AML and KYC Regulations
in the UAE
in the UAE
A Guide for Businesses
The UAE is a leading hub for international trade and finance. It is home to busy airports, international companies, and a large expatriate population, making it a vital player in the global economy. With several free trade zones that attract big businesses, the UAE also has a responsibility to counter the risks of money laundering and terrorist financing. That's why the country has strengthened its AML regulations, including updated Guidelines for Financial Institutions and the establishment of a Specialized Money Laundering Court. Businesses operating in the UAE must comply with these regulations and we at Finely.Pro have created a guide to assist in the compliance process.
The UAE also works closely with the FATF to protect the integrity of the global financial system. Starting a new business in Dubai offers many benefits, such as a growing economy, tax exemptions, simple business setup procedures, and political stability, but entrepreneurs must also comply with the UAE's strict AML/KYC laws and regulations.
Recent Recommendations by UAE PPP Sub-committee
The UAE has put forward a plan to tackle money laundering and terrorism financing, according to the National News. The proposal, which was presented by the national committee, calls for the sharing of strategic information and intelligence between the public and private sectors to combat these threats.
In its first draft report, the UAE’s Public-Private Partnership Sub-Committee (PPPSC) suggested setting up strict confidentiality and data protection measures for this information sharing. The report also proposed the creation of a secure digital platform for intelligence sharing to better understand illicit money flows.
The PPPSC will monitor the progress of relevant task forces and working groups, and establish key performance indicators to ensure the collaboration between the public and private sectors continues to expand.
The UAE has made significant strides in its efforts to combat financial crime in recent years, and these recommendations are part of its continued efforts to align with international standards and the global AML/CFT agenda. The PPPSC is committed to developing new tools in the fight against money laundering, terrorism financing, and proliferation financing in the coming months.
Who Must Comply with UAE AML/KYC Laws
All companies operating within the UAE, whether domestic or international, must comply with anti-money laundering and counter financing of terrorism (AML-CFT) legislation. These companies are divided into three categories: designated non-financial businesses and professionals, financial institutions, and non-profit organizations.
Designated Non-Financial Businesses and Professions:
Similar to financial institutions, non-financial businesses and professions (DNFBPs) carry out financial transactions for their clients. Examples of DNFBPs include real estate agents and brokers who deal in precious metals and stones for transactions over AED 55,000, lawyers, notaries, and independent accountants who perform financial transactions for clients, providers of corporate services and trusts who carry out transactions for clients, and other professions as specified by a Ministerial decision. The regulations only apply to lawyers and corporate service providers who work on behalf of clients, such as legal professionals who handle client-owned funds.
Financial Institutions:
Financial institutions (FIs) must comply with the legislation if they engage in any financial activities or operations for a customer. This includes receiving public deposits and other funds, including Sharia Law-compliant deposits, providing private banking, cash brokerage, and various types of credit facilities, offering currency exchange, money transfer services, and digital cash payments, issuing and managing payment methods and obligations, investing in or managing funds and financial instruments, participating in securities issuances and providing financial services, and managing and saving various types of funds and portfolios. This list is not exhaustive and regulatory authorities may add more activities or financial transactions.
Non-Profit Organizations:
Non-profit organizations (NPOs) are defined as any ongoing group established temporarily or permanently, made up of individuals or legal entities or not-for-profit legal arrangements. In comparison to financial institutions and DNFBPs, NPOs have very limited legal obligations.
UAE AML/KYC Regulation Authority
In August 2020, the Central Bank of the UAE created a special department to oversee Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) regulations, which was previously managed by the Banking Supervision Department.
The Anti-Money Laundering and Combating the Financing of Terrorism Supervision Department (AMLD) is tasked with three main responsibilities:
The AMLD works in partnership with the UAE’s National AML/CFT Committee and the Examination Division of the Banking Supervision Department, and serves as a liaison between the CBUAE and local stakeholders.
The government website reports that in December 2020, the UAE Cabinet approved the formation of the Executive Office of Anti-Money Laundering and Countering Terrorist Financing to meet international standards in the sector and facilitate cooperation between the UAE and organizations dedicated to combating money laundering and terrorism financing.
In addition to the AMLD, other entities are involved in AML/CFT activities, such as the Securities and Commodities Authority and organizations operating within specific economic zones like the Dubai International Financial Center, as well as local and federal supervisory and enforcement authorities.
