FAQ - DPMS

Frequently Asked Questions

1. What is DPMSR?

Dealer in Precious Metals and Precious Stone Report (DPMSR) is a type of report that is a unique requirement from dealers in precious metals and stones licensed in the UAE. This report captures specific cash transactions or transactions through wire transfers (in the case of legal person) equal to or exceeding AED 55,000.

2. What are the transactions that should be reported in goAML?

DPMSR must be submitted to the Financial Intelligence Unit (FIU) through goAML platform in the following cases:

Cash transactions with resident individuals equal to or exceeding AED 55,000
Cash transactions with non-resident individuals equal to or exceeding AED 55,000
Cash transactions with corporate entities (legal persons) equal to or exceeding AED 55,000
Transactions with corporate entities (legal persons) involving international wire transfers equal to or exceeding AED 55,000
Local wire transfers made through an exchange house.
Instalment transactions in cash equal to or exceeding AED 55,000, to be reported whenever the collected cash installments reach or exceed AED 55,000.
Unfixed gold transaction involving cash equal to or exceeding AED 55,000
Advance payment in cash equal to or exceeding AED 55,000, to be reported at the time of receiving funds.
Wire transfers from a mainland/onshore company to a Free zone company (not part of the same company)
Transaction between two Free Zone companies, settling the payment in USD through the international wire transfer.

You do not have to report DPSMR in the following cases:

Credit card, cheque, or bank transaction with an individual, irrespective of the amount.
Exchange of old gold or gold-to-gold transaction, not involving cash equal to or exceeding AED 55,000
Local wire transfers and cheque transactions from a local bank in the UAE.
Transfers or purchase/sale transactions in cash within your own company accounts, irrespective of the amount.
Transactions through the Letter of Credit issued by banks.
Transaction between two Free Zone companies, settling the payment through the bank accounts in the same bank in UAE.
Physical trade of precious metals or stones with commercial banks operating & regulated outside the UAE.

DPSMR Summary

3. What is the threshold for foreign currency?

Any foreign currency equals or exceeds AED 55,000 if the payment is made in cash or wire transfer.

4. Do we have to report on local bank transfers, which are made in foreign currencies?

5. Do we have to report the bank transfer, which is made outside of on behalf of the business operations made in UAE?

Transfers from outside the UAE are “wire transfers”, and as such the payment should be reported on DPMSR if it is equal to or exceeding AED 55,000.

6. Do we have to report the hawala transfers, where the customers transfer through hawala outside UAE and receive it in UAE?

Yes, you must submit DPSMR if the transaction amount is equal to or exceeding AED 55,000.

7. Do we have to report third party transactions in goAML?

Third party payments can be high-risk transactions. If the appropriate due diligence level resulted in reasonable grounds to suspect the crime of money laundering, then the company must report STR/SAR. They can also be reported on DPMSR if they match the description in the response to Question No (2) above.

8. Do we need to report the making charges amount exceeding 55000 AED?

No. DPMSR is only for sale/purchase transactions. Service fees are not covered. However, you must assess the risk of crime if you have other deals with the same customer. For example, a customer may purchase multiple products that need to be molded or shaped, which in turn increases their resale value as jewelry pieces. In this case, if the customer pays for “working or making” in cash or by wire transfer that is equal to or exceeding AED 55,000, then you must report this transaction and explain your suspicion with the supporting documentation.

9. What is the time limit for reporting DPMSR?

No later than 2 weeks from the time of receiving the funds.

10. What are the consequences of late reporting?

If repeated, it can be considered a weakness in the governance of the AML policy and procedures. This can result in administrative penalties including fines or restriction of license among other sanctions.

11. What are the required documents to be attached while reporting DPMSR?

12. What is STR?

The regulations require DPMS to identify the suspicion related to money laundering, terrorism financing or proliferation financing and report such suspicion by filing a Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR).

13. When is STR reported?

Suspicious Transaction Reports are usually submitted during customer onboarding or while conducting a transaction, and one of the following is observed:

The customer insists on payment by virtual currency.
The customer refuses to provide necessary documents or the company is unable to obtain the same for the transaction.
The customer is involved in a cash intensive business.
Inconsistencies between the nature of the customer’s business and the purpose of transaction.
Commencement of criminal proceedings against the customer.
Multiple third parties involved in the transaction.
Frequent selling and purchase of gold or other precious metals are carried out in a short time.
Transaction value does not match the customer’s income.
Request for last-minute changes in the transaction details.

