KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYC-Chain)

KYC to onboard domestic persons

nameaddresspassport

KYC to onboard international persons

nameaddress

corporate requirements

businesses registered in the UAEMemorandum&Articles of Association

National ID card name

بطاقة الهوية

National ID Photo

back of national id photo back

Does the country have Esignature Laws?

U.A.E. Issues Federal Electronic Transactions and Commerce Law

E-sig law files

What year did the relevant AML laws and regulations become effective?

2004

Further details on AML regime

With effect from 2000, the Central Bank of UAE issued the initial AML regulations under Circular 24/2000 (“the regulations”). The DFSA AML Rulebook (“AML Rules”) became effective from 2004 onwards.

Who is the regulator for AML controls for Banking

UAE Central Bank

Link to site

http://www.centralbank.ae/en/index.php?option=com_content&view=article&id=75&Itemid=95

Other financial Services

Dubai Financial Services Authority (DFSA)

Website of Regulator

http://www.dfsa.ae/Pages/DoingBusinesswithDFSA/BeingSupervised/Anti-MoneyLaundering/Anti_MoneyLaundering.aspx

Financial Sector regulator

N/A

Practical Guidance for AML

There is no such practical guidance provided.

Is there a requirement to verify the identity of customers retroactively?

Yes

Retroactive details

An addendum to the UAE Central Bank regulations (“the addendum”) states that where accounts have been opened prior to the year 2000, customer due diligence procedures must be undertaken to ensure that there are no risks in continuing such relationships

Has the country been the subject of FATF mutal evaluation in the last 3 years?

The country had been subject to the mutual evaluation by IMF followed by a discussion with the MENAFATF and FATF in 2008.

PDF of FATF review

TopicList.asp

Are there minimum transaction thresholds (Y/N)

Yes

More details on minimum transaction thresholds.

Yes - payment of cash for transfers and drafts above AED2,000 (USD544) for money changers and AED3,500 (USD 952) for banks, and also for receipt of transfers and drafts above AED40,000 (USD10,884) to be paid in cash or in the form of travellers cheques. A circular issued by the UAE Ministry of Economy and Commerce sets out thresholds for insurance transactions.

What are the requirements for customer identification information for individuals

The standard customer identification information specified in the regulations includes the name, address and place of work. In the case of natural persons, institutions are required to check the applicant's passport and retain a copy, which must be annotated by the account officer as a true copy. Passports are considered a universal and reliable form of verification in the UAE.

Details to be Collected on Corporates

The regulations specify that the institution must take the name and address of the entity and, in the case of a partnership, must record similar information for each of the partners. In addition, it must "obtain all information and documents with regard to juridical persons", but specifies, in particular, the government-issued trade licence required by all businesses registered in the UAE. Institutions have typically interpreted "all documents" to mean the Memorandum and Articles of Association (or equivalent) and any documents that support the legal status of the company to conduct business in the jurisdiction.

What are the high level requirements around beneficial ownership (identification and verification)?

The addendum states that, when opening accounts or remitting money, banks or financial institutions must obtain satisfactory evidence of the identities of the beneficial owners of companies and businesses and clearly understand the ownership and control structure of all legal entities. In addition to the above, the regulations state that, when opening an account for a public shareholding company, a bank must obtain the name and address of the shareholders with holdings of 5% or more. The AML Rules require establishing and verifying the identity of the beneficial owners and obtaining sufficient and satisfactory evidences of their identities. In addition, the AML Rules state that all corporate entities (subject to certain exemptions) should obtain a list of main shareholders holding more than 5% of the issued capital.

What circumstances are enhanced customer due diligence measures required?

The addendum states that enhanced due diligence processes should be applied with respect to high risk customers which includes foreign Politically Exposed Persons ('PEPs'), correspondent banks and specific businesses and individuals dealing in precious metals and stones, real estate, luxury goods, auction houses, private banking customers and non-resident account holders. In addition to the above, the indicators provided in Articles 8 to 14 of the regulations make reference to certain high risk scenarios (e.g. customers from drug producing countries or from countries that do not adequately apply the FATF standards), that should be considered as at higher risk of money laundering. The AML Rules require enhanced due diligence measures for higher risk products, services and customers, such as non face-to-face business relationships or transactions, internet based products, correspondent banking relationships and PEPs. In particular, enhanced due diligence measures are required for customers from higher risk countries, as specified under/by: (1) the FATF findings; (2) the consolidated list of financial sanctions in the European Union Office and HM Treasury (United Kingdom) lists; and/or (3) the Office of Foreign Assets Control (OFAC) of the United States Department of Treasury. Appropriate use must also be made of the United Nations Security Council’s relevant resolutions and sanctions.

How should FI's deal with Politically exposed persons

The addendum requires banks and financial institutions to have systems and controls in place to identify whether a potential or existing customer or a beneficial owner is a foreign PEP. Banks and financial institutions are required to obtain written approval from senior management to open accounts for a foreign PEP. The AML Rules require detailed KYC investigations at the beginning of a relationship and on an ongoing basis where the business relationship involves a PEP and family members or close associates of PEPs. Detailed monitoring and due diligence procedures include analysis of complex structures, appropriate measures for establishing the source of wealth, developing a profile of expected activity, senior management approval and regular oversight of the relationship by the senior management.

What enhanced due diligence must be performed for correspondent banking relationships?

The addendum and the AML Rules require banks, exchange houses and other financial institutions to carry out due diligence measures when entering into a cross-border correspondent banking relationship. In addition, research must be conducted from publicly available information on the correspondent bank's business activities, their reputation and the quality of supervision and whether the institution has been subject to any regulatory action. Senior management written approval is required to be obtained prior to such relationships being established.

