Following the enactment of a new anti-money laundering law in late 2018, on 28 January 2019 the UAE issued Cabinet Resolution No. 10 of 2019, which contains the provisions necessary for implementing the AML Law.

The AML Resolution introduces a number of significant enhancements to the UAE AML regime including:

(a) the introduction of the “risk-based approach” to AML regulation, whereby FIs and DNFBPs are required to assess a client’s money laundering risk (“ML risk“), assign an ML risk level to each client, and carry on the prescribed client due diligence (“CDD“) in accordance with the ML risk each client presents;  

(b) new CDD measures have been implemented as follows: – CDD must be performed at the start of the business relationship for all transactions in excess of AED 55,000, or wire transfers in excess of AED 3,500; – enhanced CDD is required for clients who present a high ML risk (incl. foreign PEPs); – simplified CDD may be performed for clients who present a low ML risk; – CDD may be outsourced to third parties, or to another group member; – the ability to defer carrying on CDD under certain circumstances; – the requirement to identify the ultimate beneficial owner of a client, defined as the person who holds (jointly or separately) a controlling interest of 25% or more in a client; and – exemption from identifying the beneficial owner(s) and shareholders when the client is a listed company or a majority-owned subsidiary of a holding company.  

(c) politically exposed persons now include UAE nationals (“local PEPs“). Local PEPs would be subject to additional scrutiny, but only if they present a high ML risk, so  they are not automatically considered high ML risk clients;  

(d) international wire transfers in excess of AED 3,500 require the provision of certain information which allow the traceability of such transfers. Domestic wire transfers are subject to a lighter set of requirements (there is no threshold);  

(e) correspondent banking relationships are now subject to a degree of due diligence by the FIs to whom the AML resolution applies;  

(f) the ML risk for new products and services (e.g., using new technologies or business practices) must be assessed before they are made available to the public, and appropriate ML risk mitigating measures must be put in place;  

(g) companies established in the UAE are required to maintain all the information which would be required as part of the CDD process, and make this information available to the relevant registrar (e.g., the Department of Economic Development in the relevant emirate);  

(h) “financial activities” which are carried on by FIs are listed in the AML Resolution, with the possibility for UAE regulators to expand the list of activities;  

(i) every natural or legal person is required to comply with the regulations issued by the relevant UAE authority to implement the United Nations Security Council Resolutions (the “UNSCRs“) on sanctions; and  

(j) submitting suspicious transaction reports to Financial Information Unit (the “FIU“) is required to be done electronically, and the FIU will publish an annual summary of its AML activities.  

While most of the AML Resolution requirements apply to FIs and DNFBPs, the scope of application has been expanded to include (among others):

(a) companies established in the UAE, which must now maintain records to be used for CDD purposes;

(b) providers of “Money or Value Transfer Services” (“MVTS“) established in the UAE, which are now required to be licensed by the relevant UAE authority, and must comply with the AML resolution. In the absence of a definition under the AML resolution, the FATF guidance on MVTS defines these as: “financial services that involve the acceptance of cash, cheques, other monetary instruments or other stores of value and the payment of a corresponding sum in cash or other form to a beneficiary by means of a communication, message, transfer, or through a clearing network to which the MVTS provider belongs“; and

(c) every company in the UAE, which must now comply with the UAE authorities’ instructions in relation to the implementation of UNSCRs on sanctions.

Companies should first determine whether the AML resolution applies to them, and if it does, determine the extent of its application.

Companies to whom the AML resolution does apply would be best advised to:

(a) carry out a gap analysis to determine the degree of compliance of their existing compliance and AML policies with the detailed requirements introduced under the AML Resolution;

(b) consider updating their business processes and practices, policies and procedures (e.g., client take-on, processing of payments) in light of the new requirements; and

(c) ensure that the CDD information they hold on existing clients satisfies the new requirements of the AML Resolution (note that the AML resolution does not provide for a grace period).

Finally, given the AML Resolution’s alignment with the FATF recommendations, we encourage the legal and compliance functions to familiarize themselves with the AML guidance published by the FATF.