Key AML/KYC Regulations in the UAE
The UAE has multiple laws regarding Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) activities. The most significant laws include Federal Decree-Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations (AML-CFT Law) and the Cabinet Decision No. (10) of 2019 on the Implementation Regulation of Decree-Law No. (20) of 2018.
According to the AML-CFT Law, an individual engages in illegal activities if they knowingly participate in the following crimes:
The UAE government has produced guidelines for FIs and DNFBPs to provide a clearer understanding of all regulations.
Maintaining Compliance in the UAE
To comply with regulations, companies must monitor customer transactions, provide accurate information, and report any suspicious activities. The following explains the key requirements, reporting procedure, and consequences in detail.
Customer Due Diligence Requirements
Financial Institutions (FIs) and Designated Non-Financial Businesses and Professions (DNFBPs) must conduct appropriate risk-based Customer Due Diligence (CDD) measures. This includes understanding the customer's business and the reason for the transaction in certain cases specified in Article 6 of the Anti-Money Laundering and Combating the Financing of Terrorism (AML-CFT) Decision. These cases may include:
Simplified and Enhanced Due Diligence
FIs can apply Simplified Customer Due Diligence measures (SDD) for low-risk customers, which may include:
There's also Enhanced Due Diligence (EDD) measures, which requires more stringent CDD measures for high-risk customers.
Suspicious Activity Reporting
FIs must report any suspicious activities related to Money Laundering (ML) and Terrorist Financing (FT) operations without delay to the Financial Intelligence Unit (FIU). No minimum reporting threshold or statute of limitations applies to ML/FT crimes or suspicious transaction reporting. The designated Competent Authority for reporting suspicious transactions is the FIU, regardless of whether the FI operates in mainland UAE or a Financial or Commercial Free Zone. Reporting should be done through the GoAML portal, and all related companies must be registered on the portal. A comprehensive guide for registration can be accessed here.
Data Retention Requirements
Financial transaction records and CDD records must be kept for at least five years from the latest of the following events:
Know Your Customer
Businesses are obliged to comply with Know Your Customer (KYC) regulations while interacting with their clients. KYC is a method of identifying and verifying customers, which requires businesses to gather different types of documents from both individuals and companies.
For individual customers, businesses must acquire:
For companies:
Consequences
Failure to report suspicious activities by financial institutions may result in imprisonment and fines between AED 100,000 (approx. $27,200) and AED 1,000,000 (approx. $272,000) for the managers or employees. Companies that violate other AML/CFT regulations may face imprisonment or fines ranging from AED 10,000 (approx. $2,720) to AED 100,000 (approx. $27,200). For non-financial businesses and professions, fines vary between AED 50,000 and AED 200,000.
In 2021, the CBUAE imposed financial sanctions on 11 UAE banks for non-compliance with AML/CFT regulations.
Recent Advances
The UAE is continuously working to enhance its Anti-Money Laundering and Counter-Terrorist Financing (AML/CFT) measures by introducing new regulations and updating existing ones. In 2021, the country updated its Guidelines and now requires businesses to implement internal processes to detect suspicious transactions with banks and exchange houses.
To further enforce AML/CFT compliance, the UAE has established new regulatory bodies, including the Executive Office of Anti-Money Laundering and Countering the Financing of Terrorism and Dubai's Specialized Anti-Money Laundering Court.
It's evident that the UAE will continue to introduce new measures to reduce money laundering, terrorist financing, and other illicit activities in the country. Hence, it's crucial for businesses of all types to stay updated and comply with all relevant regulations.
The UAE also works closely with the FATF to protect the integrity of the global financial system. Starting a new business in Dubai offers many benefits, such as a growing economy, tax exemptions, simple business setup procedures, and political stability, but entrepreneurs must also comply with the UAE's strict AML/KYC laws and regulations.
Recent Recommendations by UAE PPP Sub-committee
The UAE has put forward a plan to tackle money laundering and terrorism financing, according to the National News. The proposal, which was presented by the national committee, calls for the sharing of strategic information and intelligence between the public and private sectors to combat these threats.
In its first draft report, the UAE’s Public-Private Partnership Sub-Committee (PPPSC) suggested setting up strict confidentiality and data protection measures for this information sharing. The report also proposed the creation of a secure digital platform for intelligence sharing to better understand illicit money flows.