Please note that this list is not exhaustive. See the list of typologies as part of the company’s policy documentation.

14. What is the time limit for reporting STR?

The law and regulation require the reporting to be “without any delay”. It is recommended that STRs/SARs be submitted within 24 hours from the date you have acquired sufficient evidence to form a suspicion of crime.

15. What are the required documents to be attached while reporting STR?

ID documents for all parties involved, transaction documents including invoices, communication documents (e.g. emails …etc.), and any other relevant documents obtained as part of CDD or EDD.

16. What is PNMR?

Partial Name Match Report is a type of report submitted on the goAML platform. This report is part of the Targeted Financial Sanctions regime in the UAE.

17. When is PNMR reported?

When the customer’s name partially matches a name on the UN Consolidated List or the UAE Local Terrorist List.

18. What is FFR?

Fund Freez Report is a type of report submitted on the goAML platform. This report is part of the Targeted Financial Sanctions regime in the UAE.

19. When is FFR reported?

When an individual’s full name, date of birth, nationality, and passport number for individuals, or a group or entity’s legal name and license, identically match that of a person or entity on the UN Consolidated List or the UAE Local Terrorist List.

20. What are the reports applicable to DPMS sector in goAML?

Suspicious Transaction Report (STR)
Suspicious Activity Report (SAR)
Fund Freez Report (FFR)
Partial Name Match Report (PNMR)
Dealers in Precious Metals and Stones Report (DPMSR)
High Risk Country Transaction Report (HRC)
High Risk Country Activity Report (HRCA)

21. What are the procedures for customer onboarding?

Suspicious Transaction Report (STR)
Suspicious Activity Report (SAR)
Fund Freez Report (FFR)
Partial Name Match Report (PNMR)
Dealers in Precious Metals and Stones Report (DPMSR)
High Risk Country Transaction Report (HRC)
High Risk Country Activity Report (HRCA)

21. What are the procedures for customer onboarding?

KYC: Collect and verify customer identity and basic information.
CDD: Assess customer risk based on business type, source of funds, and transaction activity.
EDD: For higher-risk customers, conduct deeper checks like verifying source of wealth.
Ongoing Monitoring: Continuously monitor customer activity for suspicious transactions.
Suspicious Activity Reporting (SAR): Report any activity suspected of money laundering or terrorist financing.
DPMSR: Report any funds received in cash or by wire transfer that equals or exceeds AED 55,000.

21. What are the procedures for customer onboarding?

KYC: Collect and verify customer identity and basic information.
CDD: Assess customer risk based on business type, source of funds, and transaction activity.
EDD: For higher-risk customers, conduct deeper checks like verifying source of wealth.
Ongoing Monitoring: Continuously monitor customer activity for suspicious transactions.
Suspicious Activity Reporting (SAR): Report any activity suspected of money laundering or terrorist financing.
DPMSR: Report any funds received in cash or by wire transfer that equals or exceeds AED 55,000.

22. What is KYC?

KYC stands for “Know Your Customer”. It’s a process your company uses to collect relevant information to verify the identity and legitimacy of its customers.

23. What are the documents to be collected in KYC procedures?

For Individuals: Proof of ID (Emirates ID, passport) and proof of address (utility bill, bank statement).
Companies: Registration documents, ownership documents, and information on beneficial owners.

24. What is CDD?

CDD stands for “Customer Due Diligence”. It’s the process your company goes through to gather and verify information about their clients. The main purpose of CDD is to identify and mitigate the risks of crime and to comply with regulations. KYC is the first step of CDD, sanctions screening and risk assessment are the next step, and ongoing monitoring is the third step of CDD.

25. What is sanction screening?

The process of checking the name of your customers against the sanction’s lists. The applicable lists in UAE include the UN Security Council’s Consolidated List and UAE Local Terrorist List. Both are maintained by the Executive Office for Control and Non-proliferation (EOCN).

26. What is risk assessment?

The process of evaluating the possibility that your customers maybe engaged in illicit activities such as money laundering, terrorism financing, proliferation of weapons of mass destruction, and other types of crimes.

27. What are the procedures for PEP onboarding?

EDD must be performed on all PEP customers and the approval of senior management must be obtained and documented. Every PEP customer should be entered into a register for PEPs that is maintained by your company.

