• Anti-Money Laundering and Sanctions Rules and Guidance (AML) [VER06.310321]

    • AML 1. AML 1. Introduction

      • AML 1.1 AML 1.1 Jurisdiction

        • AML 1.1.1

          (1) The AML Rulebook is made in recognition of the application in the Abu Dhabi Global Market ("ADGM") of the Federal AML Legislation.
          (2) Nothing in the AML Rulebook affects the operation of Federal AML Legislation.
          Amended on (15 April, 2019).

      • AML 1.2 AML 1.2 Application

        • AML 1.2.1 AML 1.2.1

          (1) Subject to (2), the AML Rulebook applies to:
          (a) every Relevant Person in respect of all its activities carried out in or from the ADGM; and
          (b) the Persons specified in Rule 1.3.3 as being responsible for a Relevant Person's compliance with the AML Rulebook.
          (2) In respect of a Relevant Person that is:
          (a) an Authorised Person (other than a Credit Rating Agency) and a Recognised Body, only the requirements of Chapters 1 to 14 of the AML Rulebook apply;
          (b) a Representative Office only the requirements of Chapters 1 to 6 and 11 to 14 of the AML Rulebook apply;
          (c) a DNFBP, only the requirements of Chapters 1 to 9 and 11 to 15 of the AML Rulebook apply; and
          (d) an NPO only the requirements of Chapter 16 of the AML Rulebook apply.
          Amended on (15 April, 2019).

          • Guidance

            1. Chapters 7 to 9 of the AML Rulebook deal with customers. As a Representative Office does not have customer these chapters do not apply.
            2. Chapter 10 of the AML Rulebook deals with correspondent banking, electronic transfer of funds and audits.
            3. Relevant Persons should consider these Chapters and determine which provisions apply. To assist Relevant Persons the following table sets out the application of the AML Rulebook to each of the different types of Relevant Persons specified in Rule 1.2.1(1). This table is for guidance purposes only.

            Application table

            Relevant Person Applicable Chapter(s)
            Authorised Person (other than a credit Rating Agency) or Recognised Body 114
            Representative Office 16 1114
            DNFBP 19 1115
            NPO 16

            Added on (15 April, 2019).

        • AML 1.2.2 [Deleted]

          Deleted on (15 April, 2019).

        • AML 1.2.3 [Deleted]

          Deleted on (15 April, 2019).

      • AML 1.3 AML 1.3 Responsibility for compliance with the AML Rulebook

        • AML 1.3.1

          A Relevant Person's Governing Body is responsible for establishing, maintaining and monitoring the Relevant Person's AML policies, procedures, systems and controls and compliance with applicable AML legislation.

        • AML 1.3.2

          A Relevant Person's Governing Body must ensure the policies, procedures, systems and controls referred to in Rule 1.3.1 are effective to meet the obligations of the Relevant Person.

        • AML 1.3.3

          (1) Responsibility for a Relevant Person's compliance with the AML Rulebook lies with every member of the Governing Body and its Senior Management.
          (2) In carrying out their responsibilities under the AML Rulebook every member of a Relevant Person's Governing Body, its Senior Management and MLRO (as the case may be) must exercise due skill, care and diligence.
          (3) Nothing in this Rule precludes the Regulator from taking enforcement action against any Person, including any one or more of the following Persons, in respect of a breach of any Rule in the AML Rulebook:
          (a) a Relevant Person;
          (b) members of a Relevant Person's Senior Management; or
          (c) an Employee of a Relevant Person.
          Amended on (15 April, 2019).

      • AML 1.4 AML 1.4 Application table [Deleted]

        Deleted on (15 April, 2019).

        • Guidance [Deleted]

          Deleted on (15 April, 2019).

