Home   Browse contents   View updates   Search  
     Quick search
Go
   

Dubai Financial Services Authority (DFSA): Contents

Dubai Financial Services Authority (DFSA)
Laws
Rulebook Modules
Sourcebook Modules
Consultation Papers
Policy Statements
DFSA Codes of Practice
Amendments to Legislation
Media Releases
Notices
Financial Markets Tribunal
Archive

BackText onlyPrint

You need the Flash plugin.

Download Macromedia Flash Player



  • Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Module (AML) [VER13/02-17]

    • AML 1 Introduction

      • AML 1.1 Application

        • AML 1.1.1

          This module (AML) applies to:

          (a) every Relevant PersonG in respect of all its activities carried on in or from the DIFCG ;
          (b) the persons specified in Rule 1.2.1 as being responsible for a Relevant Person'sG compliance with this module; and
          (c) a Relevant PersonG , which is a DIFCG entity, to the extent required by Rule 14.1.

          except to the extent that a provision of AML provides for a narrower application.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

        • AML 1.1.2

          For the purposes of these Rules, a Relevant PersonG means:

          (a) an Authorised FirmG other than a Credit Rating AgencyG ;
          (b) an Authorised Market InstitutionG ;
          (c) a DNFBPG ; or
          (d) a Registered AuditorG .
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM132/2014 (Made 21st August 2014). [VER10/06-14]

      • AML 1.2 Responsibility for compliance with this module

        • AML 1.2.1

          (1) Responsibility for a Relevant Person'sG compliance with this module lies with every member of its senior management.
          (2) In carrying out their responsibilities under this module every member of a Relevant Person'sG senior management must exercise due skill, care and diligence.
          (3) Nothing in this Rule precludes the DFSAG from taking enforcement action against any person including any one or more of the following persons in respect of a breach of any Rule in this module:
          (a) a Relevant PersonG ;
          (b) members of a Relevant Person'sG senior management; or
          (c) an EmployeeG of a Relevant PersonG .
          Derived from RM117/2013 [VER9/07-13]

      • AML 1.3 Application table

        • AML 1.3 Guidance

          Relevant PersonG Applicable ChaptersG
          Authorised PersonG 1–14
          Representative OfficeG 1–5* 10- 14
          Registered AuditorG 1 -8 10–14
          DNFBP 1–8 10–15

          * Chapters 6–9 are unlikely to apply to a Representative OfficeG as such an office is only permitted to carry on limited activities in the DIFCG and therefore must not have CustomersG .

          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM132/2014 (Made 21st August 2014). [VER10/06-14]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

    • AML 2 Overview and Purpose of the Module

      • AML 2 Guidance

        1. In this module, for simplicity, a reference to "money laundering" also includes terrorist financing and the financing of unlawful organisations (see AML Rule 3.1.1).

        Overview of the DIFC's AML regime

        2. The DIFCG is governed by two separate and complementary regimes in relation to AML regulation, both administered by the DFSA:
        a. The Federal regime: Under Article 3 of Federal Law No. 8 of 2004, the provisions of Federal Law No. 4 of 2002 on Combating Money Laundering and Terrorist Financing and Federal Law No. 7 of 2014 on Combating Terrorism Offences and the implementing regulations under those laws apply in the DIFCG . The DFSA, as the DIFC's supervisory authority for the purposes of those laws, is obliged to issue regulations and guidance in the DIFC relating to the regulation of anti-money laundering and combating the financing of terrorism and unlawful organisations. The DFSA may also impose administrative penalties for breaches of those laws and the implementing regulations. See Article 11(2) of Federal Law No. 4 of 2002 and also Article 17 of Cabinet Resolution No. 38 of 2014; and
        b. The DIFCG regime: Under Article 70(3) of the DIFC Regulatory Law 2004 (the "Regulatory Law"), the DFSA has jurisdiction for the regulation of anti-money laundering in the DIFCG . The DIFCG specific regime is contained in Chapter 2 of Part 4 of the Regulatory Law and any DFSA Rules made in connection with anti-money laundering measures, policies and procedures.
        3. Note that under Article 71(1) of the Regulatory Law, the DIFCG regime requires compliance with the Federal regime. It follows that a failure to comply with a provision of Federal Law No. 4 of 2002 on Combating Money Laundering and Terrorist Financing or Federal Law No. 7 of 2014 on Combating Terrorism Offences or the implementing regulations under those laws may also provide evidence of failure to comply with Article 71(1), which may then be addressed under the disciplinary and remedial provisions of the Regulatory Law and DFSA Rules.

        Purpose of the AML module

        4. The AML module has been designed to provide a single reference point for all persons and entities (collectively called Relevant PersonsG ) who are supervised by the DFSAG for Anti-Money LaunderingG (AML), Counter-Terrorist FinancingG (CTF) and sanctions compliance under the two regimes referred to above. Accordingly it applies to Authorised FirmsG , Authorised Market InstitutionsG , Designated Non-Financial Businesses and ProfessionsG (DNFBPs), and Registered AuditorsG . The AML module takes into consideration the fact that Relevant PersonsG have differing AML risk profiles. A Relevant PersonG should familiarise itself with this module, and assess the extent to which the chapters and sections apply to it.
        5. The AML module cannot be read in isolation from other relevant legislation or developments in international policy and best practice and, to the extent applicable, Relevant PersonsG need to be aware of, and take into account, how these aforementioned matters may impact on the Relevant Person'sG day to day operations. This is particularly relevant when considering United Nations Security Council Resolutions (UNSCRs) which apply in the DIFCG , and unilateral sanctions imposed by other jurisdictions which may apply to a Relevant PersonG depending on the Relevant Person'sG jurisdiction of origin, its business and/or customer base.

        Structure of the AML module

        6. Chapter 1 of this module contains an application table which should assist a Relevant PersonG to navigate through the module and to determine which chapters are applicable to it. Chapter 1 also specifies who is ultimately responsible for a Relevant Person'sG compliance with the AML module. The DFSAG expects the senior management of a Relevant PersonG to establish a robust and effective AML/CTF and sanctions compliance culture for the business.
        7. Chapter 2 provides an overview of the AML module and chapter 3 sets out the key definitions in the module. Note that not all definitions used in this module are capitalised.
        8. Chapter 4 explains the meaning of the risk-based approach (RBA), which should be applied when complying with this module. The RBA requires a risk-based assessment of a Relevant Person'sG business (in chapter 5) and its customers (in chapter 6). A risk-based assessment should be a dynamic process involving regular review, and the use of these reviews to establish the appropriate processes to match the levels of risk. No two Relevant PersonsG will have the same approach, and implementation of the RBA and the AML module permits a Relevant PersonG to design and implement systems that should be appropriate to their business and customers, with the obvious caveat being that such systems should be reasonable and proportionate in light of the AML risks. The DFSAG expects the RBA to determine the breadth and depth of the Customer Due Diligence (CDDG ) which is undertaken for a particular customer under chapter 7, though the DFSAG understands that there is an inevitable overlap between the risk-based assessment of the customer in chapter 6 and CDDG in chapter 7. This overlap may occur at the initial stages of customer on-boarding but may also occur when undertaking on-going CDDG .
        9. Chapter 8 sets out when and how a Relevant PersonG may rely on a third party to undertake all or some of its CDDG obligations. Reliance on a third-party CDDG reduces the need to duplicate CDDG already performed for a customer. Alternatively, a Relevant PersonG may outsource some or all of its CDDG obligations to a service provider.
        10. Chapter 9 sets out certain obligations in relation to correspondent banking, wire transfers and other matters which apply to Authorised PersonsG , and, in particular, to banks.
        11. Chapter 10 sets out a Relevant Person'sG obligations in relation to United Nations Security Council resolutions and sanctions, and government, regulatory and international findings (in relation to AML, terrorist financing and the financing of weapons of mass destruction).
        12. Chapter 11 sets out the obligation for a Relevant PersonG to appoint a Money Laundering Reporting Officer (MLROG ) and the responsibilities of such a person.
        13. Chapter 12 sets out the requirements for AML training and awareness. A Relevant PersonG should adopt the RBA when complying with chapter 12, so as to make its training and awareness proportionate to the AML risks of the business and the employee role.
        14. Chapter 13 contains the obligations applying to all Relevant PersonsG concerning Suspicious Activity ReportsG , which are required to be made under Federal Law No. 4 of 2002.
        15. Chapter 14 contains the general obligations applying to all Relevant PersonsG , including GroupG policies, notifications, record-keeping requirements and the annual AML Return.
        16. Chapter 15 sets out specific Rules applying to DNFBPsG , including the requirement to register with the DFSAG , and Chapter 16 contains certain transitional Rules.

        The U.A.E. criminal law

        17. The U.A.E.G criminal law applies in the DIFCG and, therefore, persons in the DIFCG must be aware of their obligations in respect of the criminal law as well as these Rules. Relevant U.A.E.G criminal laws include Federal Law No. 4 of 2002 on Combating Money Laundering and Terrorist Financing, Federal Law No. 7 of 2014 on Combating Terrorism Offences and the Penal Code of the U.A.E.
        18. Under Federal AML legislation, a PersonG may be criminally liable for the offence of money laundering if it intentionally commits specified acts in relation to funds which it knows are the proceeds of crime. The DFSA notes that:
        a. the failure to report suspicions of money laundering;
        b. "tipping off"; and
        c. assisting in the commission of money laundering,
        may each constitute a criminal offence that is punishable under the laws of the StateG .
        19. The U.A.E Central Bank has the power under Federal AML legislation to freeze funds or other assets suspected of relating to money laundering, terrorist financing or the financing of unlawful organisations. Federal authorities also have powers to apply for the confiscation of funds or other assets that have been used for such purposes.
        20. In a number of places in this module, Guidance cross-refers to specific requirements in Federal AML legislation. As interpretation of Federal AML legislation is a matter for the relevant Federal authorities rather than the DFSA, any question about those requirements should be directed to the relevant Federal authorities. Rules or Guidance in this module should not be relied upon to interpret or determine the application of the laws of the State.

        Financial Action Task Force

        21. The Financial Action Task ForceG (FATFG ) is an inter-governmental body whose purpose is the development and promotion of international standards to combat money laundering and terrorist financing.
        22. The DFSAG has had regard to the FATFG Recommendations in making these Rules. A Relevant PersonG may wish to refer to the FATFG Recommendations and interpretive notes to assist it in complying with these Rules. However, in the event that a FATFG Recommendation or interpretive note conflicts with a Rule in this module, the relevant Rule takes precedence.
        23. A Relevant PersonG may also wish to refer to the FATFG typology reports which may assist in identifying new money laundering threats and which provide information on money laundering and terrorist financing methods. The FATFG typology reports cover many pertinent topics for Relevant PersonsG , including corruption, new payment methods, money laundering using trusts and company service providers, and vulnerabilities of free trade zones. These typology reports can be found on the FATFG website www.fatf-gafi.org.
        24. The U.A.E.G , as a member of the United Nations, is required to comply with sanctions issued and passed by the United Nations Security Council (UNSC). These UNSC obligations apply in the DIFCG and their importance is emphasised by specific obligations contained in this module requiring Relevant PersonsG to establish and maintain effective systems and controls to comply with UNSC sanctions and resolutions (See chapter 10).
        25. The FATFG has issued guidance on a number of specific UNSC sanctions and resolutions regarding the countering of the proliferation of weapons of mass destruction. Such guidance has been issued to assist in implementing the targeted financial sanctions and activity based financial prohibitions. This guidance can be found on the FATFG website www.fatf-gafi.org.
        26. In relation to unilateral sanctions imposed in specific jurisdictions such as the European Union, the U.K. (HM Treasury) and the U.S. (Office of Foreign Assets Control), the DFSAG expects a Relevant PersonG to consider and take positive steps to ensure compliance where required or appropriate.

        Tax Issues and Exchange of Information for Tax purposes

        27. The DIFCG benefits from an international customer base with a growing number of customers who may be investing with financial institutions outside their country of residence. These factors create a risk of the services of Relevant PersonsG being used to hide assets which are subject to taxation, or to launder the unlawful proceeds of tax crimes.
        28. The DFSA is committed to protecting the DIFCG from being used to facilitate tax crimes and believes that strong AML policies, procedures, systems and controls, including robust customer due diligence requirements, are needed to mitigate the risk of tax crimes.
        29. Such measures will also ensure that a Relevant PersonG is able to comply with other international obligations such as the OECD Automatic Exchange of Information for Tax Purposes Programme and FATF Recommendations, which were updated in 2012 to expand the scope of money laundering predicate offences to include tax crimes (related to direct and indirect taxes).
        30. A Relevant PersonG should therefore establish and maintain appropriate policies, procedures, systems and controls to enable it to detect and deter the laundering of proceeds of tax crimes. For example, as part of its risk-based approach under chapter 4, it should consider its tax risk exposure as a result of the nature of its business, customers, products, services and other relevant factors. It should also conduct appropriate customer due diligence to identify customers who may be subject to tax crime risk (see also the Guidance after AML Rule 6.1.4).
        Derived from RM117/2013 [VER9/07-13]
        [Amended] DFSA RM132/2014 (Made 21st August 2014). [VER10/06-14]
        [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

    • AML 3 Interpretation and Terminology

      • AML 3.1 Interpretation

        • AML 3.1.1

          A reference in this module to "money laundering" in lower case includes a reference to terrorist financing and the financing of unlawful organisations, unless the context provides or implies otherwise.

          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 3.1.1 Guidance

            Chapter 6, section 6.2, of the General (GEN) module sets out how to interpret the Rulebook, including this module.

            Derived from RM117/2013 [VER9/07-13]

      • AML 3.2 Glossary for AML

        • AML 3.2 Guidance

          1. A Relevant PersonG should note that, in order to make this module easier to read, some of the defined terms in this module have not had the initial letter of each word capitalised in the same way as in other Rulebook modules.
          2. Some of the defined terms and abbreviations in this module may also be found in the DFSA'sG Glossary module (GLO). Where a defined term in this module does not appear in Rule 3.2.1, a Relevant PersonG should look in GLO to find the meaning.
          3. In accordance with the interpretation provisions in the Regulatory LawG , a reference to legislation includes a reference to the legislation as amended or re-enacted from time to time.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

        • AML 3.2.1

          In this module, the terms and abbreviations listed in the table below have the following meanings:

          AML Means either "anti-money laundering" or this Anti-Money Laundering, Counter-Terrorist Financing and Sanctions module, depending on the context.
          AMLSCUG Means the Anti-Money Laundering Suspicious Cases Unit, the Financial Intelligence Unit of the U.A.E. Central Bank.
          Authorised PersonG Means an Authorised FirmG or an Authorised Market InstitutionG .
          beneficial owner Means, in relation to a customer, a natural person:
          (a) who ultimately controls, directly or indirectly, a customer;
          (b) who, in relation to a customer which is a legal person or arrangement, exercises (whether directly or indirectly) ultimate effective control over the person or arrangement, or the management of such person or arrangement;
          (c) who ultimately owns or has an ownership interest in the customer, whether legally or beneficially, directly or indirectly;
          (d) on whose behalf or for whose benefit a transaction is being conducted; or
          (e) on whose instructions the signatories of an account, or any intermediaries instructing such signatories, are for the time being accustomed to act.
          A person not falling into (a) or (b) is not a beneficial owner by reason of (c) or (d) if, having regard to a risk-based assessment of the customer, the ownership interest is small and in the circumstances poses no or negligible risk of money laundering.

