kyc.io - Global Regulations and Requirements for KYC Onboarding

KYC to onboard domestic persons

namepassportdriving license

KYC to onboard international persons

nameaddresspassportidentity carddriving license

corporate requirements

Commercial Registe specimen signature form of the authorized signatories;copies of identification of authorised signatories;Memorandum&Articles of Associationidentification documentation

National ID card name

Omani ID Card

National ID Photo

back of national id photo back

Does the country have Esignature Laws?

Electronic Transactions Law

E-sig law files

What year did the relevant AML laws and regulations become effective?

2002

Further details on AML regime

The first AML law in Oman, the Law of Money Laundering, was issued through Royal Decree No. 34/2002 and published in the Official Gazette No. 716 dated 01 April 2002. The law was notified by the Central Bank of Oman (“CBO”) circular BM 936 dated 07 April 2002. Executive regulations for the law were issued in 2004 through Royal Decree No.72/2004. Royal Decree 79/2010 issued on 28 June 2010 promulgated the Law of Combating Money Laundering and Terrorism Financing. The Executive Regulations of the previous law is still effective until the time the Executive Regulation under the new law will be issued.

Link to site

http://www.fiu.gov.om/

Other financial Services

The Financial Intelligence Unit (“FIU”)

Website of Regulator

N/A

Financial Sector regulator

N/A

Practical Guidance for AML

Practical guidance in the form of the Manual of Suspicious Transaction Reports is available on the website of the FIU - Royal Oman Police (“FIU-ROP”)

Practical guidance PDF's

Is there a requirement to verify the identity of customers retroactively?

No

Retroactive details

No

Has the country been the subject of FATF mutal evaluation in the last 3 years?

The most recent FATF evaluation was conducted in 2011.

PDF of FATF review

mutualevaluationofthesultanateofoman.html

Are there minimum transaction thresholds (Y/N)

Yes

More details on minimum transaction thresholds.

The regulations do not define any such threshold. However, each company/bank, as a matter of policy, has defined its own threshold.

What are the requirements for customer identification information for individuals

For Omani natural persons: a) full name; b) current address; and c) copy of passport or ID or driving license. For non-Omani natural persons: a) full name; b) current address; c) copy of passport; and d) copy of residence permit or labour card for residences.

Details to be Collected on Corporates

Juristic persons: a) copy of a valid commercial registration; b) specimen signature form of the authorized signatories; c) copies of identification of authorised signatories; d) memorandum and Articles of Association; and a) other identification documents as deemed necessary

What are the high level requirements around beneficial ownership (identification and verification)?

The high level requirements for beneficial ownership are similar to those required for any customer.

What circumstances are enhanced customer due diligence measures required?

High risk customers and suspicious transactions require enhanced due diligence.

How should FI's deal with Politically exposed persons

Additional due diligence is always required. PEPs also require approval from senior management.

What enhanced due diligence must be performed for correspondent banking relationships?

An AML questionnaire developed by each bank is sent to the correspondent bank before entering into a relationship. Licenses are requested and efforts are made to ensure they are not shell companies.

Are relationships with banks who might be considered a 'shell' and without substance permitted?

Yes

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

Non face-to-face transactions are avoided in most cases. Enhanced due diligence is always required for such relationships.

To whom are SAR's made? (suspicious activity reports)

SARs are reported directly to FIU-ROP

Link to website of SAR reporting

http://www.fiu.gov.om/

Other Suspicious or unusual transactions obligations.

No, however FIU-ROP can investigate any transaction based on its discretion.

Are there any de-minimis thresholds below which transactions do not need to be reported?

No

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

Article 4 of Anti-Money Laundering and Combating the Financing of Terrorism states that a person shall be guilty of a crime related to money laundering if they do not report or disclose any information or suspicion related to money laundering. The penalty is set out under Article 28, which consists of imprisonment for a term not longer than 3 years and/or a fine not greater than OMR3,000 (approx. USD7,800)

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

Yes. Article 5, paragraph D of the AML regulations require companies to use AML software to monitor all electronic banking transactions, including a set of minimum requirements.

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

No, however, if the competent authority investigates a report from a compliance officer and finds evidence of money laundering or attempted money laundering, then the competent authority shall submit a written application to the Public Prosecution to consider stopping the transaction in accordance with Article 12 of the Law. This measure is regulated under Article 6 of the AML Executive Regulations.

Does the local legislation allow transactions to be monitored outside the jurisdiction?

No

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

No

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

AML is not part of a financial statement audit. Banks are not required to get their AML systems and controls reviewed independently. Accordingly, no such reports are available.

To whom should the report on AML systems be submitted?

AML is not part of a financial statement audit. Banks are not required to get their AML systems and controls reviewed independently. Accordingly, no such reports are available.

Is an AML system part of the financial statement audit?

AML is not part of a financial statement audit. Banks are not required to get their AML systems and controls reviewed independently. Accordingly, no such reports are available.

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

There are no external reports available on AML systems and controls.

Data Protection Laws And Personal Data

There is an Electronic Transactions Law issued under Royal Decree No. (69/2008). There is no clear definition of “personal” or “sensitive” data. The law generally regulates electronic transactions between parties. Article 45 of the Electronic Transactions Law sets out a general guideline on the protection of personal data. Additionally, Article 70 of banking law issued by CBO discusses certain aspects of confidentially required by banks in respect of the information gathered during KYC

Data Protection for Corporate Data

There is an Electronic Transactions Law issued under Royal Decree No. (69/2008). There is no clear definition of “personal” or “sensitive” data. The law generally regulates electronic transactions between parties. Article 45 of the Electronic Transactions Law sets out a general guideline on the protection of personal data. Additionally, Article 70 of banking law issued by CBO discusses certain aspects of confidentially required by banks in respect of the information gathered during KYC

Data protection for "sensitive Data" and additional protections.

There is an Electronic Transactions Law issued under Royal Decree No. (69/2008). There is no clear definition of “personal” or “sensitive” data. The law generally regulates electronic transactions between parties. Article 45 of the Electronic Transactions Law sets out a general guideline on the protection of personal data. Additionally, Article 70 of banking law issued by CBO discusses certain aspects of confidentially required by banks in respect of the information gathered during KYC

Do any restrictions on the transfer of credit reports exist?

The information cannot be shared without prior approval of CBO.

Regulator Acronym

FIU

Year of last FATF mutual evaluation

2016

Field 67

due diligence

National ID card details

An ID card is to be issued for any Omani who is above fifteen (15) years of age.

Compulsory?

Passport Photo

practical Guidance yes / no

Is there a risk based approach

Legal Requirement

No

Requirement to proceed

No

requirement to use automated suspicious transaction tools

Yes

Who are SARS made to?

FIU-ROP

shell banks

Yes

EDD for correspondent banking

Yes

PDF of case law

Personal Data protection

Data Protection for Corporates

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

N/A

Non financial sector (e.g. casinos, high value goods etc.)

Royal Oman Police

Does the country have a risk based approach?

The executive regulations describe transactions that may pose a potential threat for money laundering. These follow a risk based approach by focusing on customers and transactions that pose a larger money laundering threat to financial institutions.

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

There is no compulsory requirement with regard to independent verification.

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

No

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.

The Banking Law of Oman. The law does not allow any customer related information to be shared with anyone without prior approval of CBO