    • AML 2. AML 2. Overview And Purpose Of The AML Rulebook

      • Guidance

        1. Under Section 15A of the Financial Services and Markets Regulations 2015 ("FSMR"), the Regulator has jurisdiction for the regulation of AML in ADGM. The AML Rulebook sets out the requirements imposed by the Regulator. The U.A.E. criminal law applies in the ADGM and, therefore, Persons in the ADGM must be aware of their obligations in respect of the criminal law as well as these Rules. Relevant U.A.E. criminal laws include Federal AML Legislation and Federal Law No. 3 of 1987 (the Penal Code of the United Arab Emirates). The Rules in the AML Rulebook should not be relied upon to interpret or determine the application of the criminal laws of the U.A.E.
        2. The AML Rulebook has been designed to provide a single reference point for all Relevant Persons who are supervised by the Regulator for Anti-Money Laundering and Sanctions compliance in accordance with the scope of application outlined in Rule 1.2.1. Accordingly it applies to Relevant Persons, but in different degrees as provided in Rule 1.2.2(2). The AML Rulebook takes into consideration the fact that Relevant Persons have differing AML risk profiles. A Relevant Person should familiarise itself with the AML Rulebook, and assess the extent to which the Chapters and sections apply to it.
        3. The AML Rulebook is not intended to be read in isolation from other UAE relevant legislation or developments in international policy and best practice and, to the extent applicable, Relevant Persons need to be aware of, and take into account, how these aforementioned matters may impact on the Relevant Person's day to day operations. This is particularly relevant when considering the list of terrorist organisations or persons issued under Article 63 of Federal Law No.7 of 2014 on Combatting Terrorism and the United Nations Security Council ("UNSC") Resolutions which apply in the ADGM, and Sanctions imposed by other jurisdictions which may apply to a Relevant Person depending on the Relevant Person's jurisdiction of origin, its business and/or customer base.
        4. Chapter 1 specifies who is ultimately responsible for a Relevant Person's compliance with AML. The Regulator expects the Governing Body and Senior Management of a Relevant Person to establish a robust and effective AML and Sanctions compliance culture for the business.
        5. Chapter 2 provides an overview of the AML Rulebook and Chapter 3 sets out the key definitions in the AML Rulebook.
        6. Chapter 4 outlines the general compliance requirements including Group polices, notifications, record keeping requirements and the annual AML Return.
        7. Chapter 5 explains the meaning of the risk-based approach ("RBA"), which should be applied when complying with the AML Rulebook. The RBA requires a risk-based assessment of a Relevant Person's business (in Chapter 6) and its customers (in Chapter 7). A risk-based assessment should be a dynamic process involving regular review, and the use of these reviews to establish the appropriate processes to match the levels of risk. No two Relevant Persons will have the same approach, and implementation of the RBA and the AML Rulebook permits a Relevant Person to design and implement systems and controls that should be appropriate to their business and customers, with the obvious caveat being that such systems should be reasonable and proportionate in light of the AML risks. The Regulator expects the RBA to determine the breadth and depth of the Customer Due Diligence ("CDD") which is undertaken for a particular customer under Chapter 8, though the Regulator understands that there is an inevitable overlap between the risk-based assessment of the Customer in Chapter 7 and CDD in Chapter 8. This overlap may occur at the initial stages of on-boarding of customers but may also occur when undertaking on-going CDD.
        8. Chapter 9 sets out where a Relevant Person may rely on a third party to undertake all or some of its CDD obligations. Reliance on third-party CDD reduces the need to duplicate CDD already performed for a customer. Alternatively, a Relevant Person may outsource some or all of its CDD obligations to a service provider.
        9. Chapter 10 sets out certain obligations in relation to correspondent banking, wire transfers and other matters which are limited to Authorised Persons (other than a Credit Rating Agency) and Recognised Bodies and, in particular, to banks.
        10. Chapter 11 sets out a Relevant Person's obligations in relation to UNSC Resolutions and Sanctions, and government, regulatory and international findings (in relation to AML, terrorist financing and the financing of weapons of mass destruction).
        11. Chapter 12 sets out the obligation for a Relevant Person to appoint an MLRO and the responsibilities of such a Person.
        12. Chapter 13 sets out the requirements for AML training and awareness. A Relevant Person should adopt the RBA when complying with Chapter 13, so as to make its training and awareness proportionate to the AML risks of the business and the Employee role.
        13. Chapter 14 contains the obligations applying to all Relevant Persons concerning Suspicious Activity Reports, which are required to be made under Federal AML Legislation.
        14. Chapter 15 sets out additional obligations applying to DNFBPs, including registration and notification requirements.
        15. Chapter 16 sets out the obligations applying to Relevant Persons that are NPOs.
        Amended on (3 February, 2020).