28. What are the steps followed for while dealing with sanctioned customers?

It is prohibited to deal with sanctioned customers. You must suspend all dealings when you confirm that your potential customer is sanctioned and file FFR to the FIU. You must freeze any funds received from the sanctioned customer until further notice from the FIU or EOCN.

29. What are procedures for onboarding high risk customers?

You should follow the EDD procedures, including verifying and obtaining proof of source of fund, proof of address, and perform adverse media search on the customer. In some cases, senior management approval might be required.

30. Who are high risk customers?

Customers form sealing in cash over AED 55,000, customers from high-risk countries, PEPs, and customers with suspicious activity.

31. What is EDD?

EDD stands for Enhanced Due Diligence. It’s a more intensive version of Customer Due Diligence (CDD) specifically used for high-risk situations. It involves verifying and obtaining proof of the source of funds and address of the customer.

32. What is the source of fund documents?

Employment: Salary slips, tax returns, employment contracts.
Savings: Bank statements showing a history of deposits and sufficient balance.
Investments: Investment account statements, brokerage statements.
Sales: Documents related to the sale of assets like property (sale deed) or businesses (purchase agreement).
Inheritance: Documentation proving inheritance, like a will or probate order.
Gifts: Signed gift letters from the donor along with proof of their funds (if significant amount).
Winnings: Lottery ticket stubs or receipts with matching bank deposits.

33. What is a transaction monitoring system?

There are two versions of transaction monitoring systems depending on the business size: manual (small and medium companies) and automated (large businesses, banks, and money services business… etc.). Both aim to accomplish the same goal which is to identify any suspicious cases by following a rule-based method. The rules derive from the requirements of the law and the identified typologies in the DPMS sector. This system will look specifically at transaction amounts, customer profile and risk levels, past transactions, source of funds, geographic location, transaction type, customer behavior… etc. to generate alerts of suspicion. These alerts will then be reviewed, and the customer will be investigated by the compliance department. This review can result in filing STR/SAR or dismissing the alert as false.

34. Which are sanctioned countries?

The EOCN does not maintain a list of “sanctioned” countries. However, the UAE recognizes high-risk countries under FATF list, which are: Iran, Myanmar, North Korea.

35. What are high-risk countries?

Iran, Myanmar, North Korea.

36. Can we deal with customers from sanctioned countries?

There are no sanctioned countries as per the authorities in UAE. However, you can deal with customers from high-risk countries following the proper due diligence measures.

37. Can we deal with customers from high-risk countries?

Yes, you can deal with customers from high-risk countries following the proper due diligence measures.

38. Which are the prohibited countries that we should not deal with?

There are no “prohibited countries”. However, you can deal with customers from high-risk countries following the proper due diligence measures.

39. Customer is not ready to fill KYC form, how to deal with the customer?

KYC form and its content is a crucial part of customer due diligence. You should make a reasonable effort to convince customers to fill in and sign the KYC form. However, in case of resisting customers, try to obtain the ID documents and gather the KYC form information using other methods such as over the phone or WhatsApp messages or any other appropriate method, and make sure all your efforts are documented as possible. If all the efforts with a non-cooperative customer fail, and you could not obtain the basic ID documents, you should submit SAR if the transaction is not concluded, or STR if the transaction is concluded (in case of recurring customer whose ID documents have expired for example).

40. Sanction customer 100% match, what is the process?

Gather all the documents and information for this transaction and file a Funds Freez Report (FFR) on the goAML platform. The transaction should be suspended until further instructions from the FIU. Do not tip-off the customer about this reporting or suspension of transaction, and if you have to explain the delay, you should only cite other convincing or relevant reasons not related to the reporting.

41. How to manage PEP customers if they are not giving information?

PEPs are high-risk customers and require the approval of senior management for onboarding. If a PEP does not give information that means the Compliance Officer cannot prepare the report for the management approval, and therefore the PEP cannot be onboarded and there shall be no transaction under this PEP’s name. Further, the refusal to give reasonable information (e.g., updated ID documents, source of fund…etc.) can be reasonable grounds for submitting SAR on goAML.

42. If paid in instalments, when do we do DPMSR report?

Installment payments in cash (for both individuals and corporate customers) or wire transfer (for corporate customers) qualify for DPMSR when the accumulated payments equal or exceed AED 55,000. For example, let’s say a customer chooses to pay in 4 equal cash installments of AED 20,000 each for purchase of gold jewelry. As long as the first 3 payments are completed, the total amount paid by the 3rd installment would be AED 60,000 (3 x AED 20,000). This is when you would need to submit a DPMSR report for this transaction on goAML.

