Circling Back to Basics: Anti-Money Laundering Regulations for Designated Non-Financial Businesses and Professions in the UAE
For decades, jurisdictions worldwide have spent significant efforts on combating money laundering and terrorist financing. Most protective frameworks focus on introducing new regulations/obligations to the relevant Anti-Money Laundering (‘AML’) national legislation in a way that aligns with international standards. The leading international standards are the 40 recommendations of the Financial Action Task Force (‘FATF’), an inter-governmental body responsible for setting international best practice in this area by developing and promoting control policies so as to protect the global financial system against illicit flows of funds.
In the last 10 years in particular, there has been significant development of the recommendations and standards established by FATF in response to the threats and activities of the contemporary financial system. Amongst these important developments is the increasing importance of non-financial sectors, also known as gatekeeping industries that play an important role in controlling the flow of funds. A broad range of activities undertaken in non-financial sectors is covered by the recommendations of the FATF, which require the regulation of services provided by sectors termed Designated Non-Financial Businesses and Professions (‘DNFBPs’). Regulations applicable to DNFBPs involve requirements to identify, assess and take preventative actions to mitigate any risks of being involved facilitating the transfer of illicit proceeds for money laundering or terrorist financing purposes.
One of the main requirements that is applicable to both Financial Institutions (‘FIs’) and DNFBPs is the completion of Customer Due Diligence (‘CDD’) when dealing with a new client. This process involves obtaining and verifying specific details, whether they are an individual or legal entity, referred to as Know Your Client (‘KYC’) requirements, as well as some other elements where there is an elevated risk. Additionally, FIs and DNFBPs should maintain a record of all transactions with their Clients and must ensure that the information is readily available in the event that they are subject to an information request from the authorities in the event of an investigation. Where any of these activities are outsourced to a third party service provider, if permitted under the law, third party involvement should be closely monitored by FIs and DNFBPs and any suspicious transactions should be directly reported to the competent authorities.
In parallel with regulatory developments however, criminal actors have also developed their tools for obscuring the flow of funds via non-financial sectors, in order to benefit from the comparatively relaxed restrictions imposed on DNFBPs compared to FIs. This remains an area of ongoing reform however, authorities in many jurisdictions, including the UAE, are continuing their efforts to include DNFBPs within the scope of their national AML frameworks.
Steps Taken by the UAE
The UAE has extended some obligations contained within Federal Decree Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations (‘AML Law’) to apply to DNFBPs in an attempt to prevent the involvement of those sectors in money laundering operations.
Most recently, in March this year the UAE Ministry of Economy issued a circular relating to the AML obligations of DNFBPs (‘Circular’) in an effort to reflect the recommendations of the FATF. The timing of the Circular is significant, as it follows the recently published UAE Mutual Evaluation Report (‘MER’) published by the FATF summarising the results of its on-site evaluation of the UAE’s compliance with the 40 Recommendations.
In the MER, the FATF urged the UAE to take immediate action to address the financial crime risks it faces, which are elevated by its status as a major global financial centre and trading hub. The report highlighted the significant risks resulting from its extensive financial, economic, corporate and trade activities, as a global leader in oil, diamond and gold exports, in addition to its geographic location between high-risk countries and its financial and commercial free zones.
In this context, the obligations outlined in the Circular aim to mitigate the risks of specific sectors being used as conduits for money laundering and terrorist financing operations, in response to points in the MER that highlighted that such activities have involved DNFBPs (in particular the real estate and precious metals’ sectors, the gold and diamond trade sector, corporate service providers as well as accountants and auditors), and that these groups are more likely to be susceptible to money laundering and terrorist financing operations.
What are DNFBPs and Why are they Covered?
DNFBPs are defined in Article 3 of Cabinet Resolution No. 10 of 2019 Concerning the Implementation of the AML Law (‘Implementing Regulations’), encompassing a range of activities and sectors.
The scope of DNFBPs includes certain activities involving the sale and purchase of real estate, dealers in precious metals and precious stones, trust and company service providers, auditors, accounting service providers and lawyers.
Although the above categories fall outside the scope of FIs, their defining similarity is that they all conduct specific financial activities on behalf of their clients that may be used to obscure the ultimate beneficiaries or source of funds behind transactions.
There is general consensus, therefore, that DNFBPs’ practices are exposed to several risk areas relating to money laundering and terrorist financing activities which certainly have negative impacts on the global financial system. Those risks vary according to the money laundering methodology related to such professions, and take different forms depending on the profession itself.
One clear area of risk, for example, is where DNFBPs may be involved in assisting individuals or corporate entities to establish companies that, unbeknownst to the DNFBPs, are intended to be used as a conduit for the proceeds of crime. Another area of risk would be assisting clients in transferring assets/funds, for example, in the purchase of real estate or other precious commodities using illicit funds.
For criminal actors, the sale and purchase of real estate can be an attractive way to conceal ‘dirty’ funds and store large sums of money in a safe investment. Where real estate is purchased through a proxy actor or associate, the ultimate beneficial owner can add an additional layer of concealment to protect their anonymity and their investment should they become the subject of ‘freezing or seizing’ measures as part of criminal proceedings.