      • The U.A.E. criminal law

        16. Under Article 3 of Federal Decree By Law No. 20 of 2018, a Relevant Person may be criminally liable for the offence of money laundering if such an activity is intentionally committed in its name or for its account. Relevant Persons are also reminded that:
        a. the failure to report suspicions of money laundering;
        b. "tipping off"; and
        c. assisting in the commission of money laundering,
        may each constitute a criminal offence that is punishable under the laws of the U.A.E.
        Amended on (15 April, 2019).

      • Financial Action Task Force Standards

        17. The Financial Action Task Force (the "FATF") is an inter-governmental body whose purpose is the development and promotion of international standards to combat money laundering and terrorist financing.
        18. The Regulator has had regard to the FATF Recommendations in making these Rules and has determined to closely align these Rules with the FATF Recommendations, where that is deemed to be necessary and appropriate. A Relevant Person may wish to refer to the FATF Recommendations and Interpretive Notes to assist it in complying with these rules. However, in the event that an FATF Recommendation or Interpretive Note conflicts with a Rule in the AML Rulebook, the relevant Rule takes precedence.
        19. A Relevant Person may also wish to refer to the FATF typology reports which may assist in identifying new money laundering threats and which provide information on money laundering and terrorist financing methods. The FATF typology reports cover many pertinent topics for Relevant Persons, including corruption, new payment methods, money laundering using trusts and Company Service Providers, and vulnerabilities of free trade zones. These typology reports can be found on the FATF website www.fatf-gafi.org.
        Amended on (3 February, 2020).

      • Basel Committee Standards

        20. The Basel Committee on Banking Supervision has published a set of guidelines for banks (Sound Management of Risks related to Money Laundering and Financing of Terrorism, January 2014) which are intended to supplement FATF Recommendations. Banks operating in ADGM should read the Basel Committee guidelines in conjunction with FATF Recommendations and in complying with these Rules.
        21. In the event that any of the Basel Committee guidelines conflict with a Rule in the AML Rulebook, the relevant Rule takes precedence.
        Amended on (15 April, 2019).

      • Wolfsberg Group

        22. The Wolfsberg Group is an association of thirteen global banks that has published guidance aimed at assisting financial institutions in managing money laundering risks (Wolfsberg Statement Guidance on a Risk Based Approach for Managing Money Laundering Risks, March 2006) and in preventing terrorist financing (Wolfsberg Statement on the Suppression of the Financing of Terrorism, January 2002). Banks operating in ADGM should be familiar with relevant Wolfberg Group published guidance in conjunction with the FATF Recommendations and in complying with these Rules.
        23. In the event that any part of the Wolfsberg Group published guidance conflicts with a Rule in the AML Rulebook, the relevant Rule takes precedence.
        Amended on (3 February, 2020).

      • Sanctions

        24. The U.A.E, as a member of the United Nations, is required to comply with all Sanctions issued and passed by the UNSC. The U.A.E periodically publicises its imposition of Sanctions. These UNSC obligations apply in the ADGM and their importance is emphasised by specific obligations contained in the AML Rulebook requiring Relevant Persons to establish and maintain effective systems and controls to make appropriate use of UNSC Sanctions and Resolutions (see Chapter 11).
        25. The FATF has issued guidance on a number of specific UNSC Sanctions and Resolutions regarding the countering of the proliferation of weapons of mass destruction. Such guidance has been issued to assist in implementing the targeted financial Sanctions and activity based financial prohibitions. This guidance can be found on the FATF website (at www.fatf-gafi.org).
        26. In relation to unilateral Sanctions imposed in specific jurisdictions such as the European Union, the U.K. ("HM Treasury") and the U.S. (by the Office of Foreign Assets Control ("OFAC")) and any other Sanctions that may apply to the Relevant Person's business partners and customers, the Regulator expects a Relevant Person to consider and take positive steps to ensure compliance where required or appropriate.
        Amended on (3 February, 2020).