43. Customers with small bill amounts do not agree to give ID copies, what to do in these cases?

For any transaction below AED 55,000, the company will not be covered by the DNFBP definition in the law or regulation. However, the Ministry of Economy issued circular MOEAML – 2/2023 which required that DPMS display a notice on the company’s premises in a visible manner. This notice states to all customers that “disclosing your data is part of the anti-money laundering and combating terrorist financing legislations and to protect you from legal accountability.” You should make the customer aware of this notice before taking any action. You can also request the ID details as part of billing information.

44. How to manage customers when they have to wait during the time of sanction hit approvals?

The compliance team will do their best to expediate matters that may result in delays. The customer facing employees, meanwhile, should not disclose anything relating to internal investigation or the approval process. Customer facing employees shall always respond to customer’s questions accordingly.

45. When a customer is in partial/full match, and we ask for EDD with the customer. Customers with small bill amounts are reluctant, how to manage such customers?

Under no circumstances should you notify the customer that they are subject to EDD or reporting measures. This process is confidential. If other reasons for suspicion exist in addition to non-cooperation, consider submitting STR/SAR.

46. Is screening and risk assessment to be done with all the transactions or is it a one-time process?

Your company’s AML policy manual may require the customer risk assessment to be completed in various stages during the business relationship. Please refer to the relevant parts in your AML policy manual.

47. What to do when we miss the deadline for DPMS Reporting?

Submit the report as soon as possible even if the deadline has passed.

48. How to find transactions eligible for STR?

Any type of report, including STR, should be based on reasonable grounds to be submitted. The reasons for a report could be the observance of a red flag indicator, a result of CDD or EDD, or transaction monitoring controls.

49. Should we let the customer know that we are waiting for compliance approval in case of alert send to compliance approval?

No.

50. What are the KYC documents to be collected from individuals and corporate?

The company’s policy may request specific documentation with regard to the various types of customers. Generally, the following are collected from customers during onboarding (depending on the due diligence level):

Emirates ID and Visa copies (for UAE nationals and residents)
GCC ID cards (for GCC citizens)
Passport (for non-resident foreigners)
Proof of address (utility Bill, Rent Agreement, Bank Statement …etc.)

For corporates:

Trade License
Certificate of Incorporation
Memorandum of Association/Articles of Association
Certificate of Good Standing
Register of Shareholders/Directors/UBOs
Board resolution appointing authorized signatories.
Audited Financial Statement

51. Is training required for all the employees even if they are not counter staff?

Yes. Each employee should understand the risk of money laundering regarding the specific functions of that employee. The level of training required may vary between different departments of business, so accounting staff will need to be more vigilant of ML risk of money laundering.

Emirates ID and Visa copies (for UAE nationals and residents)
GCC ID cards (for GCC citizens)
Passport (for non-resident foreigners)
Proof of address (utility Bill, Rent Agreement, Bank Statement …etc.)

For corporates:

Trade License
Certificate of Incorporation
Memorandum of Association/Articles of Association
Certificate of Good Standing
Register of Shareholders/Directors/UBOs
Board resolution appointing authorized signatories.
Audited Financial Statement

52. Is PEP declaration required to be signed by all the partners?

Yes. A duly authorized person can also sign on behalf of other partners.

Emirates ID and Visa copies (for UAE nationals and residents)
GCC ID cards (for GCC citizens)
Passport (for non-resident foreigners)
Proof of address (utility Bill, Rent Agreement, Bank Statement …etc.)

For corporates:

Trade License
Certificate of Incorporation
Memorandum of Association/Articles of Association
Certificate of Good Standing
Register of Shareholders/Directors/UBOs
Board resolution appointing authorized signatories.
Audited Financial Statement

53. Do we have to register all the walk-in customers even if they are only repairing their jewellery with a small bill amount and not making any purchase from us?

It is not required by regulations. However, if this type of customer had requested a purchase of sale before, then you should document that customer’s details.

54. Is it mandatory to collect the SOF proof if the client has given the SOF declaration in case of corporates?

You should always request the source of funds from the client if the level of due diligence demands it according to your company’s policy. But if you could not obtain this document, then the SoF declaration must be collected.