The PPPSC will monitor the progress of relevant task forces and working groups, and establish key performance indicators to ensure the collaboration between the public and private sectors continues to expand.
The UAE has made significant strides in its efforts to combat financial crime in recent years, and these recommendations are part of its continued efforts to align with international standards and the global AML/CFT agenda. The PPPSC is committed to developing new tools in the fight against money laundering, terrorism financing, and proliferation financing in the coming months.
Who Must Comply with UAE AML/KYC Laws
All companies operating within the UAE, whether domestic or international, must comply with anti-money laundering and counter financing of terrorism (AML-CFT) legislation. These companies are divided into three categories: designated non-financial businesses and professionals, financial institutions, and non-profit organizations.
Designated Non-Financial Businesses and Professions:
Similar to financial institutions, non-financial businesses and professions (DNFBPs) carry out financial transactions for their clients. Examples of DNFBPs include real estate agents and brokers who deal in precious metals and stones for transactions over AED 55,000, lawyers, notaries, and independent accountants who perform financial transactions for clients, providers of corporate services and trusts who carry out transactions for clients, and other professions as specified by a Ministerial decision. The regulations only apply to lawyers and corporate service providers who work on behalf of clients, such as legal professionals who handle client-owned funds.
Financial Institutions:
Financial institutions (FIs) must comply with the legislation if they engage in any financial activities or operations for a customer. This includes receiving public deposits and other funds, including Sharia Law-compliant deposits, providing private banking, cash brokerage, and various types of credit facilities, offering currency exchange, money transfer services, and digital cash payments, issuing and managing payment methods and obligations, investing in or managing funds and financial instruments, participating in securities issuances and providing financial services, and managing and saving various types of funds and portfolios. This list is not exhaustive and regulatory authorities may add more activities or financial transactions.
Non-Profit Organizations:
Non-profit organizations (NPOs) are defined as any ongoing group established temporarily or permanently, made up of individuals or legal entities or not-for-profit legal arrangements. In comparison to financial institutions and DNFBPs, NPOs have very limited legal obligations.
UAE AML/KYC Regulation Authority
In August 2020, the Central Bank of the UAE created a special department to oversee Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) regulations, which was previously managed by the Banking Supervision Department.
The Anti-Money Laundering and Combating the Financing of Terrorism Supervision Department (AMLD) is tasked with three main responsibilities:
- Evaluating licensed financial institutions;
- AEnforcing compliance with the UAE’s AML/CFT laws and regulations;
- Recognizing potential threats, weaknesses, and evolving risks to the UAE’s financial sector.
The AMLD works in partnership with the UAE’s National AML/CFT Committee and the Examination Division of the Banking Supervision Department, and serves as a liaison between the CBUAE and local stakeholders.
The government website reports that in December 2020, the UAE Cabinet approved the formation of the Executive Office of Anti-Money Laundering and Countering Terrorist Financing to meet international standards in the sector and facilitate cooperation between the UAE and organizations dedicated to combating money laundering and terrorism financing.
In addition to the AMLD, other entities are involved in AML/CFT activities, such as the Securities and Commodities Authority and organizations operating within specific economic zones like the Dubai International Financial Center, as well as local and federal supervisory and enforcement authorities.
Key AML/KYC Regulations in the UAE
The UAE has multiple laws regarding Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) activities. The most significant laws include Federal Decree-Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations (AML-CFT Law) and the Cabinet Decision No. (10) of 2019 on the Implementation Regulation of Decree-Law No. (20) of 2018.
According to the AML-CFT Law, an individual engages in illegal activities if they knowingly participate in the following crimes:
- Transferring or transporting proceeds of a crime with the intention to hide or disguise its illegal origin
- Hiding or disguising the true nature, origin, location, method of disposition, movement, or rights related to any proceeds or ownership;
- Acquiring, owning or using such proceeds;
- Aiding the offender in evading punishment.
The UAE government has produced guidelines for FIs and DNFBPs to provide a clearer understanding of all regulations.
Maintaining Compliance in the UAE
To comply with regulations, companies must monitor customer transactions, provide accurate information, and report any suspicious activities. The following explains the key requirements, reporting procedure, and consequences in detail.