    • AML 3. AML 3. Interpretation And Terminology

      • AML 3.1 AML 3.1 Interpretation

        • AML 3.1.1

          A reference in the AML Rulebook to "money laundering" in lower case includes a reference to terrorist financing, the financing of unlawful organisations and sanctions non-compliance unless the context provides or implies otherwise.

          Amended on (15 April, 2019).

      • AML 3.2 AML 3.2 Glossary for AML

        • Guidance on the term "customer"

          1. The point at which a Person becomes a customer will vary from business to business. However, the Regulator considers that it would usually occur at or prior to the business relationship being formalised, for example, by the signing of a client agreement or the acceptance by the customer of terms of business.
          2. The Regulator does not consider that a Person would be a customer of a Relevant Person merely because such Person receives marketing information from a Relevant Person or where a Relevant Person refers a Person who is not a customer to a third party (including a Group member).
          3. The Regulator considers that a Counterparty would generally be a customer for the purposes of the AML Rulebook and would therefore require a Relevant Person to undertake CDD on such a Person. However, this would not include a counterparty in a Transaction undertaken on a Regulated Exchange. Nor would it include suppliers of ancillary business services for consumption by the Relevant Person such as cleaning, catering, stationery, IT or other similar services.
          4. A Representative Office should not have any customers in relation to its ADGM operations.
          Amended on (15 April, 2019).

        • AML 3.2.1

          The following terms and abbreviations bear the following meanings for the purposes of these Rules.

