The Dubai Financial Services Authority (“DFSA”) issued a letter on the 6th May 2020 to all Senior Executive Officers (“SEO”) of authorised firms (“Dear SEO Letter”) in the Dubai International Financial Centre (“DIFC”) informing them of the Financial Crime Joint Guidance released by UAE Supervisory bodies.
Full information regarding the released joint guidance is set out below in 3.1.
All DFSA authorised firms, Designated Non-Financial Businesses and Professions (“DNFBPs”) and registered auditors are encouraged to review the guidance and contact the DFSA for further clarification, if required.
Following the initiatives announced by the DFSA to provide assistance and relief to DIFC firms, the DFSA sent a Dear SEO letter to all authorised firms announcing the creation of a ‘Regulatory Relief Measures Application’ online form. This form can be accessed and submitted to the DFSS via the DFSA ePortal and covers both authorisation and supervision measures announced. No fee will be applied for using this form. Firms are encouraged to seek support where they see fit, and the DFSA will consider each request on a case-by-case basis.
The DFSA is now accepting applications for its 2020 Regulatory Sandbox Summer Cohort and applicants are invited to apply for an Innovation Testing Licence (“ITL”). The ITL is aimed at supporting technologically innovative financial, regulatory and supervisory firms who seek a controlled and well-supported supervisory environment to develop their technology and business.
Applications are open between 1st and 31st May 2020 to submit a planned business model and proposed innovative product or service. Following this, official applicants will be accepted on 16th June 2020 and then invited to submit an ITL application by 26th July 2020.
CCL is in the process of assisting a number of firms with their ITL applications. If your firm is seeking support in gaining an ITL authorisation please contact us through our Contact Form.
The DFSA has announced that, after an investigation which began in 2017, La Tresorerie Limited (La Tresorerie) has been fined $612,790 for breaches of DFSA legislation.
DFSA authorised firm, La Tresorerie, conducted an illegal service that provided physical cash to its clients with knowledge and involvement of senior management over a period of two years. The current senior management was not involved in this service and reported it to the DFSA once discovered.
The illegal cash service:
- involved the use of false invoices and transferring client money to unregulated companies outside of the DIFC.
- involved the transportation of large amounts of physical cash from the UAE to a foreign country, which is associated with a high risk of money laundering
- led to La Tresorerie misleading its custodian and a bank about the nature and purpose of certain transactions when AML due diligence enquiries were made
- demonstrated a fundamental failure of La Tresorerie to conduct its business with integrity
The total amount of physical cash provided by La Tresorerie was calculated to be the equivalent of over $7.3 million, with fees received by the firm of over $220,000.
Firms are reminded that:
- Detailed customer due diligence and onboarding procedures should take a high precedent within a firm’s compliance and AML framework.
- Senior management should engage a third party to conduct a compliance monitoring review should they have regulatory concerns and to seek assurance about the effectiveness of the systems and controls.
- Compliance should be carrying out regular transaction monitoring and reporting concerns to senior management, the Board or the relevant supervisory authority, where necessary.
- Any suspicious activity should be reported to the Money Laundering Reporting Officer (“MLRO”).
- Firms are encouraged to implement a proper whistleblowing procedure to encourage the reporting of material issues.
The Financial Services Regulatory Authority (“FSRA”) has announced three Regulatory Technology (“RegTech”) pilot initiatives to assist regulated firms in achieving better compliance outcomes with reduced regulatory cost.
- Artificial Intelligence Enabled RegBot for Licence Application
The FSRA is automating the licence application process for Venture Capital (“VC”) fund managers. Applicants will be interacting with a “RegBot” which uses artificial intelligence to identify information and risk gaps in the application and ask clarifying questions. For example, if an applicant does not provide adequate information on its risk management systems and processes, the RegBot will prompt the relevant response from the applicant and in the process, enhance the applicant’s understanding of, and compliance with, the FSRA’s rules and regulations. The RegBot will also complete a draft application based on the information provided, as well as forming a draft assessment report for the FSRA’s review.
- Developing FSRA Venture Capital Regulatory Framework
Following the introduction of the FSRA’s VC manager regulatory framework in May 2017, a successful regulatory community has developed in line with the ADGM’s efforts to create a framework which would support tech startups and small and medium enterprises.
- Application Programme Interfaces to Monitor Client Money
The FSRA is utilising Application Programme Interfaces to monitor client money held by licensed firms with custodian banks on a real-time basis. This solution enables the reconciliation of a firm’s client money balances in a custodian bank against the licensed firm’s internal client money records. Any discrepancies in these balances are immediately alerted to the firm and to the FSRA for remedial action.
