Home   Browse contents   View updates   Search  
     Quick search
Go
   

Dubai Financial Services Authority (DFSA): Contents

Dubai Financial Services Authority (DFSA)
Laws
Rulebook Modules
Sourcebook Modules
Consultation Papers
Policy Statements
DFSA Codes of Practice
Amendments to Legislation
Media Releases
Notices
Financial Markets Tribunal
Archive

BackText onlyPrint

You need the Flash plugin.

Download Macromedia Flash Player



  • AML 6 Customer Risk Assessment

    Figure 3. Customer risk-based assessment

    Derived from RM117/2013 [VER9/07-13]
    [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

    • AML 6 Guidance

      1. This chapter prescribes the risk-based assessment that must be undertaken by a Relevant PersonG on a customer and the proposed business relationship, transaction or product. The outcome of this process is to produce a risk rating for a customer, which determines the level of Customer Due DiligenceG (CDD) which will apply to that customer under chapter 7. That chapter prescribes the requirements of CDDG and of Enhanced CDDG for high risk customers and Simplified CDDG for low risk customers.
      2. CDDG in the context of AML refers to the process of identifying a customer, verifying such identification and monitoring the customer's business and money laundering risk on an ongoing basis. CDDG is required to be undertaken following a risk-based assessment of the customer and the proposed business relationship, transaction or product.
      3. Relevant PersonsG should note that the ongoing CDDG requirements in Rule 7.6.1 require a Relevant PersonG to ensure that it reviews a customer's risk rating to ensure that it remains appropriate in light of the AML risks.
      4. The DFSAG is aware that in practice there will often be some degree of overlap between the customer risk assessment and CDDG . For example, a Relevant PersonG may undertake some aspects of CDDG , such as identifying a Beneficial OwnerG , when it performs a risk assessment of the customer. Conversely, a Relevant PersonG may also obtain relevant information as part of CDDG which has an impact on its customer risk assessment. An example of such relevant information is information on the ownership and control structure of the customer. Where information obtained as part of CDDG of a customer affects the risk rating of a customer, the change in risk rating should be reflected in the degree of CDDG undertaken.
      Derived from RM117/2013 [VER9/07-13]
      [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

    • AML 6.1 Assessing Customer AML Risks

      • AML 6.1.1

        (1) A Relevant PersonG must:
        (a) undertake a risk-based assessment of every customer; and
        (b) assign the customer a risk rating proportionate to the customer's money laundering risks.
        (2) The customer risk assessment in (1) must be completed prior to undertaking Customer Due DiligenceG for new customers, and whenever it is otherwise appropriate for existing customers.
        (3) When undertaking a risk-based assessment of a customer under (1)(a) a Relevant PersonG must:
        (a) identify the customer and any Beneficial OwnerG ;
        (b) obtain information on the purpose and intended nature of the business relationship;
        (c) obtain information on, and take into consideration, the nature of the customer's business;
        (ca) take into consideration the nature of the customer, its ownership and control structure, and its Beneficial OwnerG (if any);
        (d) take into consideration the nature of the customer business relationship with the Relevant PersonG ;
        (e) take into consideration the customer's country of origin, residence, nationality, place of incorporation or place of business;
        (f) take into consideration the relevant product, service or transaction;
        (fa) if it is providing a customer with a life insurance or other similar policy, take into consideration the beneficiary of the policy and any Beneficial OwnerG of the beneficiary; and
        (g) take into consideration the outcomes of business risk assessment under chapter 5.
        Derived from RM117/2013 [VER9/07-13]
        [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
        [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

      • Factors that may indicate higher money laundering risk

        • AML 6.1.2

          (1) When assessing if there is a high risk of money laundering in a particular situation, a Relevant PersonG must take into account, among other things:
          (a) customer risk factors, including whether:
          (i) the business relationship is conducted in unusual circumstances;
          (ii) the customer is resident, established or registered in a geographical area of high risk (as set out in paragraph (c));
          (iii) the customer is a legal person or legal arrangement that is a vehicle for holding personal assets;
          (iv) the customer is a company that has nominee shareholders or shares in bearer form;
          (v) the customer is a business that is cash intensive, such as a business that receives a majority of its revenue in cash; and
          (vi) the corporate structure of the customer is unusual or excessively complex given the nature of the business;
          (b) product, service, transaction or delivery channel risk factors, including whether:
          (i) the service involves private banking;
          (ii) the product, service or transaction is one that might favour anonymity;
          (iii) the situation involves non face-to-face business relationships or transactions, without certain safeguards, such as electronic signatures;
          (iv) payments will be received from unknown or unassociated third parties;
          (v) new products and new business practices are involved, including new delivery mechanisms or the use of new or developing technologies for both new and pre-existing products; and
          (vi) the service involves the provision of nominee directors, nominee shareholders or shadow directors, or the formation of companies in another country; and
          (c) geographical risk factors, including:
          (i) countries identified in reports by credible sources, such as mutual evaluations, detailed assessment reports or follow-up reports, as:
          (A) not having effective systems to counter money laundering; or
          (B) not implementing requirements to counter money laundering that are consistent with FATFG Recommendations;
          (ii) countries identified by credible sources as having significant levels of corruption or other criminal activity, such as terrorism, money laundering or the production and supply of illicit drugs;
          (iii) countries subject to sanctions, embargos or similar measures issued by, for example, the United Nations or the State;
          (iv) countries providing funding or support for terrorism; and
          (v) countries that have organisations operating within their territory that have been designated by the State, other countries or International Organisations as terrorist organisations.
          (2) For the purposes of (1)(c), a credible source includes, but is not limited to, FATFG , the IMF, the World Bank, the OECD and other International Organisations.
          (3) When assessing the risk factors referred to in (1), Relevant PersonsG must bear in mind that the presence of one or more risk factors may not always indicate a high risk of money laundering in a particular situation.
          Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