          ADGM Means the Abu Dhabi Global Market.
          ADGM Entity Means a Legal Person which is incorporated or registered in the ADGM (excluding a registered Branch).
          AML or AML Rulebook Means the Anti-Money Laundering and Sanctions Rules and Guidance.
          AML Return Means the return which is required to be completed by Relevant Persons in accordance with AML 4.6.
          Authorised Person Means a Person, other than a Recognised Body, who is authorised under the FSMR.
          Beneficial Owners Means, in relation to a customer, a natural person who ultimately owns or controls the customer or a natural person on whose behalf a transaction is conducted or a business relationship is established and includes:
          (a) in relation to a body corporate, a person referred to in Rule 8.3.3(2);
          (b) in relation to a Partnership, a person referred to in Rule 8.3.4(2);
          (c) in relation to a trust or other similar Legal Arrangement, a person referred to in Rule 8.3.5 (2); and
          (d) in relation to a foundation, a person referred to in Rule 8.3.6(2).
          Body Corporate Means any body corporate, including limited liability partnership and a body corporate constituted under the law of a country or territory outside of the ADGM.
          Client Means a Retail Client, Professional Client or Market Counterparty as defined in COBS 2.
          Client Agreement Means an agreement between an Authorised Person and a Client which is made or entered into in accordance with COBS 3.3.
          Client Money Means money of any currency which an Authorised Person holds on behalf of a Client (including any receivables of the Authorised Person in respect of bank accounts or clearing or brokerage accounts) or which an Authorised Person treats as Client Money, subject to the exclusions in COBS 14.2.6.
          COBS Means the Conduct of Business Rulebook.
          Company Includes:
          (a) any Body Corporate (wherever incorporated); and
          (b) any unincorporated body constituted under the law of a country, territory or jurisdiction outside the ADGM.
          Company Service Provider Means a Person that, carries out the following services on behalf of a customer:
          (a) acting as a formation agent of Legal Persons;
          (b) acting as (or arranging for another Person to act as) a director or secretary of a company, a partner of a partnership or a similar position in relation to other Legal Persons or Legal Arrangements;
          (c) providing a registered office, business address or accommodation, correspondence or administrative address for a company, a partnership or any other Legal Person or Legal Arrangement;
          (d) acting as (or arranging for another Person to act as) a trustee of an express trust or performing the equivalent function for another form of Legal Arrangement; or
          (e) acting as (or arranging for another Person to act as) a nominee shareholder for another Person.
          Contract of Insurance Has the meaning given in Part 4 of Schedule 1 of FSMR.
          Contravention Means a contravention of any Regulations or Rules made by the ADGM Board and the Regulator, as the case may be.
          Correspondent Account Means an account opened on behalf of a Correspondent Banking Client to receive deposits from, to make payments on behalf of or to otherwise handle financial transactions for or on behalf of the Correspondent Banking Client.
          Correspondent Bank Means a bank in a jurisdiction other than the ADGM where an Authorised Person opens a Correspondent Account.
          Correspondent Banking Client Means a Client of an Authorised Person which uses the firm's correspondent banking services account to clear transactions for its own customer base.
          Counterparty Means any Person with or for whom an Authorised Person carries on, or intends to carry on, any regulated business or associated business. In this context, a Counterparty includes an individual, unincorporated association, Company, government, local authority or other public body.
          Credit Rating Agency Means a Person carrying on in or from the ADGM the Regulated Activity of Operating a Credit Rating Agency for which it has an authorisation under its Financial Services Permission.
          Customer Due Diligence (CDD) Has the meaning given in AML 8.3.
          Designated Non-Financial Business or Profession (DNFBP) Means the following class of Persons who carries out the following businesses in the ADGM:
          (a) a real estate agency which carries out transactions with other Persons that involve the acquiring or disposing of real property;
          (b) a dealer in precious metals or precious stones;
          (c) a dealer in any saleable item of a price equal to or greater than USD15,000;
          (d) an accounting firm, audit firm, insolvency firm or taxation consulting firm;
          (e) a law firm, notary firm or other independent legal business; or
          (f) a Company Service Provider.
          Director Means:
          (a) In relation to an Undertaking established under the ADGM Companies Regulations 2015, a Person who appears on the Register of Directors maintained by the ADGM Registrar of Companies;
          (b) In relation to all other Undertakings, a Person who has been admitted to a register which has a corresponding meaning to the Register of Directors or performs the function of acting in the capacity of a Director, by whatever name called;
          (c) who is employed or appointed by a Person in connection with that Person's business, whether under a contract of service or for services or otherwise; or
          (d) whose services, under an arrangement between that Person and a third party, are placed at the disposal and under the control of that Person.
          Employee Means an individual:
          (a) who is employed or appointed by a Person in connection with that Person's business, whether under a contract of service or for services or otherwise; or
          (b) whose services, under an arrangement between that Person and a third party, are placed at the disposal and under the control of that Person.
          Enhanced Customer Due Diligence Means undertaking Customer Due Diligence and the enhanced measures under AML 8.4.
          FATF Recommendations Means the publication entitled the "International Standards on Combatting Money Laundering and the Financing of Terrorism & Proliferation", as published and amended from time to time by the Financial Action Task Force (FATF).
          Federal AML Legislation Means the legislation described in section 258 of FSMR.