The Abu Dhabi Global Market (“ADGM”) has announced further incentives for new businesses that may have had operations affected by the COVID-19 pandemic.
The new incentives include:
- A 50% reduction on fees associated with the incorporation of new ADGM companies and limited liability partnerships, including branches.
- Companies wishing to continue into the ADGM from a foreign jurisdiction will receive a reduction of 100% on the continuation fee.
- Existing ADGM companies and limited liability partnerships are able to request an extension on the nine-month timeline for filing of annual accounts.
The above incentives commenced on 3rd May 2020 and are an extension of the incentives announced last month.
For a breakdown of the ADGM initiatives announced last month and details of how your firm can benefit please read the CCL Regulatory Insight: ADGM Business Support Initiative. As part of the ADGM community, CCL will continue to provide support and expertise to new applicants and existing firms to help them understand the evolving economic and regulatory landscape.
The United Arab Emirates Supervisory Authorities: The Central Bank of the UAE (“CBUAE”), together with the Dubai Financial Services Authority (“DFSA”) of the Dubai International Financial Centre (“DIFC”), the Financial Services Regulatory Authority (“FSRA”) of the Abu Dhabi Global Market (“ADGM”), the Securities and Commodities Authority (“SCA”), the UAE Insurance Authority (“IA”) and the Ministries of Justice and of Economy have released joint guidance in relation to the treatment of financial crime risk and obligations in the context of the current circumstances caused by COVID-19. The guidance applies to all Financial Institutions (“FIs”) and Designated Non-Financial Businesses and Professions (“DNFBPs”) licensed, registered and regulated by the supervisory authorities.
The supervisory authorities recognise that FIs and DNFBPs may have changed the way in which they conduct business and interact with customers, and acknowledge that it may be more difficult for businesses to adhere to their existing customer identification and verification processes in seeking to meet customer due diligence obligations, particularly where institutions have adopted remote-working models.
The guidance outlines measures concerning risk assessments, customer due diligence, transaction monitoring and sanction screening processes.
- Risk Assessments
- In line with the prescribed risk-based approach, where the risk assessment process results in a lower risk rating, FIs and DNFBPs are granted discretion to apply simplified due diligence measures.
- Emerging risks resulting from COVID-19 should be “dynamically factored into” the business and customer risk assessments of FIs and DNFBPs in conjunction with the treatment of customers and transactions during this unprecedented time.
- Customer Due Diligence
- Firms who usually meet customers face-to-face are encouraged to adopt alternative and non-traditional means to meet customer identity verification obligations. Firms are reminded that customer due diligence obligations are still in place during this time.
- Firms are encouraged to use technology as much as possible. This follows the FATF’s released guidance on the use of Digital ID. For example, UAE Pass is an app that can verify Emirates IDs.
- Supervisory authorities will expect firms who make use of technology or implement an exceptions handling process to maintain a record of where these provisions were legally vetted and invoked and senior management must be aware of such events.
- Senior management should put a corrective plan in place to resolve any issues related to exceptions processes once operations are back to normal.
- Appropriate risk mitigation measures should be considered in instances where verification standards are not in line with the FIs’ and DNFBPs’ risk-based approach.
- All firms are encouraged to revisit their business risk assessment and control frameworks as well as revising their internal policies, procedures, and/or control measures to make enhancements, where necessary. Senior management should formally approve all policy and procedural amendments where any changes to current practices have been adopted.
- In relation to “non-static customer identity documentation” such as passport numbers or visa expiry, firms are expected to keep abreast of developments such as, for example, the UAE Cabinet’s recently approved package to ensure workflow of government work in various sectors. Firms should analyse where this might impact their Anti Money Laundering (“AML”) and Counter Terrorist Financing (“CTF”) systems and controls.
- Firms are encouraged to engage with customers to promote the use of government smart services to renew necessary identification documents and trade licenses through online services.
- Transaction Monitoring
- Firms are advised to carefully analyse transactions to distinguish new patterns between those that represent suspicious behaviour and expected normal patterns.
- Firms may need to adjust their systems of monitoring and alerts to adopt new rules for transaction monitoring and reporting under current exceptional social circumstances.
- The supervisory authorities encourage firms to continue to apply a risk-based approach and closely monitor all business relationships for criminal activities as the number of financial fraud and exploitation scams have increased. Firms should also keep in mind that terrorists may also exploit current social circumstances to raise funds.
- Firms must be mindful of their obligations to review the quality and timeliness of alerts generated from transaction monitoring systems and where reasonable grounds exist to suspect a transaction or related activity, firms are reminded to report suspicions to the Financial Intelligence Unit (“FIU”) without delay.