          In (a) to (e), a reference to a "customer" includes a customer account, customer assets and the underlying legal person or arrangements which constitute or make up the customer, customer account or customer assets.
          BranchG Means a place of business within the DIFCG :
          (a) which has no separate legal personality;
          (b) which forms a legally dependant part of a Relevant PersonG whose principal place of business and head office is in a jurisdiction other than the DIFCG ; and
          (c) through which the Relevant PersonG carries on business in or from the DIFCG .
          Cabinet Resolution No. 38 of 2014 Means Federal Cabinet Resolution No. 38 of 2014 on the Implementing Regulations of Federal Law No. 4 of 2002.
          ClientG Has the meaning in chapter 2 of the Conduct of Business module.
          company service provider Means a person, not falling into parts (1)(a) to (e) or (g) of the definition of a DNFBPG that, by way of business, provides any of the following services to a customer:
          (a) acting as a formation agent of legal persons;
          (b) acting as (or arranging for another person to act as) a director or secretary of a company, a partner of a partnership, or a similar position in relation to other legal persons;
          (c) providing a registered office, business address or accommodation, correspondence or administrative address for a company, a partnership or any other legal person or arrangement; or
          (d) acting as (or arranging for another person to act as) a nominee shareholder for another person.
          Contract of InsuranceG Has the meaning in GEN Rule A4.1.1.
          CTF Means counter-terrorist financing.
          customer Unless otherwise provided, means:
          (a) a person where, in relation to a business relationship between the person and a Relevant PersonG , there is a firm intention or commitment by each party to enter into a contractual relationship or where there is a firm commitment by each party to enter into a transaction, in connection with a product or service provided by the Relevant PersonG ;
          (b) a ClientG of an Authorised FirmG ;
          (c) a MemberG or prospective MemberG of, or an applicant for admission of SecuritiesG to trading on, an Authorised Market InstitutionG ;
          (d) in relation to a Single Family OfficeG , a member of the Single FamilyG ; or
          (e) a person with whom a Relevant PersonG is otherwise establishing or has established a business relationship.
          Customer Due DiligenceG (CDD) Has the meaning in Rule 7.3.1.
          Designated Non-Financial Business or ProfessionG (DNFBP) Means:
          (1) The following class of persons whose business or profession is carried on in or from the DIFCG :
          (a) a real estate developer or agency which carries out transactions with a customer involving the buying or selling of real property;
          (b) a dealer in precious metals or precious stones;
          (c) a dealer in any saleable item of a price equal to or greater than $15,000;
          (d) a law firm, notary firm, or other independent legal business;
          (e) an accounting firm, audit firm or insolvency firm;
          (f) a company service provider; or
          (g) a Single Family OfficeG .
          (2) A person who is an Authorised PersonG or a Registered AuditorG is not a DNFBPG .
          DIFCG entity Means a legal person which is incorporated or registered in the DIFCG (excluding a registered BranchG ).
          Domestic FundG A FundG established or domiciled in the DIFCG .
          EmployeeG Means an individual:
          (a) who is employed or appointed by a person in connection with that person's business, whether under a contract of service or for services or otherwise; or
          (b) whose services, under an arrangement between that person and a third party, are placed at the disposal and under the control of that person.
          Enhanced Customer Due DiligenceG Means undertaking Customer Due DiligenceG and the enhanced measures under Rule 7.4.1.
          FATFG Means the Financial Action Task Force.G
          FATFG Recommendations Means the publication entitled the "International Standards on Combatting Money Laundering and the Financing of Terrorism and Proliferation" as published and amended from time to time by FATFG .
          Federal AML legislation Means all U.A.E Federal Laws and their implementing regulations relating to money laundering, terrorist financing and the financing of unlawful organisations, as well as sanctions compliance, including Federal Law No. 4 of 2002, Federal Law No. 7 of 2014 and Cabinet Resolution No. 38 of 2014.
          Federal Law No. 4 of 2002 Means U.A.EG Federal Law No. 4 of 2002 on Combating Money Laundering and Terrorist Financing.
          Federal Law No. 7 of 2014 Means U.A.E Federal Law No. 7 of 2014 on Combating Terrorism Offences.
          Financial InstitutionG A regulated or unregulated entity, whose activities are primarily financial in nature.
          Financial Services RegulatorG Means a regulator of financial services activities established in a jurisdiction other than the DIFC.
          Governing BodyG Means the board of directors, partners, committee of management or other governing body of:
          (a) a Body CorporateG or PartnershipG ; or
          (b) an unincorporated association carrying on a trade or business, with or without a view to profit.
          GroupG Means a GroupG of entities which includes an entity (the 'first entity') and:
          (a) any parent of the first entity; and
          (b) any subsidiaries (direct or indirect) of the parent or parents in (a) or the first entity; or
          (c) for a legal person which is not a body corporate, refers to that person and any other associated legal persons who are in an equivalent relationship to that in (a) and (b).
          International Organisation Means an organisation established by formal political agreement between member countries, where the agreement has the status of an international treaty, and the organisation is recognised in the law of countries which are members.
          Law Means the Regulatory Law.
          legal person Means any entity other than a natural person that can establish a customer relationship with a Relevant PersonG or otherwise own property. This can include companies, bodies corporate or unincorporate, trusts, foundations, anstalten, partnerships, associations, states and governments and other relevantly similar entities.
          MemberG A person admitted as a member of an Authorised Market InstitutionG in accordance with its Business Rules.
          Money Laundering Reporting OfficerG (MLRO) Means the person appointed by a Relevant PersonG pursuant to Rule 11.2.1(1).
          natural person Means an individual.
          person Means a natural or legal person.
          Politically Exposed PersonG (PEP) Means a natural person (and includes, where relevant, a family member or close associate) who is or has been entrusted with a prominent public function, whether in the StateG or elsewhere, including but not limited to, a head of state or of government, senior politician, senior government, judicial or military official, ambassador, senior person in an International Organisation, senior executive of a state owned corporation, an important political party official, or a member of senior management or an individual who has been entrusted with similar functions such as a director or a deputy director.

          This definition does not include middle ranking or more junior individuals in the above categories.
          Public Listed CompanyG Has the meaning given in Schedule 1 to the Regulatory Law.
          Registered AuditorG Has the meaning given to that term in the Regulatory LawG
          Regulated ExchangeG Means an exchange regulated by a Financial Services RegulatorG .
          Regulated Financial InstitutionG A person who does not hold a LicenceG but who is authorised in a jurisdiction other than the DIFCG to carry on any financial service by another Financial Services RegulatorG .
          Relevant PersonG Has the meaning given to that term in Rule 1.1.2.
          senior management Means, in relation to a Relevant PersonG every member of the Relevant Person'sG executive management and includes:
          (a) for a DIFCG entity, every member of the Relevant Person'sG Governing BodyG ;
          (b) for a BranchG , the person or persons who control the day to day operations of the Relevant PersonG in the DIFCG and would include, at a minimum, the SEO or equivalent, such as the managing director; or
          (c) for a Registered AuditorG , every member of the Relevant Person'sG executive management in the U.A.E.G
          Shell Bank A bank that has no physical presence in the country in which it is incorporated or licensed and which is not affiliated with a regulated financial group that is subject to effective consolidated supervision.
          Simplified Customer Due DiligenceG Means Customer Due DiligenceG as modified under Rule 7.5.1.
          Single Family Has the meaning given to that term in the DIFCG Single Family OfficeG Regulations.
          Single Family OfficeG Has the meaning given to that term in the DIFCG Single Family OfficeG Regulations.
          source of funds Means the origin of customer's funds which relate to a transaction or service and includes how such funds are connected to a customer's source of wealth.
          source of wealth Means how the customer's global wealth or net worth is or was acquired or accumulated.
          StateG Means the U.A.E.
          Suspicious Activity Report (SAR) Means a report in the prescribed format regarding suspicious activity (including a suspicious transaction) made to the AMLSCUG under Rule 13.3.1(c).
          transaction Means any transaction undertaken by a Relevant PersonG for or on behalf of a customer in the course of carrying on a business in or from the DIFCG .
          unlawful organisation Means an organisation the establishment or activities of which have been declared to be criminal under Federal AML legislation.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM132/2014 (Made 21st August 2014). [VER10/06-14]
          [Amended] DFSA RM156/2015 (Made 9th December 2015) [VER35/02-16]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

    • AML 4 Applying a Risk-Based Approach

      Figure 1. The Risk-Based Approach (RBA)

      Derived from RM117/2013 [VER9/07-13]

      • AML 4.1 The Risk-Based Approach

        • AML 4.1.1

          A Relevant PersonG must:

          (a) assess and address its AML risks under this module by reviewing the risks to which the person is exposed as a result of the nature of its business, customers, products, services and any other matters which are relevant in the context of money laundering and then adopting a proportionate approach to mitigate those risks; and
          (b) ensure that, when undertaking any risk-based assessment for the purposes of complying with a requirement of this module, such assessment is:
          (i) objective and proportionate to the risks;
          (ii) based on reasonable grounds;
          (iii) properly documented; and
          (iv) reviewed and updated at appropriate intervals.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 4.1.1 Guidance

            1. Rule 4.1.1 requires a Relevant PersonG to adopt an approach to AML which is proportionate to the risks. This is called the "risk-based approach" ("RBA") and is illustrated in figure 1 above. The DFSAG expects the RBA to be a key part of the Relevant Person'sG money laundering compliance culture and to cascade down from the senior management to the rest of the organisation. Embedding the RBA within its business allows a Relevant PersonG to make decisions and allocate AML resources in the most efficient and effective way.
            2. In implementing the RBA, a Relevant PersonG is expected to have in place processes to identify and assess money laundering risks. After the risk assessment, the Relevant PersonG is expected to monitor, manage and mitigate the risks in a way that is proportionate to the Relevant Person's exposure to those money laundering risks. The general principle is that where there are higher risks of money laundering, a Relevant PersonG is required to take enhanced measures to manage and mitigate those risks, and that, correspondingly, when the risks are lower, simplified measures are permitted.
            3. The RBA discourages a "tick-box" approach to AML. Instead a Relevant PersonG is required to assess relevant money laundering risks and adopt a proportionate response to such risks. The outcome of using the RBA is akin to using a sliding scale, where the type of CDDG undertaken on each customer will ultimately depend on the outcome of the risk-based assessment made of such customer under this chapter.
            4. The Rules regarding record-keeping for the purposes of this module are in section 14.4. These Rules apply in relation to Rule 4.1.1(b)(iii).
            Derived from RM117/2013 [VER9/07-13]
            [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

    • AML 5 Business Risk Assessment

      Figure 2. Business risk-based assessment

      Derived from RM117/2013 [VER9/07-13]

      • AML 5.1 Assessing business AML risks

        • AML 5.1.1

          A Relevant PersonG must:

          (a) take appropriate steps to identify and assess money laundering risks to which its business is exposed, taking into consideration the nature, size and complexity of its activities;
          (b) when identifying and assessing the risks in (a), take into account, to the extent relevant, any vulnerabilities relating to:
          (i) its type of customers and their activities;
          (ii) the countries or geographic areas in which it does business;
          (iii) its products, services and activity profiles;
          (iv) its distribution channels and business partners;
          (v) the complexity and volume of its transactions;
          (vi) the development of new products and new business practices, including new delivery mechanisms, channels and partners; and
          (vii) the use of new or developing technologies for both new and pre-existing products;
          (c) take appropriate measures to ensure that any risk identified as part of the assessment in (a) is taken into account in its day to day operations, including in relation to:
          (i) the development of new products;
          (ii) the taking on of new customers; and
          (iii) changes to its business profile.
          Derived from RM117/2013 [VER9/07-13]

        • AML 5.1.2

          A Relevant PersonG must use the information obtained in undertaking its business risk assessment to:

          (a) develop and maintain its AML policies, procedures, systems and controls required by Rule 5.2.1;
          (b) ensure that its AML policies, procedures, systems and controls adequately mitigate the risks identified as part of the assessment in Rule 5.1.1;
          (c) assess the effectiveness of its AML policies, procedures, systems and controls as required by Rule 5.2.1(c);
          (d) assist in allocation and prioritisation of AML resources; and
          (e) assist in the carrying out of the customer risk assessment under chapter 6.
          Derived from RM117/2013 [VER9/07-13]

          • AML 5.1.2 Guidance

            1. Unless a Relevant PersonG understands the money laundering risks to which it is exposed, it cannot take appropriate steps to prevent its business being used for the purposes of money laundering. Money laundering risks vary from business to business depending on the nature of the business, the type of customers a business has, and the nature of the products and services sold.
            2. Using the RBA, a Relevant PersonG should assess its own vulnerabilities to money laundering and take all reasonable steps to eliminate or manage such risks. The results of this assessment will also feed into the Relevant Person'sG risk assessment of its customers under chapter 6. For instance, if a Relevant PersonG reasonably concludes that a particular business line poses a negligible risk of money laundering, it may decide, using the RBA, that all its customers in that business line should be treated as posing a lower risk of money laundering, and it may apply Simplified Customer Due DiligenceG .
            Derived from RM117/2013 [VER9/07-13]
            [Amended] RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 5.2 AML Systems and Controls

        • AML 5.2.1

          A Relevant PersonG must:

          (a) establish and maintain effective policies, procedures, systems and controls to prevent opportunities for money laundering in relation to the Relevant PersonG and its activities;
          (b) ensure that its systems and controls in (a):
          (i) include the provision to the Relevant Person'sG senior management of regular management information on the operation and effectiveness of its AML systems and controls necessary to identify, measure, manage and control the Relevant Person'sG money laundering risks;
          (ii) enable it to determine whether a customer or a beneficial owner is a Politically Exposed PersonG ; and
          (iii) enable the Relevant PersonG to comply with these Rules and Federal AML legislation; and
          (c) ensure that regular risk assessments are carried out on the adequacy of the Relevant Person'sG AML systems and controls to ensure that they continue to enable it to identify, assess, monitor and manage money laundering risk adequately, and are comprehensive and proportionate to the nature, scale and complexity of its activities.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 5.2.1 Guidance

            In Rule 5.2.1(c) the regularity of risk assessments will depend on the nature, size and complexity of the Relevant Person'sG business.