Likewise, the purchase of precious metals is another common tool used by criminal networks for converting, transporting and cleaning funds, and lawyers and accountants may be used as intermediaries to transactions in order to conceal the identities of their clients and their involvement in specific transactions. This may take several forms subject to the type of services provided by lawyers and accountants, such as assisting clients in corporate structuring, establishing funds etc. Ultimately, DNFBPs can unwittingly be used in many ways to either conceal the involvement of criminal actors or facilitate a transaction that obscures the criminal nature of funds.
In particular, DNFBPs must be familiar with the risks associated with transferring funds without verifying the identity of the client and/or a legitimate source for those funds. Also, DNFBPs should be well prepared to respond to any suspicious transactions by reporting to the competent authorities and maintaining diligent records of all client-related activity.
What does the Circular Cover?
The main obligation imposed by the Circular on DNFBPs in the UAE is to follow the provisions of the Federal AML Law No. 20 of 2018 and its executive regulations. Particular emphasis is given to reporting any suspicious transactions to the supervisory authorities, as this is one of the main tools at the Government’s disposal to gather financial intelligence, detect illicit activity and take the necessary preventative action. Very limited exception is given to lawyers, notaries, other legal professionals and independent legal auditors where the information related to these operations has been obtained subject to professional confidentiality.
Other obligations applicable to FIs and DNFBPs by virtue of AML Law are as follows:
- identify the crime risks within its scope of activity, whilst continuously assessing, documenting, and updating such an assessment based on the various risk factors established in the Implementing Regulations and maintaining a risk identification and assessment analysis with its supporting data to be provided to the Supervisory Authority upon request;
- take the necessary due diligence measures and procedures and define their scope, taking into account the various risk factors and the results of the National Risk Assessment on money laundering and terrorist financing, and retain the records received during the implementation of this process. The Implementing Regulations specify the cases in which such procedures and measures are applied, and the conditions for deferring the completion of customer or real beneficiary identity verification;
- refrain from opening or conducting any financial or commercial transaction under an anonymous or fictitious name or by pseudonym or number, and maintaining a relationship or providing any services to it;
- develop internal policies, controls and procedures approved by senior management to enable them to manage the risks identified and mitigate them, and to review and update them continuously, and apply this to all subsidiaries and affiliates in which they hold a majority stake;
- promptly apply the directives of the competent authorities for implementing the decisions issued by the UN Security Council under Chapter (7) of United Nations Convention for the Prohibition and Suppression of the Financing of Terrorism and Proliferation of Weapons of Mass Destruction, and other related directives;
- maintain all records, documents, and data for all transactions, whether local or international, and make this information available to the competent authorities promptly, upon request, as stipulated in the Implementing Regulations; and
- follow any other obligations stipulated in the Implementing Regulations.
FIs and DNFBPS that fail to abide with these rules shall be subject to various administrative and financial penalties. These penalties range from warnings to fines between 50,000 dirhams (approximately US$ 13,600) to 5 million dirhams (approximately US$ 1.36 million) for each violation, banning the violator from working in the sector related to the violation for a period determined by the supervisory authority, constraining the powers of the board members or executive managers or owners who are proven to be responsible for the violation including the appointment of temporary inspector. Also, penalties could amount to cancelling the licence of the institution.
In addition to the obligations imposed by the Federal AML Law, the Circular goes one step further and stresses the importance of all the recommendations and standards prescribed by the FATF.
These obligations also include other restrictions and requirements related to the licensing and registration of DNFBPs, establishing internal audit policies and other regular reporting requirements.
In introducing these obligations on DNFBPs, it is evident that the relevant regulatory bodies in the UAE are trying to increase the scope of supervision over financial operations linked to DNFBPs. Whilst these obligations may seem onerous and complex at first, the cost of non-compliance is potentially much higher and guidance is available for DNFBPs that are looking to increase the efficiency and effectiveness of their compliance functions.
What DNFBPs Should Do in Light of the Recent Circular Issued by the UAE Ministry of Economy
As a first step, DNFBPs should assess their internal operations to ensure that they have implemented the full extent of their legal requirements under the UAE’s legislative framework. Keeping in mind the context of specific AML risks that are posed to gatekeeper industries, DNFBPs are an essential part of the system defending against illicit flows of funds, and all entities need to implement appropriate defences against the risks posed to their sectors. As the fundamental operatives of any DNFBP, employees are a central part of this solution, and companies should also take all necessary measures to ensure that all employees are aware of the risks and the relevant response procedures.
Improving the compliance framework and boosting employee awareness are core elements of an effective internal AML system and, in future, DNFBPs can expect the UAE to be much more proactive in supervising these functions. The recent Circular issued by the Ministry of Economy, as the supervisory body of most DNFBPs in the UAE, is indicative of the new, more vigilant tone from the top that has been triggered by the FATF MER report. DNFBPs that were previously outside the scope of regulated entities will need to get to grips with at least the basic elements of effective compliance or face punitive measures by the UAE authorities.
Acrylic on canvas
120 x 100 cm
Curated by Rebia Naim @EmergingScene