55. Can we collect the SOF proof of the partner in case the corporate does not have a bank account or VAT return with them?

The SoF proof should reflect the true source of funds involved in the transaction. If the funds are fully provided by the partner, then you must collect the proof from the partner.

56. What are the documents to be collected from individuals if the transactions are under AED 55000?

For UAE nationals and residents collect the Emirates ID; for non-resident forigners collect the passport; for GCC nationals collect the GCC ID card.

57. What should we do if the Customer has given every document except the TRN certificate?

You proceed to enhanced due diligence on the customer. If you have a reasonable suspicion regarding the origin of the gold or chain of custody, you should file STR. Otherwise continue the transaction as usual with a request from the customer to share the certificate whenever it is available.

58. Is it mandatory to collect documents from the customers’ accounts which are closed?

DPMS had to comply with AML regulations since 31 March 2021. Any qualified transaction from that date must be remediated to comply with the law. This applied to closed accounts and transactions as well.

59. Should we report exports and imports above AED 55000?

If they match the description detailed in the response given to Question No. (2) above, then yes, you must submit DPMSR.

60. What are the letters that should be collected from the customers?

The documents required vary from case to case. Some of these letters include Source of Fund Undertaking, Politically Expose Person Declaration, Sanctions Undertaking, and Transaction Monitoring Undertaking.

61. What are the documents that should be collected from the Suppliers?

In addition to ID documents such as the license and MOA, certificate of incorporation, UBOs, you should also request a copy of their supply chain policy and controls and fill out the supply chain questionnaire. This may vary for each company.

62. Is Authorization letter mandatory for KYC documents?

Authorization letters are required when the customer, under whose name the transaction is being conducted, is represented by an agent (POA, Authorization letter… etc.). If the person approaching your company is not the named customer for the transaction, you must collect the authorization letter and ID documents for the representative as well.

63. Is Supply chain policy document mandatory?

For corporate suppliers, it is generally advised that you collect all the documents required by the company’s policy. The supply chain policy is either a part of the CDD or EDD process. Please refer to your respective company supply chain policy for details.

64. When should we collect cash declaration?

When conducting transactions equal to or exceeding AED 55,000

65. If we put STR, will it reflect our business?

All the reports, including STRs, are required by the authorities for financial intelligence and DO NOT COMPROMISE your business in any way. It is the FAILURE TO REPORT STRs that can harm your business position or reputation.

66. Should we assess the risk for all the customers?

Yes.

67. Can we collect Dewa bill instead of Tenancy Contract?

Yes, but make sure the bill reflects the customer’s address.

69. What are the documents to be collected for Source of Fund?

Bank statements, inheritance documents, salary slips, salary certificates, sale and purchase contracts, tax returns, certified compensation award, copy of will, latest audited company accounts …etc.

70. What if the Clients are not willing to provide the Source of Fund?

If the customer is high-risk and they refused to provide proof of SoF as part of EDD, you should file an STR if the transaction is closed, or SAR if it is pending.

71. How many times KYC forms needs to be filled and if any doc related to that company is updated, do we need to update the KYC also?

The KYC file review for each customer is detailed in the company’s policy. However, any measure change in the customer’s legal status or change in partners or beneficial owners or similar changes occurs, then KYC file must be updated accordingly and CDD or EDD may need to be reperformed as well. Refer to company’s policy for specific details.

72. How many times does risk assessment needs to be done?

Risk assessment is part of CDD measures. If any change mentioned in the response to the previous question occurs, then the customer’s risk must be reassessed.

73. What is the daily transaction limit for single payment/ money transaction?

The regulations do not set daily limits for any sort of transaction. However, your respective company may set such limits as part of its policy.

74. In Retails shops, if the customer is not providing the ID then what actions to be taken?

See the response to Question No. (43)

75. AML Policy to be updated within how much time?

Usually, the policy will be updated annually following the enterprise-wide risk assessment (EWRA). However, certain events may necessitate an update to the policy such as new laws or regulations, change in business structure (merger or acquisition), new services or products offered by the company…etc. The company’s policy should contain a section on when to update it.

76. Clarify MLRO appointment requirement for the one-person company?

The law does not differentiate between business structure or legal form when it sets out the qualifications for MLRO/Compliance Officer.

77. If my transaction is cancelled for the gold bullion sale and client has return the fund, will it be reported to goAML or not?