            Derived from RM117/2013 [VER9/07-13]

    • AML 6 Customer Risk Assessment

      Figure 3. Customer risk-based assessment

      Derived from RM117/2013 [VER9/07-13]

      • AML 6 Guidance

        1. This chapter prescribes the risk-based assessment that must be undertaken by a Relevant PersonG on a customer and the proposed business relationship, transaction or product. The outcome of this process is to produce a risk rating for a customer, which determines the level of Customer Due DiligenceG (CDD) which will apply to that customer under chapter 7. That chapter prescribes the requirements of CDDG and of Enhanced CDDG for high risk customers and Simplified CDDG for low risk customers.
        2. CDDG in the context of AML refers to the process of identifying a customer, verifying such identification and monitoring the customer's business and money laundering risk on an ongoing basis. CDDG is required to be undertaken following a risk-based assessment of the customer and the proposed business relationship, transaction or product.
        3. Relevant PersonsG should note that the ongoing CDDG requirements in Rule 7.6.1 require a Relevant PersonG to ensure that it reviews a customer's risk rating to ensure that it remains appropriate in light of the AML risks.
        4. The DFSAG is aware that in practice there will often be some degree of overlap between the customer risk assessment and CDDG . For example, a Relevant PersonG may undertake some aspects of CDDG , such as identifying a beneficial owner, when it performs a risk assessment of the customer. Conversely, a Relevant PersonG may also obtain relevant information as part of CDDG which has an impact on its customer risk assessment. Examples of such relevant information include information on the source of funds or wealth or information on the ownership and control structure of the customer. Where information obtained as part of CDDG of a customer affects the risk rating of a customer, the change in risk rating should be reflected in the degree of CDDG undertaken.
        Derived from RM117/2013 [VER9/07-13]

      • AML 6.1 Assessing Customer AML Risks

        • AML 6.1.1

          (1) A Relevant PersonG must:
          (a) undertake a risk-based assessment of every customer; and
          (b) assign the customer a risk rating proportionate to the customer's money laundering risks.
          (2) The customer risk assessment in (1) must be completed prior to undertaking Customer Due DiligenceG for new customers, and whenever it is otherwise appropriate for existing customers.
          (3) When undertaking a risk-based assessment of a customer under (1)(a) a Relevant PersonG must:
          (a) identify the customer and any beneficial owner;
          (b) obtain information on the purpose and intended nature of the business relationship;
          (c) take into consideration the nature of the customer, its ownership and control structure, and its beneficial ownership (if any);
          (d) take into consideration the nature of the customer business relationship with the Relevant PersonG ;
          (e) take into consideration the customer's country of origin, residence, nationality, place of incorporation or place of business;
          (f) take into consideration the relevant product, service or transaction; and
          (g) take into consideration the outcomes of business risk assessment under chapter 5.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

        • AML 6.1.2

          A Relevant PersonG must not establish a business relationship with the customer which is a legal person if the ownership or control arrangements of the customer prevent the Relevant PersonG from identifying one or more of the customer's beneficial owners.

          Derived from RM117/2013 [VER9/07-13]

          • AML 6.1.2 Guidance [Deleted]

            [Deleted] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 6.1.2 Guidance [Deleted]

            [Deleted] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 6.1.2 [Deleted]

            [Deleted] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

        • AML 6.1.3

          A Relevant PersonG must not establish or maintain a business relationship with a Shell BankG .

          Derived from RM196/2016 (Made 7th December 2016). [VER13/02-17]

        • AML 6.1.4

          A Relevant PersonG must not establish or maintain an anonymous account, an account in a fictitious name, or a nominee account which is held in the name of one person but which is controlled by or held for the benefit of another person whose identity has not been disclosed to the Relevant PersonG .

          Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 6.1.4 Guidance on the customer risk assessment

            1. In assessing the nature of a customer, a Relevant PersonG should consider such factors as the legal structure of the customer, the customer's business or occupation, the location of the customer's business and the commercial rationale for the customer's business model.
            2. In assessing the customer business relationship, a Relevant PersonG should consider how the customer is introduced to the Relevant PersonG and how the customer is serviced by the Relevant PersonG , including for example, whether the PersonG will be a private banking customer, will open a bank account or whether the business relationship will be purely advisory.
            3. The risk assessment of a customer, which is illustrated in figure 3 above, requires a Relevant PersonG to allocate an appropriate risk rating to every customer. The DFSAG would expect risk ratings to be either descriptive, such as "low", "medium" or "high", or a sliding numeric scale such as 1 for the lowest risk to 10 for the highest. Depending on the outcome of a Relevant Person'sG assessment of its customer's money laundering risk, a Relevant PersonG should decide to what degree CDDG will need to be performed.
            4. Using the RBA, a Relevant PersonG could, when assessing two customers with near identical risk profiles, consider that one is high risk and the other low risk. This may occur, for example, where both customers may be from the same high risk country, but one customer may be a customer in relation to a low risk product or may be a long-standing customer of a GroupG company who has been introduced to the Relevant PersonG .
            5. In AML Rule 6.1.2, ownership arrangements which may prevent the Relevant PersonG from identifying one or more beneficial owners include bearer shares and other negotiable instruments in which ownership is determined by possession.
            Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 6.1.4 Guidance on the term "customer"

            6. The point at which a person becomes a customer will vary from business to business. However, the DFSAG considers that it would usually occur at or prior to the business relationship being formalised, for example, by the signing of a customer agreement or the acceptance of terms of business.
            7. The DFSAG does not consider that a person would be a customer of a Relevant PersonG merely because such person receives marketing information from a Relevant PersonG or where a Relevant PersonG refers a person who is not a customer to a third party (including a GroupG member).
            8. The DFSAG considers that a counterparty would generally be a "customer" for the purposes of this module and would therefore require a Relevant PersonG to undertake CDDG on such a person. However, this would not include a counterparty in a transaction undertaken on a Regulated ExchangeG . Nor would it include suppliers of ordinary business services, for consumption by the Relevant PersonG such as cleaning, catering, stationery, IT or other similar services.
            9. A Representative OfficeG should not have any customers in relation to its DIFCG operations.
            Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 6.1.2 Guidance on high risk customers

            10. In complying with AML Rule 6.1.1, the DFSAG considers that a Relevant PersonG should consider the following factors, which may indicate that a customer poses a higher risk of money laundering:
            a. the business relationship is conducted in unusual circumstances (e.g. significant unexplained geographic distance between the location of the Relevant PersonG and the customer);
            b. legal persons or arrangements that are personal investment vehicles;
            c. companies that have nominee shareholders or directors or shares in bearer form;
            d. businesses that are cash-intensive;
            e. the ownership structure of the legal person appears unusual or excessively complex given the nature of the legal person's business or activities;
            f. countries identified by credible sources, such as mutual evaluation or detailed assessment reports or published follow-up reports, as not having adequate AML systems;
            g. countries subject to sanctions, embargos or similar measures issued by, for example, the United Nations Security Council or identified by credible sources as having significant levels of corruption or other criminal activity;
            h. countries or geographic areas identified by credible sources as providing funding or support for terrorist activities, or that have designated terrorist organisations operating within their country;
            i. a person not meeting the definition of a PEPG but whose high profile or influence poses an elevated risk of corruption;
            j. anonymous transactions (which may include cash);
            k. private banking relationships;
            l. non-face-to-face business relationships or transactions;
            m. payment received from unknown or un-associated third parties;
            n. discretionary trusts; and
            o. charitable trusts and waqfs.
            Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 6.1.2 Guidance on low risk customers

            11. In complying with AML Rule 6.1.1, the DFSA considers that the following types of customers may pose a lower risk of money laundering:
            a. an Authorised FirmG ;
            b. an Authorised Market InstitutionG ;
            c. a Regulated Financial InstitutionG whose entire operations are subject to regulation and supervision, including AML regulation and supervision, in a jurisdiction with AML regulations which are equivalent to the standards set out in the FATFG recommendations;
            d. a SubsidiaryG of a Regulated Financial InstitutionG referred to in (c), if the law that applies to the Parent ensures that the SubsidiaryG also observes the same AML standards as its Parent;
            e. a law firm, notary firm, or other independent legal business that carries on its business in or from the DIFCG ;
            f. an accounting firm, Registered AuditorG or other audit firm or insolvency firm that carries on its business in or from the DIFCG ;
            g. a person carrying on a business in another jurisdiction that is equivalent to the businesses specified in (e) or (f) if:
            (i) the jurisdiction has AML regulations which are equivalent to the standards set out in the FATFG Recommendations; and
            (ii) the person's entire operations are subject to AML regulation and supervision by a competent authority;
            h. a company whose SecuritiesG are listed on a Regulated ExchangeG and which is subject to disclosure obligations broadly equivalent to those set out in the Markets RulesG ;
            i. a government body or a non-commercial government entity in the State or a FATFG member country; and
            j. a customer where the business relationship is limited to providing one or more of the following products or services:
            (i) a Contract of InsuranceG which is non-life insurance;
            (ii) a Contract of InsuranceG which is a life insurance product with no investment return or redemption or surrender value;
            (iii) a Contract of InsuranceG which is life insurance where the annual premium is no more than $1,000 or where a single premium of no more than $2,500 is paid;
            (iv) a Contract of InsuranceG for the purposes of a pension scheme where the contract contains no surrender clause and cannot be used as collateral;
            (v) a Contract of InsuranceG which is a reinsurance contract not falling into (i) to (iv) which is ceded by an insurer who is a Regulated Financial InstitutionG ;
            (vi) a pension, superannuation or similar scheme which provides retirement benefits to employees, where contributions are made by an employer or by way of deduction from an Employee's wages and the scheme rules do not permit the assignment of a member's interest under the scheme; or
            (vii) arbitration, litigation or advice on litigation prospects.
            12. The assignment of a low risk customer AML rating should not be automatic and should be applied only after an assessment of a customer's actual AML risk as required in AML Rule 6.1.1. In conducting this assessment, however, Relevant Persons may wish to make use of, and build upon, the risk assessments it has conducted under AML Rule 5.1.1.
            Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 6.1.2 Guidance on Shell Banks

            13. AML Rule 6.1.3 prohibits a Relevant PersonG from establishing or maintaining a business relationship with a Shell Bank.G A Shell BankG is a bank that has no physical presence in the country in which it is incorporated or licensed, and is not affiliated with a regulated financial GroupG that is subject to effective consolidated supervision. The DFSA does not consider that the existence of a local agent or low level staff constitutes physical presence.
            Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 6.1.2 Guidance on fictitious and anonymous accounts

            14. A Relevant PersonG should note that, in addition to the prohibition in AML Rule 6.1.4 against establishing anonymous or fictitious accounts or accounts for unknown persons, the Federal AML legislation also prohibits the opening of accounts held under borrowed, mock or fake names or with numbers without the names of account holders.
            15. A Relevant PersonG may internally use a numbered account or an account with an abbreviated name. However, it must ensure that the account holder is subject to the same customer due diligence procedures as apply to all other account holders. Also, it should ensure that the identity of the account holder is known to a sufficient number of its staff, and that staff performing AML, compliance, audit and other oversight functions have full access to information about the account holder. Finally, a numbered account or an account with an abbreviated name should only be used for internal purposes.
            Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 6.1.2 Guidance on Tax Issues

            16. A Relevant PersonG should, when carrying out a customer risk assessment, consider and assess the tax crime risk associated with the customer and factor such risks into the overall risk assigned to that customer. Many of the factors described in Guidance item 10 on higher risk customers could also be an indicator of potential tax crimes, for example, the use of complex or unusual corporate structures, the customer's business not being located where the customer lives (without adequate explanation), unusual customer interface or reluctance by the customer to communicate directly with the Relevant PersonG or the customer being unable or unwilling to disclose the source of funds and wealth.
            17. If it is justified based on the risk assessment and where concerns arise, a Relevant PersonG may wish to seek comfort from its customers by obtaining disclosures or declarations to ascertain if a legitimate explanation exists for the concerns and therefore to allay those concerns.
            Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

    • AML 7 Customer Due Diligence

      Figure 4. CDD

      Derived from RM117/2013 [VER9/07-13]

      • AML 7.1 Requirement to Undertake Customer Due Diligence

        • AML 7.1.1

          (1) A Relevant PersonG must:
          (a) undertake Customer Due DiligenceG under Rule 7.3.1 for each of its customers; and
          (b) in addition to (a), undertake Enhanced Customer Due DiligenceG under Rule 7.4.1 in respect of any customer it has assigned as high risk.
          (2) A Relevant PersonG may undertake Simplified Customer Due DiligenceG in accordance with Rule 7.5.1 by modifying Customer Due DiligenceG under Rule 7.3.1 for any customer it has assigned as low risk.
          Derived from RM117/2013 [VER9/07-13]

          • AML 7.1.1 Guidance

            A Relevant PersonG should undertake CDDG in a manner proportionate to the customer's money laundering risks identified under Rule 6.1.1(1). This means that all customers are subject to CDDG under Rule 7.3.1. However, for high risk customers, additional Enhanced CDDG measures should also be undertaken under Rule 7.4.1. For low risk customers, Rule 7.3.1 may be modified according to the risks in accordance with Rule 7.5.1.