- Firms who experience operational challenges accessing goAML should contact the FIU at UAEFIU@cbuae.govae to make interim reporting arrangements. Firms are reminded failure to report suspicious transactions or activity is a federal offence.
- Sanction Screening Processes
- Firms are reminded to update their records on a daily basis in order to identify individuals or entities designated by either the United Nations Security Council or UAE Cabinet. Where an alert is generated, FIs and DNFBPs are required to conduct a proper and timely review. In addition to this, firms should crosscheck their customer database to maintain record keeping requirements.
- Firms are reminded that where a match occurs with a sanction list, funds should be frozen, and the relevant supervisor notified immediately.
In light of the above, FIs and DNFBPs are encouraged to adapt their governance and operational processes to enable them to remain compliant with their ongoing regulatory obligations, where necessary.
The UAE’s SCA has discussed initiatives and decisions aimed at containing the consequences of COVID-19 to mitigate its negative effects on financial markets and companies.
The initiatives and decisions include:
- An amendment to the limit down on stock prices which would allow a maximum decline in a single trading day, now set at 5%.
- An extension of the deadline for joint-stock companies to convene their annual general meeting to 30th June 2020 to avoid risks that may result from a failure to hold a meeting within the legally specified period.
- Exemptions regarding the implementation of certain provisions of the share buyback regulations.
- Mandatory electronic voting for general meetings in order to avoid having to attend in person.
- An extension for licensed companies for the period during which the 2019 annual statements must be disclosed as well as the postponement of the disclosure of the interim financial statements.
- The release of a circular requiring listed companies to report the preventative actions they have taken to maintain public health and safety. These companies were also instructed to implement a calculated recovery plan and a written policy to ensure business continuity can be put into action in the event of an emergency.
- The replacement of field inspections with remote inspections, in line with their company policy. All firms have been encouraged to use the smart and electronic services available from the SCA.
The Financial Action Task Force (FATF) has released its full Mutual Evaluation Report for the UAE. The international body conducted an on-site visit between 1-18th July 2019 and analysed the level of compliance with the FATF 40 Recommendations and the level of effectiveness of the UAE’s AML/CTF system.
The FATF noted in its report that:
- The UAE has made significant improvements to its AML/CTF system including developing the National Risk Assessment (“NRA”), addressing technical deficiencies in regulation, strengthening coordination across the Emirates, strengthening its FIU and assigning supervisors over previously non-covered sectors.
- The UAE has demonstrated a high-level commitment to better understand and mitigate its money laundering and terrorist financing risk. While the NRA is a good starting point, the FATF did find that it provides only a basic description of the complex Money Laundering (“ML”) issues facing the country.
- While the UAE has access to a broad range of financial information, there are particular issues regarding the underutilisation of customs data and international cooperation alongside the absence of suspicious transaction reporting by DNFBPs.
- The FIU is taking steps to address the necessary recourse needs and analytical capability, but the unit still has a limited role and capacity.
- Considering the Emirates “recognised risk profile” and good ML offence policy, there is still a low number of ML prosecutions in Dubai which was deemed an anomaly. The FATF noted that activities to support and place stronger emphasis on ML risks such as training, awareness and resources are still at early stages.
- While the UAE has identified confiscation as a key policy objective by the National Committees, it has not demonstrated that confiscation occurs for the proceeds of foreign predicate offences, which is acknowledged as a key crime risk. There is also an absence of any formal cases adopted by the police and state security in relation cross border cash and precious metal movements.
- The private sector in particularly were unaware of TF-related financial sanctions lists such as the Local List of UN Consolidated Sanctions and National List of Terrorists.
- The DFSA, FSRA and Insurance Authority (“IA”) have developed a detailed understanding of ML/TF Risk in the areas they supervise, however outside of the financial free zones, sanctions are not effective, proportionate or dissuasive. The FATF found that the UAE authorities did not recognise the importance of using the full range of sanctions.
- Effective supervision of DNFBPs outside of financial free zones could not be demonstrated, with the exception of some market entry controls in the commercial free zones.
- Due to the 39 different company registries in the UAE, the FATF found that the risk of criminals being able to misuse legal persons in the UAE remains high. There is also different levels of understanding, implementation and application of measures to prevent the misuse of legal persons across company registries. The FATF, therefore, recommended that because of the different standards of verification, it is important to create some consistency across all registries.
- While some authorities are facilitating informal international cooperation, the FATF found the UAE could not demonstrate that it is routinely and consistently requesting and providing international cooperation to make the UAE an unattractive location which criminals can operate, maintain illegal proceeds or use as a safe haven.
