting rights in the Registered Person of at least the Relevant Percentage; or

-- the right to appoint or remove the majority of the Directors of the Registered Person;

-- in relation to a partnership, has the legal right to exercise, or actually exercises, significant control or influence over the activities of the partnership; or

-- in relation to a foundation or a Non Profit Incorporated Organisation, has the legal right to exercise, or actually exercises, significant control or influence over the activities of the Governing Body, person or other arrangement administering the property or carrying out the objects of the foundation or the Non Profit Incorporated Organisation.

Regulation 3.1.2 clarifies that beneficial ownership may be traced through any number of persons or arrangements of any description.

Guidance is available to help identify UBOs at this link. Guidance regarding any exemptions to application of the UBO regulations is available at this link.

Affiliate: An organization or body corporate which is directly or indirectly controlled by, or in control of or under common control with the proposed entity.

Address: refers to residential address and, if different, an address for service of notices under the applicable regulations of the entity / Relevant Person or any individual involved with to the entity / Relevant Person

Personal investment vehicles: an investment entity such as a company or a fund that has not been established through securing capital using a traditional method, i.e., retail investors or the general public

Nominee directors: a director appointed to the board of a company to represent the interests of the appointer rather than the company itself, resulting often in at least one or more conflicts of interests.

Bearer shareholders: a person (legal or natural) that is presumed to wholly owns Shares by virtue of physically bearing or holding the Share or stock certificates

Complex control structures: business structures that do not clearly demonstrate ownership, financial or legal control, often comprised of multiple layers of corporate governance arrangements in virtual or offshore locations.

Trust: a right, enforceable solely in equity, to the beneficial enjoyment of property to which another person holds the legal title and includes a charitable trust, a purpose trust and a foreign trust

Multiple layered entities in various jurisdictions: see complex control structures

Shell/ brass plate companies: a company which serves as a vehicle for business transactions without having any significant assets or operations. Shell corporations are not necessarily illegal, but they can play a role in financial crime if they are used to obfuscate the governance and control structure of a business entity.

Other UAE free zone entities: any other free zone within the UAE, i.e., ADGM, DMCC, DCCA, JAFZA, etc.

A start-up entity: a company that is in the first stage of its operations, normally initially funded by investors while developing a potentially in-demand product or service.

Charities: an institution which is established for charitable purposes only, and is subject to laws with respect to charities.

Regarding Business Activities

Precious metals: metals or materials considered to be rare and/or have a high economic value and may be used in transactions in exchange for high cash value

Non-regulated online trading platforms: online applications or services that all for business transactions in an unregulated environment, i.e., no specific law applies to the transaction such that specific requirements or direct criminal liability may be imposed.

Non-regulated cryptocurrency or coin offerings: use of virtual or “cryptocurrency” for exchanges of value that are transacted in an unregulated environment, i.e., there is no specific regulatory authority in place to enforce an applicable law and / or no specific law applies to the transaction such that specific requirements or direct criminal liability may be imposed.

Non-regulated advisory or corporate services to private wealth or SFOs: financial or other corporate services provided in an unregulated environment, i.e., there is no specific regulatory authority in place to enforce an applicable law and / or no specific law applies to the transaction such that specific requirements or direct criminal liability may be imposed

Business in other UAE free zones: business conducted in other UAE free zones

Cash intensive businesses (i.e. receiving cash in excess of $15,000 frequently) – a business entity that is established by or deals excessively in large amounts of cash transactions on a frequent basis.

Governance and Controls

Politically Exposed Person (PEP): A politically exposed person (PEP) is an individual who is or has been entrusted with a prominent public function. Due to their position and influence, it is recognized that many PEPs are in positions that potentially can be abused for the purpose of committing money laundering (ML) offences and related predicate offences, including corruption and bribery, as well as conducting activity related to terrorist financing (TF). This risk also extends to members of their families and to close associates.

Source / Origin of Funds (guidance only): Source / origin of funds or income refers to the origin of the particular funds or assets which are the subject of the business relationship between the applicant and its (potential) clients, vendors or other third parties. In order to ascertain this element of a business’ profile, the information obtained should be substantive, relevant and able to establish the fund’s origin and the method/circumstances under which the funds were acquired. This should not simply be restricted to knowing from which bank or financial institution the funds may have been received. Any information should provide an indication as to the volume of wealth the applicant would reasonably be expected to have, and provide a picture of how it was acquired. It is important to get a good sense of whether the funds or income is obtained legally, if the applicant itself can easily identify the sources of income, whether large sums of cash are part of the daily transactions of the business, or whether any other red flags may come to light in the applicant’s responses.

The CBUAE established a dedicated department in August 2020 to handle all Anti-Money Laundering and Combatting the Financing of Terrorism matters (AML/CFT), which the Banking Supervision Department handled previously. Please review the detailed information about the Central Bank’s work to prevent financial crime on its AML / CFT website.

DIFC utilizes both the Basel AML Index and the Transparency International Corruption Index to determine country risk where entities are doing business with clients, suppliers, and for distribution channels.

There are at times issues where AML / CFT obligations mean sharing Personal Data and often Special Category data such as criminal history. The DIFC DP Law 2020 aims to protect and enable processing of Personal Data in an ethical, minimized and purpose-specific way, but where other laws take precedent, i.e., for the prevention of crime of to fulfil a substantial public interest, certain data must be shared with the relevant authorities. Article 28 of the DP Law 2020 in particular aims to encourage the receiving authorities to handle Personal Data in the same or substantially the same way as in would be handled in the DIFC under the protection of the DIFC DP Law.

Please review the DIFC Data Protection Commissioner’s guidance on individual access rights, what you may request of an entity processing your data, and whether there are any limitations on providing access to it or restricting processing of it. If for example it is being processed by a public authority for prevention of financial crime, your rights to access or know about what or whether they are processing it may be limited, sometimes quite heavily.

DIFC Authority and Dubai Financial Services Authority play an active leadership role reduce the risks of money laundering, the financing of terrorism, proliferation, and to uphold the highest global standards. Explore the report on the DIFC’s Financial Crime Prevention Programme (2021), prepared jointly by the DFSA and DIFC Authority, to learn how DIFC is helping to safeguard the integrity of the international financial system.

In order to implement the many new sanctions from around the world recently imposed on Russia, Belarus, and specific individuals, DIFC entities (both existing and under formation) may receive additional queries and information requests in both the application process and the monitoring and inspection process.

Please note that the recent FATF action to increase monitoring of various countries is being implemented in the DIFC to support better financial crime prevention controls within government and private companies. As such, additional queries and information requests may be made of DIFC entities or prospective entities during both the application process and the monitoring and inspection process.