            Derived from RM117/2013 [VER9/07-13]

      • AML 7.2 Timing of Customer Due Diligence

        • AML 7.2.1

          (1) A Relevant PersonG must:
          (a) undertake the appropriate Customer Due DiligenceG under AML Rule 7.3.1(1)(a) to (c) when it is establishing a business relationship with a customer; and
          (b) undertake the appropriate Customer Due DiligenceG under AML Rule 7.3.1(1)(d) after establishing a business relationship with a customer.
          (2) A Relevant PersonG must also undertake appropriate Customer Due DiligenceG if, at any time:
          (a) in relation to an existing customer, it doubts the veracity or adequacy of documents, data or information obtained for the purposes of Customer Due DiligenceG ;
          (b) it suspects money laundering in relation to a person; or
          (c) there is a change in risk-rating of the customer, or it is otherwise warranted by a change in circumstances of the customer.
          (3) A Relevant PersonG may establish a business relationship with a customer before completing the verification required by AML Rule 7.3.1 if the following conditions are met:
          (a) deferral of the verification of the customer or beneficial owner is necessary in order not to interrupt the normal conduct of a business relationship;
          (b) there is little risk of money laundering occurring and any such risks identified can be effectively managed by the Relevant PersonG ;
          (c) in relation to a bank account opening, there are adequate safeguards in place to ensure that the account is not closed and transactions are not carried out by or on behalf of the account holder (including any payment from the account to the account holder) before verification has been completed; and
          (d) subject to (4), the relevant verification is completed as soon as reasonably practicable and in any event no later than 30 days after the establishment of a business relationship.
          (4) Where a Relevant PersonG is not reasonably able to comply with the 30 day requirement in (3)(d), it must, prior to the end of the 30 day period:
          (a) document the reason for its non-compliance;
          (b) complete the verification in (3) as soon as possible; and
          (c) record the non-compliance event in its annual AML Return.
          (5) The DFSAG may specify a period within which a Relevant PersonG must complete the verification required by (3) failing which the DFSAG may direct the Relevant PersonG to cease any business relationship with the customer.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 7.2.1 Guidance

            1. For the purposes of Rule 7.2.1(2)(a), examples of situations which might lead a Relevant PersonG to have doubts about the veracity or adequacy of documents, data or information previously obtained could be where there is a suspicion of money laundering in relation to that customer, where there is a material change in the way that the customer's account is operated, which is not consistent with the customer's business profile, or where it appears to the Relevant PersonG that a person other than the customer is the real customer.
            2. In Rule 7.2.1(3)(a), situations that the Relevant PersonG may take into account include, for example, accepting subscription monies during a short offer period or executing a time critical transaction, which if not executed immediately, would or may cause a customer to incur a financial loss due to price movement or loss of opportunity or when a customer seeks immediate insurance cover.
            3. When complying with Rule 7.2.1, a Relevant PersonG should also, where relevant, consider Rule 7.7.1 regarding failure to conduct or complete CDDG and chapter 13 regarding SARs and tipping off.
            4. For the purposes of Rule 7.2.1(3)(d), the DFSAG considers that in most situations as soon as reasonably practicable would be within 30 days after the establishment of a business relationship. However, it will depend on the nature of the customer business relationship.
            Derived from RM117/2013 [VER9/07-13]

      • AML 7.3 Customer Due Diligence Requirements

        • AML 7.3.1

          (1) In undertaking Customer Due DiligenceG required by AML Rule 7.1.1(1)(a) a Relevant Person must:
          (a) verify the identity of the customer and any beneficial owner on the basis of original or properly certified documents, data or information issued by or obtained from a reliable and independent source;
          (b) understand the customer's source of funds;
          (c) understand the customer's source of wealth; and
          (d) undertake on-going due diligence of the customer business relationship under AML Rule 7.6.1.
          (2) In complying with (1)(a) for life insurance or other similar policies, a Relevant PersonG must:
          (a) verify the identity of any named beneficiaries of the insurance policy; and
          (b) verify the identity of the persons in any class of beneficiary, or where these are not identifiable, ensure that it obtains sufficient information to be able to verify the identity of such persons at the time of payout of the insurance policy.
          (3) Where a customer, or a beneficial owner of the customer, is a Politically Exposed PersonG , a Relevant PersonG must ensure that, in addition to (1) it also:
          (a) increases the degree and nature of monitoring of the business relationship, in order to determine whether the customer's transactions or activities appear unusual or suspicious; and
          (b) obtains the approval of senior management to commence a business relationship with the customer.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 7.3.1 Guidance on CDD

            1. A Relevant PersonG should, in complying with AML Rule 7.3.1(1)(a), and adopting the RBA, obtain, verify and record, for every customer who is a natural person, the following identification information:
            a. full name (including any alias);
            b. date of birth;
            c. nationality;
            d. legal domicile; and
            e. current residential address (not a P.O. box).
            2. Items (a) to (c) above should be obtained from a current valid passport or, where a customer does not possess a passport, an official identification document which includes a photograph. The concept of domicile generally refers to the place which a person regards as his permanent home and with which he has the closest ties or which is his place of origin.
            3. A Relevant PersonG should, in complying with AML Rule 7.3.1(1)(a), and adopting the RBA, obtain, verify and record, for every customer which is a legal person, the following identification information:
            a. full business name and any trading name;
            b. registered or business address;
            c. date of incorporation or registration;
            d. place of incorporation or registration;
            e. a copy of the certificate of incorporation or registration;
            f. a valid commercial or professional licence;
            g. the identity of the directors, partners, trustees or equivalent persons with executive authority of the legal person; and
            h. for a trust, a certified copy of the trust deed to ascertain the nature and purpose of the trust and documentary evidence of the appointment of the current trustees.
            4. In complying with AML Rule 7.3.1(1)(a), it may not always be possible to obtain original documents. Where identification documents cannot be obtained in original form, for example, because a Relevant PersonG has no physical contact with the customer, the Relevant PersonG should obtain a copy certified as a true copy by a person of good standing such as a registered lawyer or notary, a chartered accountant, a bank manager, a police officer, an EmployeeG of the person's embassy or consulate, or other similar person. The DFSAG considers that downloading publicly-available information from an official source (such as a regulator's or other official government website) is sufficient to satisfy the requirements of AML Rule 7.3.1(1)(a). The DFSAG also considers that CDDG information and research obtained from a reputable company or information-reporting agency may also be acceptable as a reliable and independent source as would banking references and, on a risk-sensitive basis, information obtained from researching reliable and independent public information found on the internet or on commercial databases.
            5. For higher risk situations the DFSAG would expect identification information to be independently verified, using both public and non-public sources. For lower risk situations, not all of the relevant identification information would need to be verified.
            6. In complying with AML Rule 7.3.1(1) (b), a Relevant PersonG is required to "understand" a customer's source of funds. This process involves understanding where the funds for a particular service or transaction will come from (e.g. a specific bank account held with a specific financial institution) and whether that funding is consistent with the customer's source of wealth. The best way of understanding the source of funds is by obtaining information directly from the customer, which will usually be obtained during the on-boarding process. The Relevant Person should keep appropriate evidence of how they were able to understand the source of funds, for example, a copy of the customer account opening form, customer questionnaire or a memo of a call with the relationship manager at a financial institution
            7. In complying with AML Rule 7.3.1(1)(c), a Relevant PersonG is required to "understand" a customer's source of wealth. For a natural person, this might include questions about the source of wealth in an application form or customer questionnaire. The understanding may also be gained through interactions with the relationship manager at a financial institution. It could also be gained by obtaining information from a reliable and independent publicly available source, for example, from published accounts or a reputable news source. The understanding need not be a dollar for dollar account of the customer's global wealth, but it should provide sufficient detail to give the Relevant PersonG comfort that the customer's wealth is legitimate and also to provide a base line for subsequent ongoing due diligence. The understanding of the customer's source of wealth should be clearly documented.
            8. Understanding a customer's source of funds and wealth is also important for the purposes of undertaking ongoing due diligence under AML Rule 7.3.1(1)(d). Initial funding of an account or investments from an unknown or unexpected source may pose a money laundering risk. Similarly, a sound understanding of the customer's source of funds and wealth also provides useful information for a Relevant Person's transaction monitoring programme.
            9. An insurance policy which is similar to a life policy would include life-related protection, or a pension, or investment product which pays out to the policy holder or beneficiary upon a particular event occurring or upon redemption.
            Derived from RM117/2013 [VER9/07-13]
            [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 7.3.1 Guidance on identification and verification of beneficial owners

            10. In determining whether an individual meets the definition of a beneficial owner or controller, regard should be had to all the circumstances of the case, in particular the size of an individual's legal or beneficial ownership in a transaction. The question of what is a "small" ownership interest for the purposes of the definition of a beneficial owner will depend on the individual circumstances of the customer. The DFSAG considers that the question of whether an ownership interest is small should be considered in the context of the Relevant Person'sG knowledge of the customer and the customer risk assessment and the risk of money laundering.
            11. When identifying beneficial owners, a Relevant PersonG is expected to adopt a substantive (as opposed to form over substance) approach to CDDG for legal persons. Adopting a substantive approach means focusing on the money laundering risks of the customer and the product/service and avoiding an approach which focusses purely on the legal form of an arrangement or sets fixed percentages at which beneficial owners are identified (or not). It should take all reasonable steps to establish and understand a corporate customer's legal ownership and control and to identify the beneficial owner. The DFSAG does not set explicit ownership or control thresholds in defining the beneficial owner because the DFSAG considers that the applicable threshold to adopt will ultimately depend on the risks associated with the customer, and so the DFSAG expects a Relevant PersonG to adopt the RBA and justify on reasonable grounds an approach which is proportionate to the risks identified. A Relevant PersonG should not set fixed thresholds for identifying the beneficial owner without objective and documented justification as required by AML Rule 4.1.1. An overly formal approach to defining the beneficial owner may result in a criminal "gaming" the system by always keeping his financial interest below the relevant threshold
            12. The DFSAG considers that in some circumstances no threshold should be used when identifying beneficial owners because it may be important to identify all underlying beneficial owners in order to ensure that they are not associated or connected in some way. This may be appropriate where there are a small number of investors in an account or fund, each with a significant financial holding and the customer-specific risks are higher. However, where the customer-specific risks are lower, a threshold can be appropriate. For example, for a low-risk corporate customer which, combined with a lower-risk product or service, a percentage threshold may be appropriate for identifying "control" of the legal person for the purposes of the definition of a beneficial owner.
            13. For a retail investment fund which is widely-held and where the investors invest via pension contributions, the DFSAG would not expect the manager of the fund to look through to any underlying investors where there are none with any material control or ownership levels in the fund. However, for a closely-held fund with a small number of investors, each with a large shareholding or other interest, the DFSAG would expect a Relevant PersonG to identify and verify each of the beneficial owners, depending on the risks identified as part of its risk-based assessment of the customer. For a corporate health policy with defined benefits, the DFSAG would not expect a Relevant PersonG to identify the beneficial owners.
            14. Where a Relevant PersonG carries out identification and verification in respect of actual and potential beneficial owners of a trust, this should include the trustee, settlor, the protector, the enforcer, beneficiaries, other persons with power to appoint or remove a trustee and any person entitled to receive a distribution, whether or not such person is a named beneficiary.
            15. Under Federal AML legislation, if the customer is a legal person, the Relevant PersonG must obtain information identifying the names and addresses of partners and shareholders who each hold more than 5% of the capital of the legal person i.e. it applies a specified threshold. This does not affect the approach that should be taken under AML Rule 7.3.1(1)(a) for verifying the identity of beneficial owners, where no threshold is specified (see Guidance items 10 to 14 above). As a result, under the Federal AML legislation a Relevant PersonG will need to obtain information identifying partners and shareholders who hold more than 5% of the capital of the legal person. Then, in accordance with the risk-based approach in Guidance items 10 to 14, the Relevant PersonG should determine whether it is necessary also to identify other persons who may be beneficial owners, and verify their identity
            Derived from RM117/2013 [VER9/07-13]
            [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 7.3.1 Guidance on politically exposed persons

            16. Individuals who have, or have had, a high political profile, or hold, or have held, public office, can pose a higher money laundering risk to a Relevant PersonG as their position may make them vulnerable to corruption. This risk also extends to members of their families and to known close associates. Politically Exposed PersonG ("PEP") status itself does not, of course, incriminate individuals or entities. It does, however, put the customer into a higher risk category.
            17. Generally, a foreign PEPG presents a higher risk of money laundering because there is a greater risk that such person, if he was committing money laundering, would attempt to place his money offshore where the customer is less likely to be recognised as a PEPG and where it would be more difficult for law enforcement agencies in his home jurisdiction to confiscate or freeze his criminal property.
            18. Corruption-related money laundering risk increases when a Relevant PersonG deals with a PEPG . Corruption may involve serious crimes and has become the subject of increasing global concern. Corruption offences are predicate crimes under the Federal AML legislation. A Relevant PersonG should note that customer relationships with family members or close associates of PEPsG involve similar risks to those associated with PEPsG themselves.
            19. The DFSAG considers that after leaving office a PEPG may remain a higher risk for money laundering if such person continues to exert political influence or otherwise pose a risk of corruption.
            Derived from RM117/2013 [VER9/07-13]
            [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 7.4 Enhanced Customer Due Diligence

        • AML 7.4.1

          Where a Relevant PersonG is required to undertake Enhanced Customer Due DiligenceG under AML Rule 7.1.1(1)(b) it must, to the extent applicable to the customer:

          (a) obtain and verify additional:
          (i) identification information on the customer and any beneficial owner;
          (ii) information on the intended nature of the business relationship; and
          (iii) information on the reasons for a transaction;
          (b) update more regularly the Customer Due DiligenceG information which it holds on the customer and any beneficial owners;
          (c) verify information on:
          (i) the customer's source of funds;
          (ii) the customer's source of wealth;
          (d) increase the degree and nature of monitoring of the business relationship, in order to determine whether the customer's transactions or activities appear unusual or suspicious;
          (e) obtain the approval of senior management to commence a business relationship with a customer; and
          (f) where applicable, require that any first payment made by a customer in order to open an account with a Relevant PersonG must be carried out through a bank account in the customer's name with:
          (i) a BankG ;
          (ii) a Regulated Financial InstitutionG whose entire operations are subject to regulation and supervision, including AML regulation and supervision, in a jurisdiction with AML regulations which are equivalent to the standards set out in the FATF recommendations; or
          (iii) a SubsidiaryG of a Regulated Financial InstitutionG referred to in (ii), if the law that applies to the ParentG ensures that the Subsidiary also observes the same AML standards as its ParentG .
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 7.4.1 Guidance

            1. In AML Rule 7.4.1 Enhanced CDDG measures are only mandatory to the extent that they are applicable to the relevant customer or the circumstances of the business relationship and to the extent that the risks would reasonably require it. Therefore, the extent of additional measures to conduct is a matter for the Relevant PersonG to determine on a case by case basis.
            2. In AML RM117/2013(e), senior management approval may be given by an individual member of the Relevant Person'sG senior management or by a committee of senior managers appointed to consider high risk customers. It may also be outsourced within the Group.
            3. For high risk customers, a Relevant PersonG should, in order to mitigate the perceived and actual risks, exercise a greater degree of diligence throughout the customer relationship and should endeavour to understand the nature of the customer's business and consider whether it is consistent and reasonable.
            4. A Relevant PersonG should be satisfied that a customer's use of complex legal structures and/or the use of trust and private investment vehicles, has a genuine and legitimate purpose.
            5. For enhanced CDDG , where there is a beneficial owner, verification of the customer's source of funds and wealth may require enquiring into the beneficial owner's source of funds and wealth because the source of the funds would normally be the beneficial owner and not the customer.
            6. The DFSAG considers that verification of source of funds includes obtaining independent corroborating evidence such as proof of dividend payments connected to a shareholding, bank statements, salary/bonus certificates, loan documentation and proof of a transaction which gave rise to the payment into the account. A customer should be able to demonstrate and document how the relevant funds are connected to a particular event which gave rise to the payment into the account or to the source of the funds for a transaction.
            7. The DFSAG considers that verification of source of wealth includes obtaining independent corroborating evidence such as share certificates, publicly-available registers of ownership, bank or brokerage account statements, probate documents, audited accounts and financial statements, news items from a reputable source and other similar evidence. For example:
            a. for a legal person, this might be achieved by obtaining its financial or annual reports published on its website or news articles and press releases that reflect its financial situation or the profitability of its business; and
            b. for a natural person, this might include documentary evidence which corroborates answers given to questions on the source of wealth in an application form or customer questionnaire. For example, if a natural person attributes the source of his wealth to inheritance, he may be asked to provide a copy of the relevant will or grant of probate. In other cases, a natural person may be asked to provide sufficient bank or salary statements covering a number of years to draw up a picture of his source of wealth.
            8. A Relevant PersonG may commission a third party vendor report to obtain further information on a customer or transaction or to investigate a customer or beneficial owner in very high risk cases. A third party vendor report may be particularly useful where there is little or no publicly-available information on a person or on a legal arrangement or where a Relevant PersonG has difficulty in obtaining and verifying information.
            9. In AML Rule 7.4.1(f), circumstances where it may be applicable to require the first payment made by a customer in order to open an account with a Relevant PersonG to be carried out through a bank account in the customer's name with a financial institution specified in that paragraph include:
            a. where, following the use of other Enhanced CDDG measures, the Relevant PersonG is not satisfied with the results of due diligence; or
            b. as an alternative measure, where one of the measures in AML Rule 7.4.1 (a) to (e) cannot be carried out.
            Derived from RM117/2013 [VER9/07-13]
            [Amended] RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 7.5 Simplified customer due diligence