Customer Due Diligence Requirements
Financial Institutions (FIs) and Designated Non-Financial Businesses and Professions (DNFBPs) must conduct appropriate risk-based Customer Due Diligence (CDD) measures. This includes understanding the customer's business and the reason for the transaction in certain cases specified in Article 6 of the Anti-Money Laundering and Combating the Financing of Terrorism (AML-CFT) Decision. These cases may include:
- Transactions for amounts over AED 55,000 (approx. $15,000) carried out in a single transaction or multiple transactions that appear linked;
- Wire transfers for amounts over AED 3,500 (approx. $950);
- Suspicion of a crime;
- Doubt about the authenticity or accuracy of customer identification data;
- FIs are also required to enhance CDD measures for high-risk customers, including Politically Exposed Persons, customers associated with high-risk countries, and correspondent banking institutions.
Simplified and Enhanced Due Diligence
FIs can apply Simplified Customer Due Diligence measures (SDD) for low-risk customers, which may include:
- Reduced customer identification and verification requirements
- Fewer inquiries about the customer's business, source of funds, and transactions
- Less frequent monitoring of the business relationship and customer due diligence information.
There's also Enhanced Due Diligence (EDD) measures, which requires more stringent CDD measures for high-risk customers.
- Increased scrutiny, verification, and documentation standards;
- More in-depth inquiry about the customer's business, source of funds, and transactions;
- Increased supervision of the business relationship, including higher management approval, more frequent monitoring, and more frequent review and update of customer due diligence information.
Suspicious Activity Reporting
FIs must report any suspicious activities related to Money Laundering (ML) and Terrorist Financing (FT) operations without delay to the Financial Intelligence Unit (FIU). No minimum reporting threshold or statute of limitations applies to ML/FT crimes or suspicious transaction reporting. The designated Competent Authority for reporting suspicious transactions is the FIU, regardless of whether the FI operates in mainland UAE or a Financial or Commercial Free Zone. Reporting should be done through the GoAML portal, and all related companies must be registered on the portal. A comprehensive guide for registration can be accessed here.
Data Retention Requirements
Financial transaction records and CDD records must be kept for at least five years from the latest of the following events:
- Termination of the business relationship or closing of a customer's account
- Completion of a casual transaction
- Completion of an inspection by the Supervisory Authorities
- Issuance of a final judgment by judicial authorities
- Liquidation, dissolution, or termination of a legal person or arrangement.
Know Your Customer
Businesses are obliged to comply with Know Your Customer (KYC) regulations while interacting with their clients. KYC is a method of identifying and verifying customers, which requires businesses to gather different types of documents from both individuals and companies.
For individual customers, businesses must acquire:
- A government-issued ID or travel document;
- Proof of their residential address.
For companies:
- ID or travel document for all shareholders owning 25% or more shares;
- Proof of their operating address in the UAE, such as a recent utility bill or bank statement;
- Trade license or certificate of incorporation;
- Memorandum and Articles of Association;
- Board of Directors resolution to open an account and identification of authorized account operators.
Consequences
Failure to report suspicious activities by financial institutions may result in imprisonment and fines between AED 100,000 (approx. $27,200) and AED 1,000,000 (approx. $272,000) for the managers or employees. Companies that violate other AML/CFT regulations may face imprisonment or fines ranging from AED 10,000 (approx. $2,720) to AED 100,000 (approx. $27,200). For non-financial businesses and professions, fines vary between AED 50,000 and AED 200,000.
In 2021, the CBUAE imposed financial sanctions on 11 UAE banks for non-compliance with AML/CFT regulations.
Recent Advances
The UAE is continuously working to enhance its Anti-Money Laundering and Counter-Terrorist Financing (AML/CFT) measures by introducing new regulations and updating existing ones. In 2021, the country updated its Guidelines and now requires businesses to implement internal processes to detect suspicious transactions with banks and exchange houses.
To further enforce AML/CFT compliance, the UAE has established new regulatory bodies, including the Executive Office of Anti-Money Laundering and Countering the Financing of Terrorism and Dubai's Specialized Anti-Money Laundering Court.
It's evident that the UAE will continue to introduce new measures to reduce money laundering, terrorist financing, and other illicit activities in the country. Hence, it's crucial for businesses of all types to stay updated and comply with all relevant regulations.
2023, Finely IT Solutions,
registered under DED of Dubai, lience number 1114342
registered under DED of Dubai, lience number 1114342