If the transaction qualified for DPMSR, you should report at the time of receiving the funds (see response to question No. (2) above). If DPMSR is not applicable, then you should only report if you have reasonable grounds for suspicion of crime, or when the customer’s name matches with a sanctions list. These other reports should be filed even if the transaction is cancelled.

78. Can you be a compliance officer if you are also the sole shareholder of a company without any employment?

The compliance function must be independent from other business functions to avoid any conflict of interest. However, authorities have communicated that small companies may combine these functions, but they must make sure to have the relevant policies and controls to maintain the independence of the compliance function.

79. Does corporate services provider come under DNFBP?

Yes. When they perform any of the following:

Acting as an agent in the creation or establishment of legal persons;
Working as or equipping another person to serve as director or secretary of a company, as a partner or in a similar position in a legal person.
Providing a registered office, work address, residence, correspondence address or administrative address of a legal person or Legal Arrangement.
Performing work or equipping another person to act as a trustee for a direct Trust or to perform a similar function in favour of another form of Legal Arrangement.
Working or equipping another person to act as a nominal shareholder in favour of another person.

80. All the partners above 25% shares, should register for UBO?

Yes.

81. Does the risk assessment to be performed for UBOs?

The risk assessment should be performed on the customer (corporate) not UBO. But all UBOs must be screened against applicable sanctions lists, PEP, and adverse media databases to determine the risk of the corporate customer.

82. For our own company do the UBO of owners have to update with same even if there are no changes?

Your company should maintain a register for UBOs, partners, or shareholders. This register must be updated if any change happens to the ownership or shares of the company.

83. What is the limit of high amount transaction in Enhanced Due Diligence?

The regulations do not specify any limits for EDD. Each company may set a different limit for the customer to undergo EDD according to its business size and customer base concerns. Please refer to your respective company’s policy.

84. Can you receive the payment before the KYC has been completed?

Nothing prohibits receiving payments during KYC or CDD process. But you should make sure not conclude the transaction until the KYC, screening, and risk assessment have been completed.

85. Is it important to fill the KYC for Individual above the threshold?

KYC should be filled out and signed by the customer for all transactions regardless of the amount. Your company’s policy may designate certain customers as “low risk” for whom should only obtain the ID document without the need to complete the KYC form.

86. Is dealing for companies with blacklisted countries like Myanmar allowed?

Customers from blacklisted countries (Myanmar, Iran, North Corea) can be accepted subject to EDD measures. Some companies may require the approval of senior management of such customers. Please see your respective company’s policy.

87. The owner and sole shareholder of his/her company do have to update UBO every year?

This will depend on the risk level of this corporate customer, legal status, and policy requirements. For example, if the UBO remains unchanged, and the customer is low or medium risk, you can update and verify the UBO information every two years. For the specific case of each company, please see the company’s policy requirement for updates.

88. If the Company owner can buy from their own company below the threshold need to be reported or not?

See response to Question No. (2) above.

89. If the Corporate customer buys jewellery below the threshold need to be reported or not?

No DPMSR should be files. However, if there is suspicion of crime, then STR/SAR should be filed.

90. Does non-specialized wholesale trading fall under DNFBPS?

All dealers in precious metals and stones qualify as DNFBPs when they “carry out any single monetary transaction or several transactions that appear to be interrelated or equal to more than AED 55,000”. This is regardless of the volume, type, or specialty of their trade.

91. What to do if the customer holds a low-risk passport but his place of birth is a high-risk country?

If the provided low-risk passport is valid, then you should proceed to risk assessment on the customer’s nationality as per the passport.

92. Customers from sanctioned countries got trading license in UAE and resident in UAE but banks are not opening their bank account. So should we onboard them or not?

All customers may be onboarded subject to proper level of due diligence except for sanctioned individuals, groups, or entities (UNS Consolidated List & UAE Local Terrorist List). There is no recognized list of “sanctioned countries” in the UAE, only a list of “high-risk countries”. For customers from high-risk countries, you should follow your normal risk assessment and due diligence measures. If the level of risk is acceptable according to the company’s policy, then you may onboard such customers.

93. Is it mandatory to collect an identification document for all, regardless of the amount?

Yes.

94. What are the minimal requirements that must be obtained from the customer in the case of a legal entity or corporate firm?

License details, UBOs, article of association, official address, contact information.

95. In a few instances, customers do not have or provide a physical ID but have a picture on their mobile. Can we still proceed with the transaction?