        • AML 7.5.1

          (1) Where a Relevant PersonG is permitted to undertake Simplified Customer Due DiligenceG under AML Rule 7.1.1(2), modification of AML Rule 7.3.1 may include:
          (a) verifying the identity of the customer and identifying any beneficial owners after the establishment of the business relationship under AML Rule 7.2.1(3);
          (b) deciding to reduce the frequency of, or as appropriate not undertake, customer identification updates;
          (c) deciding not to verify an identified beneficial owner;
          (d) deciding not to verify an identification document other than by requesting a copy;
          (e) not enquiring as to a customer's source of funds or source of wealth;
          (f) reducing the degree of on-going monitoring of transactions, based on a reasonable monetary threshold or on the nature of the transaction; or
          (g) not collecting specific information or carrying out specific measures to understand the purpose and intended nature of the business relationship, but infering such purpose and nature from the type of transactions or business relationship established.
          (2) The modification in (1) must be proportionate to the customer's money laundering risks.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 7.5.1 Guidance

            1. AML Rule 7.5.1(1) provides examples of Simplified CDDG measures. Other measures may also be used by a Relevant PersonG to modify CDDG in accordance with the customer risks.
            2. A Relevant PersonG should not use a "one size fits all" approach for all its low risk customers. Notwithstanding that the risks may be low for all such customers, the degree of CDDG undertaken needs to be proportionate to the specific risks identified on a case by case basis. For example, for customers where the money laundering risks are very low, a Relevant PersonG may decide to simply identify the customer and verify such information only to the extent that this is commercially necessary. On the other hand, a low risk customer which is undertaking a complex transaction might require more comprehensive Simplified CDDG .
            3. For the avoidance of doubt, a Relevant PersonG is always required to 'identify' beneficial owners, except for retail investment funds which are widely held and investment funds where the investor invests via pension contributions. However, a Relevant PersonG may decide not to 'verify' beneficial owners of a low risk customer.
            4. An example of circumstances where a Relevant PersonG might reasonably reduce the frequency of or, as appropriate, eliminate customer identification updates would be where the money laundering risks are low and the service provided does not offer a realistic opportunity for money laundering.
            5. An example of where a Relevant PersonG might reasonably reduce the degree of on-going monitoring and scrutinising of transactions, based on a reasonable monetary threshold or on the nature of the transaction, would be where the transaction is a recurring, fixed contribution to a savings scheme, investment portfolio or fund or where the monetary value of the transaction is not material for money laundering purposes given the nature of the customer and the transaction type.
            Derived from RM117/2013 [VER9/07-13]
            [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 7.6 Ongoing Customer Due Diligence

        • AML 7.6.1

          When undertaking ongoing Customer Due DiligenceG under Rule 7.3.1(1)(d), a Relevant PersonG must, using the risk-based approach:

          (a) monitor transactions undertaken during the course of its customer relationship to ensure that the transactions are consistent with the Relevant Person'sG knowledge of the customer, his business and risk rating;
          (b) pay particular attention to any complex or unusually large transactions or unusual patterns of transactions that have no apparent or visible economic or legitimate purpose;
          (c) enquire into the background and purpose of the transactions in (b);
          (d) periodically review the adequacy of the Customer Due DiligenceG information it holds on customers and beneficial owners to ensure that the information is kept up to date, particularly for customers with a high risk rating; and
          (e) periodically review each customer to ensure that the risk rating assigned to a customer under Rule 6.1.1(1)(b) remains appropriate for the customer in light of the money laundering risks.
          Derived from RM117/2013 [VER9/07-13]

          • AML 7.6.1 Guidance

            1. In complying with Rule 7.6.1(d), a Relevant PersonG should undertake a periodic review to ensure that non-static customer identity documentation is accurate and up-to-date. Examples of non-static identity documentation include passport number and residential/business address and, for a legal person, its share register or list of partners.
            2. A Relevant PersonG should undertake a review under Rule 7.6.1 (d) and (e) particularly when:
            a. the Relevant PersonG changes its CDDG documentation requirements;
            b. an unusual transaction with the customer is expected to take place;
            c. there is a material change in the business relationship with the customer; or
            d. there is a material change in the nature or ownership of the customer.
            3. The degree of the on-going due diligence to be undertaken will depend on the customer risk assessment carried out under Rule 6.1.1.
            4. A Relevant Person'sG transaction monitoring policies, procedures, systems and controls, which may be implemented by manual or automated systems, or a combination thereof, are one of the most important aspects of effective CDDG . Whether a Relevant PersonG should undertake the monitoring by means of a manual or computerised system (or both) will depend on a number of factors, including:
            a. the size and nature of the Relevant Person'sG business and customer base; and
            b. the complexity and volume of customer transactions.
            Derived from RM117/2013 [VER9/07-13]

        • AML 7.6.2

          A Relevant PersonG must review its customers, their business and transactions against United Nations Security Council sanctions lists and against any other relevant sanctions list when complying with Rule 7.6.1(d).

          Derived from RM117/2013 [VER9/07-13]

          • AML 7.6.2 Guidance

            In AMLRule 7.6.2, a "relevant sanctions list" may include U.A.E EU, U.K. HM Treasury, U.S. OFAC lists and any other list which may apply to a Relevant PersonG .

            Derived from RM117/2013 [VER9/07-13]
            [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 7.7 Failure to conduct or complete customer due diligence

        • AML 7.7.1

          (1) Where, in relation to any customer, a Relevant PersonG is unable to conduct or complete the requisite Customer Due DiligenceG in accordance with AML Rule 7.1.1 it must, to the extent relevant:
          (a) not carry out a transaction with or for the customer through a bank account or in cash;
          (b) not open an account or otherwise provide a service;
          (c) not otherwise establish a business relationship or carry out a transaction;
          (d) terminate or suspend any existing business relationship with the customer;
          (e) return any monies or assets received from the customer; and
          (f) consider whether the inability to conduct or complete Customer Due DiligenceG necessitates the making of a Suspicious Activity Report under AML Rule 13.3.1(c).
          (2) A Relevant PersonG is not obliged to comply with (1) (a) to (e) if:
          (a) to do so would amount to "tipping off" the customer, in breach of Federal AML legislation; or
          (b) the AMLSCUG directs the Relevant PersonG to act otherwise.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 7.7.1 Guidance

            1. In complying with Rule 7.7.1(1) a Relevant PersonG should apply one or more of the measures in (a) to (f) as appropriate in the circumstances. Where CDDG cannot be completed, it may be appropriate not to carry out a transaction pending completion of CDDG . Where CDDG cannot be conducted, including where a material part of the CDDG , such as identifying and verifying a beneficial owner cannot be conducted, a Relevant PersonG should not establish a business relationship with the customer.
            2. A Relevant PersonG should note that Rule 7.7.1 applies to both existing and prospective customers. For new customers it may be appropriate for a Relevant PersonG to terminate the business relationship before a product or service is provided. However, for existing customers, while termination of the business relationship should not be ruled out, suspension may be more appropriate depending on the circumstances. Whichever route is taken, the Relevant PersonG should be careful not to tip off the customer.
            3. A Relevant PersonG should adopt the RBA for CDDG of existing customers. For example, if a Relevant PersonG considers that any of its existing customers (which may include customers which it migrates into the DIFCG ) have not been subject to CDDG at an equivalent standard to that required by this module, it should adopt the RBA and take remedial action in a manner proportionate to the risks and within a reasonable period of time whilst complying with Rule 7.7.1.
            Derived from RM117/2013 [VER9/07-13]

    • AML 8 Reliance and Outsourcing

      Derived from RM117/2013 [VER9/07-13]

      • AML 8.1 Reliance on a third party

        • AML 8.1.1

          (1) A Relevant PersonG may rely on the following third parties to conduct one or more elements of Customer Due DiligenceG on its behalf:
          (a) an Authorised PersonG ;
          (b) a law firm, notary, or other independent legal business, accounting firm, audit firm or insolvency practitioner or an equivalent person in another jurisdiction;
          (c) a Financial InstitutionG ; or
          (d) a member of the Relevant Person'sG Group.
          (2) In (1), a Relevant PersonG may rely on the information previously obtained by a third party which covers one or more elements of Customer Due DiligenceG .
          (3) Where a Relevant PersonG seeks to rely on a person in (1) it may only do so if and to the extent that:
          (a) it immediately obtains the necessary Customer Due DiligenceG information from the third party in (1);
          (b) it takes adequate steps to satisfy itself that certified copies of the documents used to undertake the relevant elements of Customer Due DiligenceG will be available from the third party on request without delay;
          (c) the person in (1)(b) to (d) is subject to regulation, including AML regulation, by a Financial Services RegulatorG or other competent authority in a country with AML regulations which are equivalent to the standards set out in the FATFG Recommendations and it is supervised for compliance with such regulations;
          (d) the person in (1) has not relied on any exception from the requirement to conduct any relevant elements of Customer Due DiligenceG which the Relevant PersonG seeks to rely on; and
          (e) in relation to (2), the information is up to date.
          (4) Where a Relevant PersonG relies on a member of its GroupG , such GroupG member need not meet the condition in (3)(c) if:
          (a) the GroupG applies and implements a GroupG -wide policy on Customer Due DiligenceG and record keeping which is equivalent to the standards set by FATFG ; and
          (b) where the effective implementation of those Customer Due DiligenceG and record keeping requirements and AML programmes are supervised at GroupG level by a Financial Services RegulatorG or other competent authority in a country with AML regulations which are equivalent to the standards set out in the FATFG Recommendations.
          (5) If a Relevant PersonG is not reasonably satisfied that a customer or beneficial owner has been identified and verified by a third party in a manner consistent with these Rules, the Relevant PersonG must immediately perform the Customer Due DiligenceG itself with respect to any deficiencies identified.
          (6) Notwithstanding the Relevant Person'sG reliance on a person in (1), the Relevant PersonG remains responsible for compliance with, and liable for any failure to meet the Customer Due DiligenceG requirements in this module.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 8.1.1 Guidance

            1. In complying with AML Rule 8.1.1(3)(a), "immediately obtaining the necessary CDDG information" means obtaining all relevant CDDG information, and not just basic information such as name and address. Compliance can be achieved by having that relevant information sent by email or other appropriate means. For the avoidance of doubt, a Relevant PersonG is not required automatically to obtain the underlying certified documents used by the third party to undertake its CDDG . A Relevant PersonG must, however, under AML Rule 8.1.1(3)(b) ensure that the certified documents are readily available from the third party on request.
            2. The DFSAG would expect a Relevant PersonG , in complying with AML Rule 8.1.1(5), to fill any gaps in the CDDG process as soon as it becomes aware that a customer or beneficial owner has not been identified and verified in a manner consistent with these Rules.
            3. If a Relevant PersonG acquires another business, either in whole or in part, the DFSAG would permit the Relevant PersonG to rely on the CDDG conducted by the business it is acquiring but would expect the Relevant PersonG to have done the following:
            a. as part of its due diligence for the acquisition, to have taken a reasonable sample of the prospective customers to assess the quality of the CDDG undertaken; and
            b. to undertake CDDG on all the customers to cover any deficiencies identified in a. as soon as possible following the acquisition, prioritising high risk customers.
            4. Where a particular jurisdiction's laws (such as secrecy or data protection legislation) would prevent a Relevant PersonG from having access to CDDG information upon request without delay as referred to in AML Rule 8.1.1(3)(b), the Relevant PersonG should undertake the relevant CDDG itself and should not seek to rely on the relevant third party.
            5. If a Relevant PersonG relies on a third party located in a foreign jurisdiction to conduct one or more elements of CDD on its behalf, the Relevant PersonG must ensure that the foreign jurisdiction has AML regulations that are equivalent to the standards in the FATFG Recommendations (see AML Rule 8.1.1(3)(c)).
            6. When assessing if AML regulations in another jurisdiction are equivalent to FATF standards, a Relevant PersonG may consider a number of factors including, but not limited to: FATF membership, FATF Mutual Evaluation reports, FATF-style or IMF/World Bank evaluations, membership of an international or regional 'group' such as the MENAFATF or the Gulf Cooperation Council, contextual factors such as political stability or the level of corruption, evidence of relevant criticism of a jurisdiction including FATF advisory notices or independent and public assessments of the jurisdiction's overall AML regime such as IMF/World Bank or other reports by reputable NGOs or specialised commercial agencies. A Relevant PersonG should, in making its assessment, rely only on sources that are up-to-date and that include the latest AML developments from a reliable and competent source. The assessment may also take into account whether adequate arrangements exist for co-operation between the AML regulator in that jurisdiction and the DFSAG . The DFSAG expects a Relevant PersonG to keep sufficient records of the sources and materials considered when undertaking this AML assessment.
            Derived from RM117/2013 [VER9/07-13]
            [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 8.2 Outsourcing

        • AML 8.2.1

          A Relevant PersonG which outsources any one or more elements of its Customer Due DiligenceG to a service provider (including within its GroupG ) remains responsible for compliance with, and liable for any failure to meet, such obligations.

          Derived from RM117/2013 [VER9/07-13]

          • AML 8.2.1 Guidance

            1. Prior to appointing an outsourced service provider to undertake CDDG , a Relevant PersonG should undertake appropriate due diligence to assure itself of the suitability of the outsourced service provider and should ensure that the outsourced service provider's obligations are clearly documented in a binding agreement.
            2. An Authorised PersonG should be mindful of its obligations regarding outsourcing set out in GEN Rules 5.3.21 and 5.3.22.
            Derived from RM117/2013 [VER9/07-13]

    • AML 9 Correspondent Banking, Wire Transfers and Audit

      • AML 9.1 Application

        • AML 9.1.1

          This chapter applies only to an Authorised PersonG .