Firms across the UAE should expect further enhancements to rules and regulations in respect to money laundering and counter terrorist financing. In line with the priority actions highlighted in the report, the UAE is expected to enhance its level of compliance with the FATF Recommendations and may do this by:
- Ensuring its authorities and firms have a deepened understanding of the most immediate and pressing ML risks (such as professional ML networks and foreign proceeds of crime) by utilising a broader base of available information sources. These should include proactive engagement with international partners, reviewing any updates to TF risks and focusing on financing issues. There should be focus on the private sector who were found to be particularly unaware of TF-related financial sanctions lists.
- Developing its FIU and ensuring it can provide complex operational analysis. This may mean that firms will receive further communication from the FIU and therefore, should ensure that access to the GoAML system is sufficient in order to receive future information or requests.
- New reporting entities should receive further guidance and information from the FIU to ensure they are aware of their suspicious activity reporting obligations.
- Firms who deal with cross border movement of cash and precious metals may be subject to further obligations and regulatory analysis.
- Further referrals to supervisory authorities by the Ministry of Interior and Federal Customs Agency in respect to suspicions of money laundering via cash or precious metals and stones.
- Confiscation of cross border currency, bearer negotiable instruments and precious metals and stones may occur more frequently, with further intelligence capability built into the UAE’s customs departments.
- Further awareness and outreach may be introduced regarding Targeted Financial Sanctions and firms may expect to receive more communication regarding sanction regulation.
- Sanctions enforcement and remedial action to occur more frequently across the UAE.
- Setting an expectation that supervisors will conduct full scope examinations of institutions in line with the risk cycle and through the conduct of thematic reviews. This may focus more on identified weak areas such as financial sanctions, enhanced due diligence and high-risk DNFBPs.
- Further guidance from supervisors to urge non-bank financial institutions and DNFBPs to strengthen their transaction monitoring systems and ensure timely and quality reporting of Suspicious Transaction Reports (STRs) by all reporting entities.
- An increase of monitoring by supervisors of the application of risk-based approaches. Supervisors may also release further information on internal discussions on high-level principles of AML/CTF supervision.
- Further guidance and training to be released to create a more uniform approach across the UAE’s 39 registries.
- A greater use of mutual legal assistance, extradition orders, asset freezing, and confiscation following more frequent investigations of firms in the UAE, particularly in Dubai.
The full report can be found on the FATF’s website here.
The European Securities and Markets Authority (“ESMA”) has made recommendations to its financial market participants in light of the potential COVID-19 impact.
The recommendations included:
- All financial market participants should be ready to apply their contingency plans, including the deployment of business continuity measures, to ensure operational continuity.
- Issuers should disclose any relevant significant information concerning the impact of COVID-19 on fundamentals, prospects or their financial situation in line with Market Abuse Regulation transparency obligations.
- Issuers should provide transparency on the actual and potential impact of COVID-19, to the fullest extent possible, based on both a qualitative and quantitative assessment of their business activities, financial situations and economic performance in the 2019 financial year end reports.
- Asset managers should continue to apply the requirements concerning risk management and react accordingly.
Australian Bank, WestPac is expecting a fine of approximately US$578 million by Australian financial crime agency, AUSTRAC over accusations it violated anti-money laundering protocols regarding 23 million payments.
- Inadequate vetting of transactions
- Inadequate customer due diligence, particularly for clients linked to higher risk jurisdictions
- Inadequate monitoring of clients and transactions
- Inadequate compliance resources
The magnitude of the failures was significant, and Westpac is expecting a fine which could be the largest issued in Australian corporate history.
Firms should ensure:
- Transaction monitoring is carried out in the frequency that is proportionate to the nature, size and scope of the firm’s business activities.
- Systems and controls are in place to meet regulatory obligations for customer due diligence are adequate and effective.
- A risk-based approach is adopted, and enhanced due diligence is applied to higher risk clients.
- The compliance officer and the MLRO have access to adequate resources to effectively discharge their responsibilities.
South Korean bank, Industrial Bank of Korea is due to pay US$86 million in fines due to violations of the New York State Bank Secrecy Act and anti-money laundering laws.
Violations included an illegal transfer of more than $1billion to Iran in violation of US Sanctions. The bank was also accused of having inadequate money laundering controls at its New York branch between 2011 and 2014. The fine includes a $51 million forfeiture and a $35 million civil fine, and the firm must improve its customer due diligence and enhance management oversight.
Firms should ensure they have:
- A suspicious activity monitoring programme to flag multiple scenarios within one alert
- Sufficient documentation to support closure of alerts, particularly for transactions processed on behalf of its parent entity if they are a branch.
- Awareness of, and that they are abiding by, sanction laws and have suitable sanction policies and procedures in place if they are conducting business internationally, particularly in the US.
- Sufficient and regularly maintained record keeping in regard to sanctioned customer alerts.