      • Factors that may indicate lower money laundering risk

        • AML 6.1.3

          (1) When assessing if there is a low risk of money laundering in a particular situation, a Relevant PersonG must take into account, among other things:
          (a) customer risk factors, including whether the customer is:
          (i) a public body or a publicly owned enterprise;
          (ii) resident, established or registered in a geographical area of lower risk (as set out in paragraph (c));
          (iii) an Authorised PersonG ;
          (iv) a Regulated Financial InstitutionG that is subject to regulation and supervision, including AMLG regulation and supervision, in a jurisdiction with AMLG regulations that are equivalent to the standards set out in the FATFG Recommendations;
          (v) a SubsidiaryG of a Regulated Financial InstitutionG referred to in (iv), if the law that applies to the ParentG ensures that the SubsidiaryG also observes the same AMLG standards as its ParentG ;
          (vi) a company whose Securities are listed by the DFSAG , another Financial Services RegulatorG or a Regulated ExchangeG and which is subject to disclosure obligations broadly equivalent to those set out in the Markets RulesG ;
          (vii) a law firm, notary firm or other legal business that carries on its business in or from the DIFCG ; and
          (viii) an accounting firm, insolvency firm, Registered AuditorG or other audit firm that carries on its business in or from the DIFCG ;
          (b) product, service, transaction or delivery channel risk factors, including whether the product or service is:
          (i) a Contract of InsuranceG that is non-life insurance;
          (ii) a Contract of InsuranceG that is a life insurance product with no investment return or redemption or surrender value;
          (iii) an insurance policy for a pension scheme that does not provide for an early surrender option and cannot be used as collateral;
          (iv) a Contract of InsuranceG which is a reinsurance contract that is ceded by an insurer who is a Regulated Financial InstitutionG ;
          (v) a pension, superannuation or similar scheme that satisfies the following conditions:
          (A) the scheme provides retirement benefits to employees;
          (B) contributions to the scheme are made by way of deductions from wages; and
          (C) the scheme rules do not permit the assignment of a member's interest under the scheme; and
          (vi) a product where the risks of money laundering are adequately managed by other factors such as transaction limits or transparency of ownership; and
          (c) geographical risk factors, including whether:
          (i) a country has been identified by credible sources as having effective systems to counter money laundering;
          (ii) a country is identified by credible sources as having a low level of corruption or other criminal activity, such as terrorism, money laundering, or the production and supply of illicit drugs; and
          (iii) on the basis of reports by credible sources, such as mutual evaluations, detailed assessment reports or follow-up reports, a country:
          (A) has requirements to counter money laundering that are consistent with the FATFG Recommendations; and
          (B) effectively implements those Recommendations.
          (2) For the purposes of (1)(c), a credible source includes, but is not limited to, FATFG , the IMF, the World Bank, the OECD and other International Organisations.
          (3) When assessing the risk factors referred to in (1), Relevant PersonsG must bear in mind that the presence of one or more risk factors may not always indicate a low risk of money laundering in a particular situation.
          Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

      • Business relationship not to be established if ownership arrangements prevent identification of beneficial owners

        • AML 6.1.4

          A Relevant PersonG must not establish a business relationship with the customer which is a legal person or legal arrangement if the ownership or control arrangements of the customer prevent the Relevant PersonG from identifying one or more of the customer's Beneficial OwnersG .

          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

          • AML 6.1.2 Guidance [Deleted]

            [Deleted] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 6.1.2 Guidance [Deleted]

            [Deleted] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

          • AML 6.1.2 [Deleted]

            [Deleted] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

      • Shell Banks

        • AML 6.1.5

          A Relevant PersonG must not establish or maintain a business relationship with a Shell BankG .

          Derived from RM196/2016 (Made 7th December 2016). [VER13/02-17]
          [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

      • Anonymous or fictitious accounts

        • AML 6.1.6

          A Relevant PersonG must not establish or maintain an anonymous account, an account in a fictitious name, or a nominee account which is held in the name of one person but which is controlled by or held for the benefit of another person whose identity has not been disclosed to the Relevant PersonG .

          Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
          [Amended] by DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

      • Use of numbered or abbreviated accounts for internal purposes

        • AML 6.1.7

          If a Relevant PersonG uses a numbered account or an account with an abbreviated name, it must ensure that:

          (a) such an account is used only for internal purposes;
          (b) it has undertaken the same Customer Due DiligenceG procedures in relation to the account holder as are required for other account holders;
          (c) it maintains the same information in relation to the account and account holder as is required for other accounts and account holders; and
          (d) staff performing AMLG functions, including staff responsible for identifying and monitoring transactions for suspicious activity, and staff performing compliance and audit functions, have full access to information about the account and the account holder.
          Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

          • Guidance on the customer risk assessment

            1. The risk assessment of a customer, which is illustrated in figure 3 above, requires a Relevant PersonG to allocate an appropriate risk rating to every customer. The DFSAG would expect risk ratings to be either descriptive, such as "low", "medium" or "high", or a sliding numeric scale such as 1 for the lowest risk to 10 for the highest. Depending on the outcome of a Relevant Person'sG assessment of its customer's money laundering risk, a Relevant PersonG should decide to what degree CDDG will need to be performed. For a high risk customer, the Relevant PersonG will need to undertake Enhanced CDD under AML section 7.4 as well as the normal CDDG set out in AML section 7.3. For a low risk customer, the Relevant PersonG may be able to undertake Simplified CDD in accordance with AML section 7.5. For any other customer, the Relevant PersonG will be required to undertake the normal CDDG set out in AML section 7.3.
            2. Using the RBA, a Relevant PersonG could, when assessing two customers with near identical risk profiles, consider that one is high risk and the other low risk. This may occur, for example, where both customers may be from the same high risk country, but one customer may be a customer in relation to a low risk product or may be a long-standing customer of a GroupG company who has been introduced to the Relevant PersonG .
            3. In AML Rule 6.1.4, ownership arrangements which may prevent the Relevant PersonG from identifying one or more Beneficial OwnersG include bearer shares and other negotiable instruments in which ownership is determined by possession.
            Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
            [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

          • Guidance on the term "customer"

            4. The point at which a person becomes a customer will vary from business to business. However, the DFSAG considers that it would usually occur at or prior to the business relationship being formalised, for example, by the signing of a customer agreement or the acceptance of terms of business.
            5. The DFSAG does not consider that a person would be a customer of a Relevant PersonG merely because such person receives marketing information from a Relevant PersonG or where a Relevant PersonG refers a person who is not a customer to a third party (including a GroupG member).
            6. The DFSAG considers that a counterparty would generally be a "customer" for the purposes of this module and would therefore require a Relevant PersonG to undertake CDDG on such a person. However, this would not include a counterparty in a transaction undertaken on a Regulated ExchangeG . Nor would it include suppliers of ordinary business services, for consumption by the Relevant PersonG such as cleaning, catering, stationery, IT or other similar services.
            7. A Representative OfficeG should not have any customers in relation to its DIFCG operations.
            Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
            [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

          • Guidance on high risk customers [Deleted]

            [Deleted] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

          • Guidance on low risk customers [Deleted]

            [Deleted] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

          • Guidance on Shell Banks

            8. AML Rule 6.1.5 prohibits a Relevant PersonG from establishing or maintaining a business relationship with a Shell Bank.G A Shell BankG is a bank that has no physical presence in the country in which it is incorporated or licensed, and is not affiliated with a regulated financial GroupG that is subject to effective consolidated supervision. The DFSA does not consider that the existence of a local agent or low level staff constitutes physical presence.
            Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
            [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

          • Guidance on fictitious and anonymous accounts

            9. A Relevant PersonG should note that, in addition to the prohibition in AML Rule 6.1.6 against establishing anonymous or fictitious accounts or accounts for unknown persons, the Federal AML legislation also prohibits the creation or keeping of records of bank accounts using pseudonyms, fictitious names or numbered accounts, without the account holder's name.
            Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
            [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]
            [Amended] DFSA RM258/2019 (Made 26th June 2019). [VER16/07-19]

          • Guidance on Tax Issues

            10. A Relevant PersonG should, when carrying out a customer risk assessment, consider and assess the tax crime risk associated with the customer and factor such risks into the overall risk assigned to that customer. Many of the factors described in AML Rule 6.1.2 on higher risk customers could also be an indicator of potential tax crimes. For example, the use of complex or unusual corporate structures, the customer's business not being located where the customer lives (without adequate explanation), unusual customer interface, or reluctance by the customer to communicate directly with the Relevant PersonG .
            11. If it is justified based on the risk assessment and where concerns arise, a Relevant PersonG may wish to seek comfort from its customers by obtaining disclosures or declarations to ascertain if a legitimate explanation exists for the concerns and therefore to allay those concerns.
            Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
            [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]