          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 9.2 Correspondent Banking

        • AML 9.2.1

          An Authorised FirmG proposing to have a correspondent banking relationship with a respondent bank must:

          (a) undertake appropriate Customer Due DiligenceG on the respondent bank;
          (b) as part of (a), gather sufficient information about the respondent bank to understand fully the nature of the business, including making appropriate enquiries on its management, its major business activities and the countries or jurisdictions in which it operates;
          (c) determine from publicly-available information the reputation of the respondent bank and the quality of supervision, including whether it has been subject to a money laundering or terrorist financing investigation or relevant regulatory action;
          (d) assess the respondent bank's AML controls and ascertain if they are adequate and effective in light of the FATFG Recommendations;
          (e) ensure that prior approval of the Authorised Firm'sG senior management is obtained before entering into a new correspondent banking relationship;
          (f) ensure that the respective responsibilities of the parties to the correspondent banking relationship are properly documented; and
          (g) be satisfied that, in respect of any customers of the respondent bank who have direct access to accounts of the Authorised FirmG , the respondent bank:
          (i) has undertaken Customer Due DiligenceG (including ongoing Customer Due DiligenceG ) at least equivalent to that in Rule 7.3.1 in respect of each customer; and
          (ii) is able to provide the relevant Customer Due DiligenceG information in (i) to the Authorised FirmG upon request; and
          (h) document the basis for its satisfaction that the requirements in (a) to (g) are met.
          Derived from RM117/2013 [VER9/07-13]

        • AML 9.2.2

          An Authorised FirmG must:

          (a) not enter into a correspondent banking relationship with a Shell BankG ; and
          (b) take appropriate measures to ensure that it does not enter into, or continue a corresponding banking relationship with, a bank which is known to permit its accounts to be used by Shell BankSG .
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 9.2.2 Guidance

            AML Rule 9.2.2 prohibits an Authorised FirmG from entering into a correspondent banking relationship with a Shell BankG or a bank which is known to permit its accounts to be used by Shell BanksG . See the Guidance after AML Rule 6.1.4 for more information about what constitutes a Shell BankG .

            Derived from RM117/2013 [VER9/07-13]
            [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 9.3 Wire transfers

        • AML 9.3.1

          In this section:

          (a) "beneficiary" means the natural or legal person or legal arrangement who is identified by the originator as the receiver of the requested wire transfer;
          (b) "originator" means the account holder who instructs the wire transfer from the relevant account, or where there is no account, the natural or legal person that places the order with the ordering Financial InstitutionG to perform the wire transfer; and
          (c) "wire transfer" includes any value transfer arrangement.
          Derived from RM117/2013 [VER9/07-13]

        • AML 9.3.2

          (1) An Authorised PersonG must:
          (a) when it sends or receives funds by wire transfer on behalf of a customer, ensure that the wire transfer and any related messages contain accurate originator and beneficiary information;
          (b) ensure that, while the wire transfer is under its control, the information in (a) remains with the wire transfer and any related message throughout the payment chain; and
          (c) monitor wire transfers for the purpose of detecting those wire transfers that do not contain originator and beneficiary information and take appropriate measures to identify any money laundering risks.
          (2) The requirement in (1) does not apply to an Authorised PersonG which transfers funds to another Financial InstitutionG where both the originator and the beneficiary are Financial InstitutionsG acting on their own behalf.
          (3) An Authorised PersonG must ensure that information accompanying all wire transfers contains at a minimum:
          (a) the name of the originator;
          (b) the originator account number where such an account is used to process the transaction;
          (c) the originator's address, or national identity number, or customer identification number, or date and place of birth;
          (d) the name of the beneficiary; and
          (e) the beneficiary account number where such an account is used to process the transaction.
          Derived from RM117/2013 [VER9/07-13]

          • AML 9.3.2 Guidance

            1. In the absence of an account number, a unique transaction reference number should be included which permits traceability of the transaction.
            2. The DFSAG considers that concealing or removing in a wire transfer any of the information required by Rule 9.3.2(3) would be a breach of the requirement to ensure that the wire transfer contains accurate originator and beneficiary information.
            Derived from RM117/2013 [VER9/07-13]

      • AML 9.4 Audit

        • AML 9.4.1

          An Authorised PersonG must ensure that its audit function, established under GEN Rule 5.3.13, includes regular reviews and assessments of the effectiveness of the Authorised Person's money laundering policies, procedures, systems and controls, and its compliance with its obligations in this AML module.

          Derived from RM117/2013 [VER9/07-13]

          • AML 9.4.1 Guidance

            1. The review and assessment undertaken for the purposes of Rule 9.4.1 may be undertaken:
            a. internally by the Authorised Person'sG internal audit function; or
            b. by a competent firm of independent auditors or compliance professionals.
            2. The review and assessment undertaken for the purposes of Rule 9.4.1 should cover at least the following:
            a. sample testing of compliance with the Authorised Person'sG CDDG arrangements;
            b. an analysis of all notifications made to the MLROG to highlight any area where procedures or training may need to be enhanced; and
            c. a review of the nature and frequency of the dialogue between the senior management and the MLROG .
            Derived from RM117/2013 [VER9/07-13]

      • AML 9.5 [Deleted]

        • AML 9.5.1 [Deleted]

          Deleted by DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

    • AML 10 Sanctions and Other International Obligations

      • AML 10.1 [Deleted]

        • AML 10.1.1 [Deleted]

          [deleted]

          Deleted by DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 10.2 Relevant United Nations resolutions and sanctions

        • AML 10.2.1

          (1) A Relevant PersonG must establish and maintain effective systems and controls to ensure that on an ongoing basis it is properly informed as to, and takes reasonable measures to comply with, relevant resolutions or sanctions issued by the United Nations Security Council.
          (2) A Relevant PersonG must immediately notify the DFSAG when it becomes aware that it is:
          (a) carrying on or about to carry on an activity;
          (b) holding or about to hold money or other assets; or
          (c) undertaking or about to undertake any other business whether or not arising from or in connection with (a) or (b);
          for or on behalf of a person, where such carrying on, holding or undertaking constitutes or may constitute a contravention of a relevant sanction or resolution issued by the United Nations Security Council.
          (3) A Relevant PersonG must ensure that the notification stipulated in (2) above includes the following information:
          (a) a description of the relevant activity in (2) (a), (b) or (c); and
          (b) the action proposed to be taken or that has been taken by the Relevant PersonG with regard to the matters specified in the notification.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 10.2.1 Guidance

            1. In AML Rule 10.2.1(1), taking reasonable measures to comply with a resolution or sanction may mean that a Relevant PersonG cannot undertake a transaction for or on behalf of a person or that it may need to undertake further due diligence in respect of a person.
            2. Relevant resolutions or sanctions mentioned in AML Rule 10.2.1 may, among other things, relate to money laundering, terrorist financing or the financing of weapons of mass destruction or otherwise be relevant to the activities carried on by the Relevant PersonG . For example:
            a. a Relevant PersonG should exercise due care to ensure that it does not provide services to, or otherwise conduct business with, a person engaged in money laundering, terrorist financing or the financing of weapons of mass destruction; and
            b. an Authorised Market InstitutionG should exercise due care to ensure that it does not facilitate fund raising activities or listings by persons engaged in money laundering or terrorist financing or financing of weapons of mass destruction.
            3. A Relevant PersonG should be proactive in checking for, and taking measures to comply with, relevant resolutions or sanctions issued by the United Nations Security Council. The DFSA expects Relevant PersonsG to perform checks on an ongoing basis against their customer databases and records for any names appearing in resolutions or sanctions issued by the United Nations Security Council as well as to monitor transactions accordingly.
            4. A Relevant PersonG may use a database maintained elsewhere for an up-to-date list of resolutions and sanctions, or to perform checks of customers or transactions against that list. For example, it may wish to use a database maintained by its head office or a GroupG member. However, the Relevant PersonG retains responsibility for ensuring that its systems and controls are effective to ensure compliance with this module.
            Derived from RM117/2013 [VER9/07-13]
            [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 10.3 Government, Regulatory and International Findings

        • AML 10.3.1

          (1) A Relevant PersonG must establish and maintain systems and controls to ensure that on an ongoing basis it is properly informed as to, and takes reasonable measures to comply with, any findings, recommendations, guidance, directives, resolutions, sanctions, notices or other conclusions (each of which is referred to in this Rule as a "finding") issued by:
          (a) the government of the U.A.E.G or any government departments in the U.A.E.;
          (b) the Central Bank of the U.A.E.G or the AMLSCUG ;
          (c) FATFG ;
          (d) U.A.E.G enforcement agencies; and
          (e) the DFSAG ,
          concerning the matters in (2).
          (2) For the purposes of (1), the relevant matters are:
          (a) arrangements for preventing money laundering, terrorist financing or the financing of weapons of mass destruction in a particular country or jurisdiction, including any assessment of material deficiency against relevant countries in adopting international standards; and
          (b) the names of persons, groups, organisations or entities or any other body where suspicion of money laundering or terrorist financing or the financing of weapons of mass destruction exists.
          (3) A Relevant PersonG must immediately notify the DFSA in writing if it becomes aware of non-compliance by a person with a finding and provide the DFSA with sufficient details of the person concerned and the nature of the non-compliance.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 10.3.1 Guidance

            1. The purpose of this Rule is to ensure that a Relevant PersonG takes into consideration the broad range of tools used by competent authorities and international organisations to communicate AML/CTF risks to stakeholders.
            2. A Relevant PersonG should examine and pay special attention to any transactions or business relationship with persons located in countries or jurisdictions mentioned by the persons in AML Rule 10.3.1(1)(a) to (e).
            3. Relevant PersonsG considering transactions or business relationships with persons located in countries or jurisdictions that have been identified as deficient, or against which the U.A.E.G or the DFSAG have outstanding advisories, should be aware of the background against which the assessments, or the specific recommendations have been made. These circumstances should be taken into account in respect of introduced business from such jurisdictions, and when receiving inward payments for existing customers or in respect of inter-bank transactions.
            4. The Relevant Person'sG MLROG is not obliged to report all transactions from these countries or jurisdictions to the AMLSCUG if they do not qualify as suspicious under the Federal AML legislation. See AML chapter 13 on Suspicious Activity Reports.
            5. Transactions with counterparties located in countries or jurisdictions which are no longer identified as deficient or have been relieved from special scrutiny (for example, taken off sources mentioned in this Guidance) may nevertheless require attention which is higher than normal.
            6. In order to assist Relevant PersonsG , the DFSAG will, from time to time, publish U.A.E.G , FATFG or other findings, guidance, directives or sanctions. However, the DFSAG expects a Relevant PersonG to take its own steps in acquiring relevant information from various available sources. For example, a Relevant PersonG may obtain relevant information from the consolidated list of financial sanctions in the U.A.E Cabinet, European Union Office, HM Treasury (United Kingdom) lists, and the Office of Foreign Assets Control (OFAC) of the United States Department of Treasury.
            7. In addition, the systems and controls mentioned in AML Rule 10.3.1 should be established and maintained by a Relevant PersonG taking into account its risk assessment under chapters 5 and 6. In AML Rule 10.3.1, taking reasonable measures to comply with a finding may mean that a Relevant PersonG cannot undertake a transaction for or on behalf of a person or that it may need to undertake further due diligence in respect of such a person.
            8. A Relevant PersonG should be proactive in obtaining and appropriately using available national and international information, for example, suspect lists or databases from credible public or private sources with regard to money laundering, including obtaining relevant information from sources mentioned in Guidance 6 above. The DFSAG encourages Relevant PersonsG to perform checks against their customer databases and records for any names appearing on such lists and databases as well as to monitor transactions accordingly. As set out in the Guidance after Rule 10.2.1, a Relevant PersonG may use a database maintained elsewhere for an up-todate list of sanctions or to conduct checks of customers or transactions against the list. However, it retains responsibility for ensuring the effectiveness of its systems and controls.
            9. The risk of terrorists entering the financial system can be reduced if Relevant PersonsG apply effective AML strategies, particularly in respect of CDDG . Relevant PersonsG should assess which countries carry the highest risks and should conduct an analysis of transactions from countries or jurisdictions known to be a source of terrorist financing.
            10. The DFSAG may require Relevant PersonsG to take any special measures it may prescribe with respect to certain types of transactions or accounts where the DFSAG reasonably believes that any of the above may pose a money laundering risk to the DIFCG .
            Derived from RM117/2013 [VER9/07-13]
            [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

    • AML 11 Money Laundering Reporting Officer

      • AML 11.1 [Deleted]

        [deleted]

        Deleted by DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

        • AML 11.1.1 [Deleted]

          Deleted by DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 11.2 Appointment of a MLRO

        • AML 11.2.1

          (1) A Relevant PersonG must appoint an individual as MLROG , with responsibility for implementation and oversight of its compliance with the Rules in this module, who has an appropriate level of seniority and independence to act in the role.
          (2) The MLROG in (1) and AML Rule 11.2.5 must be resident in the U.A.E.G , except in the case of the MLRO for a Registered AuditorG .
          Derived from RM117/2013 [VER9/07-13]
          [Amended] RM196/2016 (Made 7th December 2016). [VER13/02-17]

        • AML 11.2.2

          The individual appointed as the MLROG of a Representative OfficeG must be the same individual who holds the position of Principal RepresentativeG of that Representative OfficeG .

          Derived from RM117/2013 [VER9/07-13]

          • AML 11.2.2 Guidance

            1. Authorised FirmsG are reminded that under GEN Rule 7.5.1, the MLROG function is a mandatory appointment. For the avoidance of doubt, the individual appointed as the MLROG of an Authorised FirmG , other than a Representative OfficeG , is the same individual who holds the Licensed FunctionG of Money Laundering Reporting OfficerG of that Authorised FirmG . Authorised FirmsG are also reminded that the guidance under GEN Rule 7.5.2 sets out the grounds under which the DFSAG will determine whether to grant a waiver from the residence requirements for an MLROG . The same guidance would apply by analogy to other Relevant PersonsG seeking a waiver from the MLROG residence requirements.
            2. The individual appointed as the MLROG of an Authorised Market InstitutionG is the same individual who holds the position of Money Laundering Reporting OfficerG of that Authorised Market InstitutionG under the relevant AMIG Rule.
            Derived from RM117/2013 [VER9/07-13]

        • AML 11.2.3

          An Authorised FirmG , other than a Representative OfficeG , must appoint an individual to act as a deputy MLROG of the Authorised FirmG to fulfil the role of the MLROG in his absence.

          Derived from RM117/2013 [VER9/07-13]

        • AML 11.2.4

          A Relevant Person'sG MLROG must deal with the DFSAG in an open and co-operative manner and must disclose appropriately any information of which the DFSA would reasonably be expected to be notified.

          Derived from RM117/2013 [VER9/07-13]

          • AML 11.2.4 Guidance

            1. The individual appointed as the deputy MLROG of an Authorised FirmG need not apply for Authorised IndividualG status for performing the Licensed FunctionG of Money Laundering Reporting OfficerG , subject to Rules in GEN section 11.6.
            2. A Relevant PersonG other than an Authorised FirmG should make adequate arrangements to ensure that it remains in compliance with this module in the event that its MLROG is absent. Adequate arrangementsG would include appointing a temporary MLROG for the period of the MLRO'sG absence or making sure that the Relevant Person'sG AML systems and controls allow it to continue to comply with these Rules when the MLROG is absent.
            Derived from RM117/2013 [VER9/07-13]

        • AML 11.2.5

          A Relevant PersonG may outsource the role of MLROG to an individual outside the Relevant PersonG provided that the relevant individual under the outsourcing agreement is and remains suitable to perform the MLROG role.

