UAE Central Bank issues new anti-money laundering guidelines

The Central Bank of the UAE (CBUAE) has issued new guidelines on anti-money laundering and combatting the financing of terrorism (AML/CFT) for licensed financial institutions (LFIs), including banks, finance companies, exchange houses and insurance companies, agents and brokers.

The guidelines focus on the use of digital ID mechanisms that LFIs should employ to perform customer due diligence obligations (CDD) on an ongoing basis. The latest guidelines, which come into effect immediately, require LFIs to comply with the central bank’s requirements.

The guidelines specifically discuss identity proofing, enrollment, and authentication mechanisms in relation to LFIs’ use of digital ID systems. LFIs are required to use technology best practices, adequate governance and well-defined policies and procedures.

The financial institutions are required to leverage data generated by authentication (IP addresses for example) for ongoing CDD and transaction monitoring to help detect suspicious customer behaviour and/or transactions in, to, or from sanctioned and high-risk jurisdictions.

LFIs are permitted to rely on customer identification and verification undertaken by a third party at onboarding provided:

• The LFIs obtain all relevant information from the third party
• Take steps to ensure that the third party will provide copies of customer documents and information used for CDD
• Take steps to ensure that the third party complies with the CDD and record-keeping requirements set out in the Cabinet Decision No (10) of 2019 Concerning the Implementing Regulation of Decree-Law No (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations

LFIs are also expected to take adequate measures to address the inherent technology and security challenges presented by digital ID systems. They have to implement and enforce necessary safeguards to reduce identity proofing and enrolment risks, including cyber-attacks, security breaches, and the use of stolen, falsified or synthetic ID details, given the increasing complexity and severity of cyber breaches.

The institutions need to conduct adequate assurance level and appropriateness assessments on the digital ID systems they choose. They are also expected to implement and enforce adequate assurance protocols regarding the accuracy of digital ID systems and can perform assurance reviews directly or obtain audit or assurance certification details from an expert body.

Khaled Mohamed Balama, governor of the CBUAE, said: “The Central Bank is working closely with the LFIs to ensure their full compliance and understanding of the guidance that we issue regularly. This guidance on the use of digital ID for CDD obligations will enhance the AML/CFT framework and will mitigate the potential risks in order to safeguard the UAE’s financial system.”

In December, the CBUAE issued new guidance on AML/CFT for LFIs in the insurance sector, including insurance and re-insurance companies, agents and brokers. The guidelines came into effect on December 22.

Read: Central Bank of UAE issues new guidelines on anti-money laundering for insurance sector