If the customer’s risk is low and qualifies as “designated low risk” as per the company policy, then you can proceed with the transaction. Otherwise, you must verify the ID document by examining the original.

96. Can we get a list of High-risk jurisdictions/nationality; is there any procedure to follow?

Iran, Myanmar, Democratic Republic of Korea

97. Does every employee, regardless of the position, such as an office boy or driver, need to undergo training?

Office boys and drivers can be exposed to money laundering risk if they are involved in delivery of cash, cheques, and receipts and may compromise confidentiality requirements because of their interaction with other staff such as compliance and accounts. So, they need to understand the importance of AML compliance in general terms without the technical specifics.

98. Why are PEPs considered high-risk for money laundering?

PEPs are influential decision makers who are entrusted with public funds or large amounts of money to administer on behalf of others. Because of this, they may be exposed to corruption, embezzlement, insider trading, unfair advantage… etc. They can also facilitate money laundering using their influence.

99. What are the necessary steps to be taken or followed in the case of PEP?

EDD must always be followed with PEPs. See your company’s policy for more information. PEPs also require the approval of senior management to be onboarded.

100. What are the differences between basic, enhanced, and ongoing due diligence in the context of KYC?

Simplified Due Diligence may apply to low-risk customers designated in the company’s policy. Customer Due Diligence (CDD) is the level that is applicable to most other low and medium risk customers. Enhance Due Diligence is the level required for high-risk customers (e.g., PEPs, high-risk country customers… etc). Ongoing Due Diligence is the state of observing the customers for any suspicion of crime or change in their legal status or behaviour. Your company’s policy should contain the detailed process to carry out each level of due diligence.

101. How does the risk profile of a customer influence the level of due diligence required in KYC checks?

Normally, low and medium risk customers undergo customer due diligence, which means they have to provide KYC information, but they do not need to provide proof of source of funds and proof of address. High-risk customers, on the other hand, undergo enhanced due diligence where they must provide proof of SoF and proof of address, as well as verifying the KYC information they provided using reliable sources.

102. Describe the process of performing a sanctions screening as part of a KYC checklist.

Sanction screening is performed after the collection of ID documents, which usually happens after the KYC form has been filled out and signed. The customer passport information will be carefully entered into the screening software interface. The software will then return the results based on the entered information. A Fund Freez Report should be filed if there is a confirmed match, and the transaction must stop until further instructions from the FIU; a Partial Name Match Report should be filed in case of partial name match. Otherwise continue the rest of customer due diligence.

103. Can a system detect alterations or tampering on a document? How can this help in assessing authenticity?

104. How can technology be leveraged to streamline and enhance the KYC process?

Use DG KYC.

105. Is it mandatory to collect an identification document for all, regardless of the amount?

Yes.

106. Is conducting periodic audits mandatory to assess the effectiveness of the AML program?

Yes.

107. What are the penalties for non-compliance with AML regulations?

Non-compliance can result in serious criminal charges which may conclude in prison sentence among other penalties. Regulators can also impose fines up to AED 10 million. Regulators can also suspend your business license or cancel your license and registration. Not to mention the reputation risk and loss of credibility among the public in the market. In the case of employees, non-compliance may end up in termination of labor contracts and, if the violation is serious, prison sentence.

108. Our corporate clients or suppliers who are located overseas are not reluctant to provide documents.

This is usually considered a red flag. You should closely monitor these clients and collect evidence of any suspicion you might have and then file SAR/STR.

109. How does your company ensure the protection and confidentiality of the data provided by our clients?

“We maintain a robust system of information security which adheres to the best practices in the industry. This ensures that we keep confidential all of our customers’ records and personal information.”

110. Have you faced any compliance challenges in the past, and if so, how did you address them?

“There are always compliance challenges. However, we endeavor to maintain the highest level of practice, exceeding the compliance requirements. We follow a STAR model when we identify any challenge, always keeping our eyes open to surpass compliance requirements.”

111. How do you handle any compliance issues or violations that may arise?

“It is our determination to get other market players to comply with applicable regulations. We follow a STAR model when we identify any violations which we deal with them according to the regulation and best practices.”

112. How do you stay informed about new compliance requirements and updates in your industry?

“We always follow the regulatory authorities’ websites and official channels for updates to the regulation or outreach sessions. Other industry leaders publish reports and insights from time to time which is also valuable to our practice.”

Frequently Asked Questions

Useful Links