          Derived from RM117/2013 [VER9/07-13]

          • AML 11.2.5 Guidance

            Where a Relevant PersonG outsources specific AML tasks of its MLROG to another individual or a third party provider, including within a corporate GroupG , the Relevant PersonG remains responsible for ensuring compliance with the responsibilities of the MLROG . The Relevant PersonG should satisfy itself of the suitability of anyone who acts for it.

            Derived from RM117/2013 [VER9/07-13]

      • AML 11.3 Qualities of a MLRO

        • AML 11.3.1

          A Relevant PersonG must ensure that its MLROG has:

          (a) direct access to its senior management;
          (b) sufficient resources including, if necessary, an appropriate number of appropriately trained EmployeesG to assist in the performance of his duties in an effective, objective and independent manner;
          (c) a level of seniority and independence within the Relevant PersonG to enable him to act on his own authority; and
          (d) timely and unrestricted access to information sufficient to enable him to carry out his responsibilities in Rule 11.4.1.
          Derived from RM117/2013 [VER9/07-13]

          • AML 11.3.1 Guidance

            The DFSAG considers that a Relevant PersonG will need to consider this Rule when appointing an outsourced MLROG . Any external MLROG that is appointed will need to have the actual or effective level of seniority that the role requires.

            Derived from RM117/2013 [VER9/07-13]

      • AML 11.4 Responsibilities of a MLRO

        • AML 11.4.1

          A Relevant PersonG must ensure that its MLROG implements and has oversight of and is responsible for the following matters:

          (a) the day-to-day operations for compliance by the Relevant PersonG with its AML policies, procedures, systems and controls;
          (b) acting as the point of contact to receive notifications from the Relevant Person'sG EmployeesG under AML Rule 13.2.2;
          (c) taking appropriate action under AML Rule 13.3.1 following the receipt of a notification from an EmployeeG ;
          (d) making Suspicious Activity ReportsG in accordance with Federal AML legislation;
          (e) acting as the point of contact within the Relevant PersonG for competent U.A.E.G authorities and the DFSAG regarding money laundering issues;
          (f) responding promptly to any request for information made by competent U.A.E.G authorities or the DFSAG ;
          (g) receiving and acting upon any relevant findings, recommendations, guidance, directives, resolutions, sanctions, notices or other conclusions described in chapter 10; and
          (h) establishing and maintaining an appropriate money laundering training programme and adequate awareness arrangements under chapter 12.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

    • AML 12 AML Training and Awareness

      • AML 12.1 Training and awareness

        • AML 12.1.1

          A Relevant PersonG must

          (a) provide AML training to all relevant EmployeesG at appropriate and regular intervals;
          (b) ensure that its AML training enables its EmployeesG to:
          (i) understand the relevant legislation relating to money laundering, including Federal AML legislation;
          (ii) understand its policies, procedures, systems and controls related to money laundering and any changes to these;
          (iii) recognise and deal with transactions and other activities which may be related to money laundering;
          (iv) understand the types of activity that may constitute suspicious activity in the context of the business in which an EmployeeG is engaged and that may warrant a notification to the MLROG under AML Rule 13.2.2;
          (v) understand its arrangements regarding the making of a notification to the MLROG under AML Rule 13.2.2;
          (vi) be aware of the prevailing techniques, methods and trends in money laundering relevant to the business of the Relevant PersonG ;
          (vii) understand the roles and responsibilities of EmployeesG in combating money laundering, including the identity and responsibility of the Relevant Person'sG MLROG and deputy, where applicable; and
          (viii) understand the relevant findings, recommendations, guidance, directives, resolutions, sanctions, notices or other conclusions described in chapter 10; and
          (c) ensure that its AML training:
          (i) is appropriately tailored to the Relevant Person'sG activities, including its products, services, customers, distribution channels, business partners, level and complexity of its transactions; and
          (ii) indicates the different levels of money laundering risk and vulnerabilities associated with the matters in (c)(i).
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 12.1.1 Guidance

            1. The DFSAG considers it appropriate that all new relevant Employees of a Relevant PersonG be given appropriate AML training as soon as reasonably practicable after commencing employment with the Relevant PersonG .
            2. Relevant PersonsG should take a risk-based approach to AML training. The DFSAG considers that AML training should be provided by a Relevant PersonG to each of its relevant EmployeesG at intervals appropriate to the role and responsibilities of the EmployeeG . In the case of an Authorised FirmG the DFSAG expects that training should be provided to each relevant EmployeeG at least annually.
            3. The manner in which AML training is provided by a Relevant PersonG need not be in a formal classroom setting, rather it may be via an online course or any other similarly appropriate manner.
            4. A relevant EmployeeG would include a member of the senior management or operational staff, any EmployeeG with customer contact or which handles or may handle customer monies or assets, and any other EmployeeG who might otherwise encounter money laundering in the business.
            5. Relevant PersonsG should be aware of their duty under Cabinet Resolution No. 38 of 2014 to establish and provide AML training programmes in co-ordination with the AMLSCU.
            Derived from RM117/2013 [VER9/07-13]
            [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

    • AML 13 Suspicious Activity Reports

      • AML 13.1 Application and Definitions

        • AML 13.1.1 [Deleted]

          [deleted]

          Deleted by DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

        • AML 13.1.2

          In this chapter, "money laundering" and "terrorist financing" mean the criminal offences defined in the Federal AML legislation.

          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 13.2 Internal Reporting Requirements

        • AML 13.2.1

          A Relevant PersonG must establish and maintain policies, procedures, systems and controls in order to monitor and detect suspicious activity or transactions in relation to potential money laundering or terrorist financing.

          Derived from RM117/2013 [VER9/07-13]

        • AML 13.2.2

          A Relevant PersonG must have policies, procedures, systems and controls to ensure that whenever any EmployeeG , acting in the ordinary course of his employment, either:

          (a) knows;
          (b) suspects; or
          (c) has reasonable grounds for knowing or suspecting;

          that a person is engaged in or attempting money laundering or terrorist financing, that EmployeeG promptly notifies the Relevant Person'sG MLROG and provides the MLROG with all relevant details.

          Derived from RM117/2013 [VER9/07-13]

          • AML 13.2.2 Guidance

            1. Circumstances that might give rise to suspicion or reasonable grounds for suspicion include:
            a. Transactions which have no apparent purpose, which make no obvious economic sense, or which are designed or structured to avoid detection;
            b. Transactions requested by a person without reasonable explanation, which are out of the ordinary range of services normally requested or are outside the experience of a Relevant PersonG in relation to a particular customer;
            c. where the size or pattern of transactions, without reasonable explanation, is out of line with any pattern that has previously emerged or are deliberately structured to avoid detection;
            d. where a customer refuses to provide the information requested without reasonable explanation;
            e. where a customer who has just entered into a business relationship uses the relationship for a single transaction or for only a very short period of time;
            f. an extensive use of offshore accounts, companies or structures in circumstances where the customer's economic needs do not support such requirements;
            g. unnecessary routing of funds through third party accounts; or
            h. unusual transactions without an apparently profitable motive.
            2. The requirement for EmployeesG to notify the Relevant Person'sG MLROG should include situations when no business relationship was developed because the circumstances were suspicious.
            3. A Relevant PersonG may allow its EmployeesG to consult with their line managers before sending a report to the MLROG . The DFSAG would expect that such consultation does not prevent making a report whenever an EmployeeG has stated that he has knowledge, suspicion or reasonable grounds for knowing or suspecting that a person may be involved in money laundering. Whether or not an EmployeeG consults with his line manager or other EmployeesG , the responsibility remains with the EmployeeG to decide for himself whether a notification to the MLROG should be made.
            4. An EmployeeG , including the MLROG , who considers that a person is engaged in or engaging in activity that he knows or suspects to be suspicious would not be expected to know the exact nature of the criminal offence or that the particular funds were definitely those arising from the crime of money laundering or terrorist financing.
            5. CDDG measures form the basis for recognising suspicious activity. Sufficient guidance must therefore be given to the Relevant Person'sG EmployeesG to enable them to form a suspicion or to recognise when they have reasonable grounds to suspect that money laundering or terrorist financing is taking place. This should involve training that will enable relevant EmployeesG to seek and assess the information that is required for them to judge whether a person is involved in suspicious activity related to money laundering or terrorist financing.
            6. A transaction that appears unusual is not necessarily suspicious. Even customers with a stable and predictable transaction profile will have periodic transactions that are unusual for them. Many customers will, for perfectly good reasons, have an erratic pattern of transactions or account activity. So the unusual is, in the first instance, only a basis for further inquiry, which may in turn require judgement as to whether it is suspicious. A transaction or activity may not be suspicious at the time, but if suspicions are raised later, an obligation to report then arises.
            7. Effective CDDG measures may provide the basis for recognising unusual and suspicious activity. Where there is a customer relationship, suspicious activity will often be one that is inconsistent with a customer's known legitimate activity, or with the normal business activities for that type of account or customer. Therefore, the key to recognising 'suspicious activity' is knowing enough about the customer and the customer's normal expected activities to recognise when their activity is abnormal.
            8. A Relevant PersonG may consider implementing policies and procedures whereby disciplinary action is taken against an EmployeeG who fails to notify the Relevant Person'sG MLROG .
            Derived from RM117/2013 [VER9/07-13]
            [Amended] RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 13.3 Suspicious Activity Report

        • AML 13.3.1

          A Relevant PersonG must ensure that where the Relevant Person'sG MLROG receives a notification under AML Rule 13.2.2, the MLROG , without delay:

          (a) inquires into and documents the circumstances in relation to which the notification made under AML Rule 13.2.2 was made;
          (b) determines whether in accordance with Federal AML legislation a Suspicious Activity Report must be made to the AMLSCUG and documents such determination;
          (c) if required, makes a Suspicious Activity Report to the AMLSCUG as soon as practicable; and
          (d) notifies the DFSAG of the making of such Suspicious Activity Report immediately following its submission to the AMLSCUG .
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

        • AML 13.3.2

          Where, following a notification to the MLROG under 13.2.2, no Suspicious Activity Report is made, a Relevant PersonG must record the reasons for not making a Suspicious Activity Report.

          Derived from RM117/2013 [VER9/07-13]

        • AML 13.3.3

          A Relevant PersonG must ensure that if the MLROG decides to make a Suspicious Activity Report, his decision is made independently and is not subject to the consent or approval of any other person.

          Derived from RM117/2013 [VER9/07-13]

        • AML 13.3.4 [Deleted]

          Deleted by DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 13.3.4 Guidance

            1. Relevant PersonsG are reminded that the failure to report suspicions of money laundering or terrorist financing may constitute a criminal offence that is punishable under the laws of the StateG .
            2. SARs under Federal AML legislation should be emailed or faxed to the AMLSCUG . The dedicated email address and fax numbers, and the template for making a SAR are available on the DFSAG website.
            3. In the preparation of a SAR, if a Relevant PersonG knows or assumes that the funds which form the subject of the report do not belong to a customer but to a third party, this fact and the details of the Relevant Person'sG proposed course of further action in relation to the case should be included in the report.
            4. If a Relevant PersonG has reported a suspicion to the AMLSCUG , the AMLSCUG may instruct the Relevant PersonG on how to continue its business relationship, including effecting any transaction with a person. If the customer in question expresses his wish to move the funds before the Relevant PersonG receives instruction from the AMLSCUG on how to proceed, the Relevant PersonG should immediately contact the AMLSCUG for further instructions.
            Derived from RM117/2013 [VER9/07-13]
            [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 13.4 Tipping-off

        • AML 13.4 Guidance

          1. Relevant PersonsG are reminded that in accordance with Federal AML legisaltion, Relevant PersonsG or any of their EmployeesG must not tip-off any person, that is, inform any person that he is being scrutinised for possible involvement in suspicious activity related to money laundering, or that any other competent authority is investigating his possible involvement in suspicious activity relating to money laundering.
          2. If a Relevant PersonG reasonably believes that performing CDDG measures will tip-off a customer or potential customer, it may choose not to pursue that process and should file a SAR. Relevant PersonsG should ensure that their EmployeesG are aware of and sensitive to these issues when considering the CDDG measures.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 13.5 Freezing assets

        • AML 13.5 Guidance

          The DFSA has power under the Regulatory LawG to restrict an Authorised PersonG from disposing of or transferring property including, for example, assets or other funds suspected of relating to money laundering. It may also apply to the CourtG for an order restraining a person from transferring or disposing of any assets suspected of relating to money laundering. In cases involving suspected money laundering, the DFSA will usually take such action in co-ordination with the AMLSCU.

          Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

    • AML 14 General Obligations

      • AML 14.1 Groups, branches and subsidiaries

        • AML 14.1.1

          (1) A Relevant PersonG which is a DIFCG entity must ensure that its policies, procedures, systems and controls required by Rule 5.2.1 apply to:
          (a) any of its branches or SubsidiariesG ; and
          (b) any of its GroupG entities in the DIFCG .
          (2) The requirement in (1) does not apply if the Relevant PersonG can satisfy the DFSAG that the relevant branch, SubsidiaryG or GroupG entity is subject to regulation, including AML, by a Financial Services RegulatorG or other competent authority in a country with AML regulations which are equivalent to the standards set out in the FATFG Recommendations and is supervised for compliance with such regulations.
          (3) Where the law of another jurisdiction does not permit the implementation of policies, procedures, systems and controls consistent with those of the Relevant PersonG , the Relevant PersonG must:
          (a) inform the DFSAG in writing; and
          (b) apply appropriate additional measures to manage the money laundering risks posed by the relevant branch or SubsidiaryG .
          Derived from RM117/2013 [VER9/07-13]

          • AML 14.1.1 Guidance

            A Relevant PersonG which is a DIFCG entity should conduct a periodic review to verify that any branch or SubsidiaryG operating in another jurisdiction is in compliance with the obligations imposed under these Rules.

            Derived from RM117/2013 [VER9/07-13]

        • AML 14.1.2

          A Relevant PersonG must:

          (a) communicate the policies and procedures which it establishes and maintains in accordance with these Rules to its GroupG entities, branches and SubsidiariesG ; and
          (b) document the basis for its satisfaction that the requirement in Rule 14.1.1(2) is met.
          Derived from RM117/2013 [VER9/07-13]

          • AML 14.1.2 Guidance

            In relation to an Authorised FirmG , if the DFSAG is not satisfied in respect of AML compliance of its branches and SubsidiariesG in a particular jurisdiction, it may take action, including making it a condition on the Authorised Firm'sG LicenceG that it must not operate a branch or SubsidiaryG in that jurisdiction.