Are relationships with banks who might be considered a 'shell' and without substance permitted?

The addendum and the AML Rules strictly prohibit any relationship, directly or indirectly, with institutions that have no physical presence (shell banks and companies).

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

Article 3.1 of the regulations requires institutions to take possession of the passport at the time of opening an account. This is understood by institutions (and reinforced by the UAE Central Bank) to mean that the process must be completed in the presence of the customer and that non-face-to-face account opening is not permitted in any circumstances. Investors in securities can place their orders through a broker by telephone or in person, but the majority of orders are currently placed by telephone. Trading on the Dubai Financial Market (DFM) and Abu Dhabi Securities Market (ADSM) occurs on an electronic trading system, which automatically lists, matches, and executes trades. Securities brokers in the UAE provide investors with direct access to several trading platforms. There are no specific requirements in the AML rules that seek to address the risks posed in this area. The AML Rules require firms to take specific and adequate measures necessary to compensate for the higher risk of money laundering, which might arise from non face-to-face business relationships or transactions such as via email, telephone or internet.

To whom are SAR's made? (suspicious activity reports)

UAE Central Bank and a copy to the DFSA (for entities regulated by the DFSA).

Link to website of SAR reporting

http://www.dfsa.ae/Pages/DoingBusinesswithDFSA/BeingSupervised/Anti-MoneyLaundering/STR.aspx

Other Suspicious or unusual transactions obligations.

Yes, UAE Central Bank and the DFSA stipulate an obligation to report unusual transactions. Fines are imposed in case of non-compliance of these requirements.

Are there any de-minimis thresholds below which transactions do not need to be reported?

AED40,000 (USD10,000)

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

Yes, Article 16 of UAE Federal Law No 4 of 2002 sets out the penalties for failure to report any act related to Money Laundering offence.

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

No. There is no such mandatory requirement for use of automated monitoring technology.

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

In case a transaction is identified as suspicious, the AMLSCU of the UAE Central Bank shall give instructions to the institutions on how to proceed with the transaction. In this case, the customer in question expresses his wish to proceed with the transaction before the institution receives the instruction from the AMLSCU, the institution shall immediately contact the AMLSCU for further instructions.

Does the local legislation allow transactions to be monitored outside the jurisdiction?

There is no specific guidance on monitoring transactions outside UAE. However, Article 21 and 22 of Federal Law No 4 of 2002 issued by the CBUAE permits cooperation with countries with which the UAE has a ratified treaty.

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

N/A

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

N/A

To whom should the report on AML systems be submitted?

N/A

Is an AML system part of the financial statement audit?

N/A

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

N/A

Data Protection Laws And Personal Data

N/A

Data Protection for Corporate Data

N/A

Data protection for "sensitive Data" and additional protections.

N/A

Do any restrictions on the transfer of credit reports exist?

N/A

Regulator Acronym

DFSA

Year of last FATF mutual evaluation

2016

Field 67

no specific regulation in AML

National ID card details

Every person residing in the United Arab Emirates, must have an ID card.

Compulsory?

National ID source

http://www.thenational.ae/news/uae-news/emirates-id-card-renamed-resident-identity-card-for-uae-expats

Passport Photo

Legal Requirement

Requirement to proceed

Yes

requirement to use automated suspicious transaction tools

Who are SARS made to?

UAECB

shell banks

Yes

EDD for correspondent banking

Yes

Minimum transactions

AED 40,000

Min transaction USD

10884

key restrictions

One must obtain the explicit consent of the government when seeking to transact electronically. Transactions relating to marriage, divorce, wills, real estate and negotiable instruments are exempted from the law.

Summary

Yes, the UAE follows the UNCITRAL model law and is similar to the laws of many European Union member states. Electronic signatures have the same status as handwritten signatures. Consent to do business electronically can be inferred from circumstances and does not need to be explicit. Summary of law Article 10(1) states that legal signature requirements may be met with the use of an electronic signature. Article 7(1) states that an electronic communication shall not be denied legal effect or enforceability solely on the ground that it is in electronic form.

Are e-signatures acceptable

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

N/A

Non financial sector (e.g. casinos, high value goods etc.)

N/A

Does the country have a risk based approach?

The UAE authorities do not appear to apply a risk based approach to the application of the preventive measures, and no sectors have been specifically exempted from the provisions under the AML/CFT legislation and regulations. In addition, the UAE Central Bank regulations have not been structured so as to recognise the possibility of a risk-based approach to the implementation of the preventive measures at an institutional level. This is in contrast to the approach adopted by the Dubai Financial Services Authority (DFSA), which applies an overriding principle that institutions should have systems and controls that recognise and mitigate their specific risks. The DFSA requires institutions to apply a risk based approach to customer due diligence and ongoing monitoring of accounts. The guidance within the rules specifies the need to undertake a risk assessment of its customers, and to apply a level of identification and verification that is commensurate with the risk.

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

For individuals, a copy of the passport, and for corporates, a copy of the trade licence, stamped and initialled by the concerned employee as "a true copy of the original" is required. There is no information in the regulations or guidance issued by the CBUAE as to whether copies can be certified by external third parties such as notaries, lawyers and accountants. However, the AML Rules provide guidance for the identification documents to be certified as true copy by the specified authorities such as registered lawyer, notary, chartered accountant, government ministry, post office, police officer, embassy or consulate.

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

N/A

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.

N/A