Central Bank of UAE issues advisory on Anti-Money Laundering and Combatting Terrorism Financing
Seeks identity proofing, enrolment and authentication mechanisms
The Central Bank of the United Arab Emirates (CBUAE) has issued new guidance on anti-money laundering and combatting the financing of terrorism (AML/CFT) for licensed financial institutions (LFIs). These include banks, finance companies, exchange houses, insurance companies, agents and brokers.
Coming into effect immediately, it will assist financial institutions in understanding the risks and effective implementation of their statutory AML/CFT obligations and take the Financial Action Task Force (FATF) standards into account.
Khaled Mohamed Balama, the governor of the CBUAE, said, "The Central Bank is working closely with the licensed financial institutions to ensure their full compliance and understanding of the guidance that we issue regularly. This guidance on the use of digital ID for Customer Due Diligence obligations will enhance the anti-money laundering and combatting the financing of terrorism framework. It will mitigate the potential risks in order to safeguard the UAE's financial system."
The CBUAE guidelines suggest using digital ID systems by LFIs to address their customer due diligence (CDD) obligations. It focuses on the Digital ID mechanisms that LFIs should employ to perform CDD on an ongoing basis. It discusses identity proofing, enrolment and authentication mechanisms.
LFIs are also advised to utilize technology best practices, adequate governance and well-defined policies and procedures. They should leverage data generated by authentication (for example IP addresses) for ongoing CDD and transaction monitoring with a view to detecting suspicious customer behaviour and/or transactions in, to or from sanctioned and high-risk jurisdictions.
LFIs are permitted to rely on customer identification and verification undertaken by a third party at onboarding provided:
- The LFIs obtain all relevant information from the third party.
- Ensure that the third party will provide copies of customer documents and information used for CDD.
- Ensure that the third party complies with the CDD and record-keeping requirements set out in Cabinet Decision No. (10) of 2019, Concerning the Implementing Regulation of Decree-Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations.
Given the increasing complexity and severity of cyber breaches, LFIs must take adequate measures to address the inherent technology and security challenges presented by digital ID systems. They need to implement and enforce necessary safeguards to reduce identity proofing and enrolment risks, including cyber-attacks, security breaches and the use of stolen, falsified or synthetic ID details.
Besides, LFIs are expected to conduct adequate assurance level and appropriateness assessments on digital ID systems they choose. They must implement and enforce adequate assurance protocols regarding the accuracy of the digital ID systems. Also, they have to perform assurance reviews directly or obtain audit or assurance certification details from an expert body.