            Derived from RM117/2013 [VER9/07-13]

      • AML 14.2 Group policies

        • AML 14.2.1

          A Relevant PersonG which is part of a GroupG must ensure that it:

          (a) understands the policies and procedures covering the sharing of information between GroupG entities, particularly when sharing Customer Due DiligenceG information;
          (b) has in place adequate safeguards on the confidentiality and use of information exchanged between Group entities, including consideration of relevant data protection legislation;
          (c) remains aware of the money laundering risks of the GroupG as a whole and of its exposure to the GroupG and takes active steps to mitigate such risks;
          (d) contributes to a GroupG -wide risk assessment to identify and assess money laundering risks for the GroupG ; and
          (e) provides its GroupG -wide compliance, audit and AML functions with customer account and transaction information from branches and subsidiaries when necessary for AML purposes.
          Derived from RM117/2013 [VER9/07-13]

      • AML 14.3 Notifications

        • AML 14.3.1

          A Relevant PersonG must inform the DFSAG in writing as soon as possible if, in relation to its activities carried on in or from the DIFCG or in relation to any of its branches or SubsidiariesG , it:

          (a) receives a request for information from a regulator or agency responsible for AML, counter-terrorism financing, or sanctions regarding enquiries into potential money laundering or terrorist financing or sanctions breaches;
          (b) becomes aware, or has reasonable grounds to believe, that a money laundering event has occurred or may have occurred in or through its business;
          (c) becomes aware of any money laundering or sanctions matter in relation to the Relevant PersonG or a member of its GroupG which could result in adverse reputational consequences to the Relevant PersonG ; or
          (d) becomes aware of a significant breach of a Rule in this module or a breach of Federal AML legislation by the Relevant PersonG or any of its Employees.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 14.4 Record keeping

        • AML 14.4.1

          A Relevant PersonG must maintain the following records:

          (a) a copy of all documents and information obtained in undertaking initial and ongoing Customer Due DiligenceG ;
          (b) the supporting records (consisting of the original documents or certified copies) in respect of the customer business relationship, including transactions;
          (c) notifications made under AML Rule 13.2.2};
          (d) Suspicious Activity Reports and any relevant supporting documents and information, including internal findings and analysis;
          (e) any relevant communications with the AMLSCUG ; and
          (f) the documents in AML Rule 14.4.2,

          for at least six years from the date on which the notification or report was made, the business relationship ends or the transaction is completed, whichever occurs last.

          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

        • AML 14.4.2

          A Relevant Person must document, and provide to the DFSAG on request, any of the following:

          (a) the risk assessment of its business undertaken under Rule 5.1.1;
          (b) how the assessment in (a) was used for the purposes of complying with Rule 6.1.1(1);
          (c) the risk assessment of the customer undertaken under Rule 6.1.1(1)(a); and
          (d) the determination made under Rule 6.1.1(1)(b).
          Derived from RM117/2013 [VER9/07-13]

          • AML 14.4.2 Guidance

            1. The records required to be kept under Rule 14.4.1 may be kept in electronic format, provided that such records are readily accessible and available to respond promptly to any DFSAG requests for information. Authorised PersonsG are reminded of their obligations in GEN Rule 5.3.24.
            2. If the date on which the business relationship with a customer has ended remains unclear, it may be taken to have ended on the date of the completion of the last transaction.
            3. The records maintained by a Relevant PersonG should be kept in such a manner that:
            a. the DFSAG or another competent authority is able to assess the Relevant Person'sG compliance with legislation applicable in the DIFCG ;
            b. any transaction which was processed by or through the Relevant PersonG on behalf of a customer or other third party can be reconstructed;
            c. any customer or third party can be identified; and
            d. the Relevant PersonG can satisfy, within an appropriate time, any regulatory enquiry or court order to disclose information.
            Derived from RM117/2013 [VER9/07-13]

        • AML 14.4.3

          Where the records referred to in Rule 14.4.1 are kept by the Relevant PersonG outside the DIFCG , a Relevant PersonG must:

          (a) take reasonable steps to ensure that the records are held in a manner consistent with these Rules;
          (b) ensure that the records are easily accessible to the Relevant PersonG ; and
          (c) upon request by the DFSAG , ensure that the records are available for inspection within a reasonable period of time.
          Derived from RM117/2013 [VER9/07-13]

        • AML 14.4.4

          A Relevant PersonG must:

          (a) verify if there is secrecy or data protection legislation that would restrict access without delay to the records referred to in Rule 14.4.1 by the Relevant PersonG , the DFSAG or the law enforcement agencies of the U.A.E.G ; and
          (b) where such legislation exists, obtain without delay certified copies of the relevant records and keep such copies in a jurisdiction which allows access by those persons in (a).
          Derived from RM117/2013 [VER9/07-13]

        • AML 14.4.5

          A Relevant Person must be able to demonstrate that it has complied with the training and awareness requirements in chapter 12 through appropriate measures, including the maintenance of relevant training records.

          Derived from RM117/2013 [VER9/07-13]

          • AML 14.4.5 Guidance

            1. In complying with Rule 14.4.3, Authorised PersonsG are reminded of their obligations in GEN Rule 5.3.24.
            2. The DFSAG considers that "appropriate measures" in Rule 14.4.5 may include the maintenance of a training log setting out details of:
            a. the dates when the training was given;
            b. the nature of the training; and
            c. the names of EmployeesG who received the training.
            Derived from RM117/2013 [VER9/07-13]

      • AML 14.5 Annual AML Return

        • AML 14.5.1

          A Relevant PersonG which is:

          (a) an Authorised PersonG ;
          (b) a Registered AuditorG ; or
          (c) a person who is a DNFBPG in one of the following classes:
          (i) a real estate developer or agency which carries out transactions with a customer involving the buying or selling of real property;
          (ii) a law firm, notary firm, or other independent legal business;
          (iii) an accounting firm, audit firm or insolvency firm; or
          (iv) a company service provider,

          must complete the AML Return form in AFNG and submit it to the DFSAG by the end of September each year. The annual AML Return must cover the period from 1 August of the previous year to 31 July of the reporting year.

          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM132/2014 (Made 21st August 2014). [VER10/06-14]
          [Amended] DFSA RM177/2016 (Made 19th June 2016) [VER12/08-16]

          • AML 14.5.1 Guidance

            Relevant PersonsG should be aware of their obligation under Cabinet Resolution No. 38 of 2014 to prepare AML reports and copy them to the AMLSCU.

            Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

        • Transitional

          • AML 14.5.2

            A Relevant PersonG must:

            (a) for its financial year ending in 2016, complete and submit the AML Return form under AML Rule 14.5.1 within four months of its financial year end and the return must cover that financial year; and
            (b) for the 2017 calendar year, complete and submit the AML Return form by the end of September 2017 and the return must cover the period from 1 August 2016 until 31 July 2017.
            Derived from DFSA RM177/2016 (Made 19th June 2016) [VER12/08-16]

            • AML 14.5.2 Guidance

              In respect of a financial year ending in 2016, a Relevant PersonG must submit its AML Return four months after its financial year end. For the 2017 calendar year, it must report for the period 1 August 2016 to 31 July 2017. For some Relevant PersonsG , this may result in an overlap of periods covered by each return.

              Derived from DFSA RM177/2016 (Made 19th June 2016) [VER12/08-16]

      • AML 14.6 Communication with the DFSA

        • AML 14.6.1

          A Relevant PersonG must:

          (a) be open and cooperative in all its dealings with the DFSAG ; and
          (b) ensure that any communication with the DFSAG is conducted in the English language.
          Derived from RM117/2013 [VER9/07-13]

      • AML 14.7 Employee Disclosures

        • AML 14.7.1

          A Relevant PersonG must ensure that it does not prejudice an EmployeeG who discloses any information regarding money laundering to the DFSAG or to any other relevant body involved in the prevention of money laundering.

          Derived from RM117/2013 [VER9/07-13]

          • AML 14.7.1 Guidance

            The DFSAG considers that "relevant body" in Rule 14.7.1 would include the AMLSCUG or another financial intelligence unit, the police, or a Dubai or Federal ministry.

            Derived from RM117/2013 [VER9/07-13]

    • AML 15 DNFBP Registration and Supervision

      • AML 15 Guidance

        1. A DNFBPG should ensure that it complies with and has regard to relevant provisions of the Regulatory Law. The Regulatory Law gives the DFSAG a power to supervise DNFBPs'G , compliance with relevant AML laws in the StateG It also gives the DFSAG a number of other important powers in relation to DNFBPsG , including powers of enforcement. This includes a power to obtain information and to conduct investigations into possible breaches of the Regulatory Law. The DFSAG may also impose fines for breaches of the Regulatory Law or the Rules.
        2. The DFSAG takes a risk-based approach to regulation of persons which it supervises. Generally, the DFSAG will work with DNFBPsG to identify, assess, mitigate and control relevant risks where appropriate. RPP describes the DFSA'sG enforcement powers under the Regulatory Law and outlines its policy for using these powers.
        3. AML Rule 3.2.1 defines a DNFBP by setting out a list of businesses or professions which, if carried on in or from the DIFCG , constitute a DNFBP.
        4. In determining if a person is carrying on a business or profession in the DIFCG that falls within the DNFBP definition, the DFSA will adopt a 'substance over form' approach. That is, it will consider what business or profession is in fact being carried on, and its main characteristics, and not just what business or profession the person purports, or is licensed, to carry on in the DIFCG .
        5. The DFSA considers that "a law firm, notary firm or other independent legal business" in paragraph (1)(d) of the DNFBP definition, includes any business or profession that involves a legal service, including advice or services related to laws in the State or other jurisdictions. The DFSA does not consider it necessary for the purposes of the definition that:
        a. the relevant person is licensed to provide legal services in the State; or
        b. the individuals or employees providing the legal service are qualified or authorised to do so, whether in the State or in any other jurisdiction.
        6. The DFSA considers that "an accounting firm, audit firm or insolvency firm" in paragraph (1)(e) of the DNFBP definition, includes forensic accounting services that use accounting skills, principles and techniques to investigate suspected illegal activity or to analyse financial information for use in legal proceedings.
        7. The DFSA would also consider a tax advisory business carried on in or from the DIFCG to be a DNFBP as it is likely to involve elements of both legal and accounting services i.e. advice on taxation law and the use of accounting skills to analyse financial records, and so fall within either paragraph (1)(d) or (e) of the DNFBP definition.
        Derived from RM117/2013 [VER9/07-13]
        [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 15.1 Registration and Notifications

        • AML 15.1.1

          A DNFBPG must register with the DFSAG by way of a notification by completing and submitting the appropriate form in the AFN Sourcebook.

          Derived from RM117/2013 [VER9/07-13]

        • AML 15.1.2

          A DNFBPG must promptly notify the DFSAG of any change in its:

          (a) name;
          (b) legal status;
          (c) address;
          (d) MLROG ; or
          (e) beneficial ownership.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 15.2 Withdrawal of Registration

        • AML 15.2.1

          A DNFBPG must notify the DFSAG in writing when it proposes to cease carrying on its business activities in or from the DIFCG .

          Derived from RM117/2013 [VER9/07-13]

        • AML 15.2.2

          A DNFBPG which proposes to cancel its registration as a DNFBPG must provide the DFSAG with 14 days' written notice of such cancellation and provide written evidence of the basis of its withdrawal.

          Derived from RM117/2013 [VER9/07-13]

        • AML 15.2.3

          (1) The DFSAG may cancel the registration of a DNFBPG :
          (a) if the DNFBPG notifies the DFSAG of the cancellation in accordance with Rule 15.2.2 and the DFSAG is satisfied with the evidence provided;
          (b) if the DNFBP'sG commercial licence is cancelled or expires and a reasonable time has passed without such licence being renewed;
          (c) following a request by the ROC;
          (d) in the event of the insolvency or the entering into administration of the DNFBPG ; or
          (e) if the DFSAG considers it necessary or desirable in the interests of the DIFCG .
          (2) The procedures in Schedule 3 to the Regulatory Law apply to a decision of the DFSAG to cancel registration under (1)(b) to (e).
          (3) If the DFSAG decides to exercise its power to cancel registration under (1)(b) to (e), the DNFBPG may refer the matter to the FMTG for review.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM132/2014 (Made 21st August 2014). [VER10/06-14]

        • AML 15.2.4 [Deleted]

          [Deleted] DFSA RM132/2014 (Made 21st August 2014). [VER10/06-14]

        • AML 15.2.5 [Deleted]

          [Deleted] DFSA RM132/2014 (Made 21st August 2014). [VER10/06-14]

          • AML 15.2.5 Guidance

            1. A DNFBPG may request a cancellation of its registration because, for example, it no longer meets the definition of a DNFBPG , becomes insolvent or enters into administration, or proposes to leave the DIFCG .
            2. The DFSAG would expect to use the power to cancel the registration of a DNFBPG under Rule 15.2.3(1)(e) once its supervisory tools have been exhausted. Examples of when it might use this power include where a DNFBPG commits serious or persistent breaches of the AML Rules which it fails to rectify, or where the DNFBPG or its activities in or from the DIFCG create risks to the DFSA'sG regulatory objectives.
            Derived from RM117/2013 [VER9/07-13]
            [Amended] DFSA RM132/2014 (Made 21st August 2014). [VER10/06-14]

      • AML 15.3 Disclosure of regulatory status

        • AML 15.3.1

          A DNFBPG must not:

          (a) misrepresent its regulatory status with respect to the DFSAG expressly or by implication; or
          (b) use or reproduce the DFSAG logo without express written permission from the DFSAG and in accordance with any conditions for use.
          Derived from RM117/2013 [VER9/07-13]

    • AML 16 Transitional Rules

      • AML 16.1 Application

        • AML 16.1.1

          This chapter applies to every person to whom a provision of the Previous Regime applied.

          Derived from RM117/2013 [VER9/07-13]

        • AML 16.1.2

          For the purposes of this chapter:

          (a) "Ancillary Service ProviderG " has the meaning that it had under the Previous Regime;
          (b) "Commencement Date" means 14 July 2013;
          (c) "Current Regime" means the Rules in force on the Commencement Date;
          (d) "DNFBPG " has the meaning that it had in DNF chapter 2 under the Previous Regime; and
          (e) "Previous Regime" means the Rules that were in force immediately prior to the Commencement Date.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • AML 16.2 General

        • AML 16.2.1

          A Relevant PersonG must continue to maintain any records required to be maintained under the Previous Regime until such time as the requirement to hold such record would have expired had the Previous Regime still been in force.

          Derived from RM117/2013 [VER9/07-13]

      • AML 16.3 Specific relief — Ancillary Service Provider and DNFBPs

        • AML 16.3.1

          A person who, immediately prior to the Commencement Date, was an Ancillary Service ProviderG or was registered as a DNFBPG is deemed, on the Commencement Date, to be registered as a DNFBPG for the purposes of the Current Regime.

          Derived from RM117/2013 [VER9/07-13]