          Federal Decree by law No. 20 of 2018 Means U.A.E Federal Decree by Law No. 20 of 2018 On Anti Money Laundering, Combating the Financing of Terrorism and Financing of Illegal Organisations.
          Federal Law No. 1 of 2004 Means U.A.E Federal Law No. 1 of 2004 regarding Combatting Terrorism Offences.
          Federal Law No. 4 of 2002 Means U.A.E Federal Law No. 4 of 2002 regarding the Criminalisation of Money Laundering.
          Federal Law No. 7 of 2014 Means Federal Law No. 7 of 2014 regarding Combatting Terrorist Crimes.
          FIU Means the Financial Intelligence Unit of the U.A.E.
          Financial Institution Means:
          (a) (i) an Authorised Person; or
          (ii) any Person that carries out as its principal business an activity which would be a Regulated Activity if carried out in ADGM; and
          (b) that is not one of the following:
          (i) a governmental organisation, including the Central Bank of any State; or
          (ii) a multilateral development bank.
          Financial Services Permission Means a permission given, or having effect as if so given, by the Regulator in accordance with Part 4 of FSMR.
          Financial Services Regulator Means a regulator of financial services activities established in a jurisdiction other than the ADGM.
          FSMR Means the Financial Services and Markets Regulations 2015.
          Governing Body Means the board of directors, partners, committee of management or other governing body of an Undertaking.
          Group Has the meaning given in section 258 of FSMR.
          Guidance Has the meaning given in section 15(2) of FSMR.
          International Organisation Means an organisation established by formal political agreement between member countries, where the agreement has the status of an international treaty, and the organisation is recognised in the law of countries which are members.
          Investment Means Specified Investments set out in Part 3 of Schedule 1 of FSMR, unless otherwise specified.
          Legal Arrangement Means express trusts or other similar legal arrangements.
          Legal Person Means any entity other than a Natural Person that can establish a customer relationship with a Relevant Person or otherwise own property. This can include companies, Bodies Corporate or unincorporate, trusts, foundations, partnerships, associations, states and governments and other relevantly similar entities.
          Listed Body Corporate Means, for the purposes of Rule 8.3.3(4), a Body Corporate listed on a stock exchange recognised by the Regulator.
          Money Laundering Reporting Officer (MLRO) Means, for the purposes of an Authorised Person other than a Credit Rating Agency, the Recognised Function described in GEN 5.4.8.
          Natural Person Means an individual.
          Non-Profit Organisation (NPO) Means a Legal Person or arrangement or organisation that primarily engages in raising or disbursing funds for purposes such as charitable, religious, cultural, educational, social or fraternal purposes or for other charitable purpose.
          Parent Means a Holding Company as defined in section 1015 of the Companies Regulations 2015.
          Partner Means, in relation to an Undertaking which is a Partnership, a Person occupying the position of a partner, by whatever name called.
          Partnership Means any partnership, including a partnership constituted under the law of a country, jurisdiction or territory outside the ADGM, but not including a Limited Liability Partnership.
          Person Means any Natural Person, Body Corporate or body unincorporated, including a Legal Person, company, Partnership, unincorporated association, government or state.
          Politically Exposed Person (PEP) Means a Natural Person (and includes, where relevant, a family member or close associate) who is or has been entrusted with a prominent public function, including but not limited to, a head of state or of government, senior officials and functionaries of an international or supranational organisation, senior politician, senior government, judicial or military official, ambassador, senior executive of a state owned corporation, or an important political party official, but not middle ranking or more junior individuals in these categories.
          Recognised Body Means a Recognised Investment Exchange or a Recognised Clearing House.
          Regulated Activity Has the meaning given in section 19 of FSMR.
          Regulated Financial Institution A person who does not hold a FSP but who is authorised in a jurisdiction other than the ADGM to carry on any financial service by another Financial Services Regulator.
          Regulator Means the ADGM Financial Services Regulatory Authority.
          Relevant Person Has the meaning given in section 258 of FSMR.
          Representative Office Means the business operations of Person authorised to carry on the Regulated Activity of Operating a Representative Office in the ADGM and which actually carries on the Regulated Activity of Operating a Representative Office.
          Restricted Scope Company Has the meaning given in section 3(4) of the Companies Regulations 2015.
          Rule Means any rule made by the Regulator or the ADGM Board, as applicable, in accordance with the procedures in Part 2 of FSMR.
          Sanctions Means any law executing foreign policy, security, sanction, trade embargo, or anti-terrorism objectives or similar restrictions imposed, administered or enforced from time to time by:
          (a) the U.A.E.;
          (b) the United Nations Security Council;
          (c) the European Union;
          (d) H.M. Treasury of the United Kingdom;
          (e) the Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury;
          (f) any other relevant governmental authority; or
          (g) any of their successors.
          Sanctions List Means any official list of Persons or entities targeted by Sanctions from time to time.
          Senior Management Means in relation to a Relevant Person every member of the Relevant Person's executive management and includes:
          (i) for an ADGM Entity, every member of the Relevant Person's Governing Body;
          (ii) for a Branch, the Person or Persons who control the day to day operations of the Relevant Person in the ADGM; or
          (iii) for an auditor, every member of the Relevant Person's executive management in the U.A.E.
          Shareholder Means a Natural Person or legal entity governed by private or public law, who holds, directly or indirectly:
          (a) Shares of the Issuer in its own name and on its own account;
          (b) Shares of the Issuer in its own name, but on behalf of another natural person or legal entity; or
          (c) depository receipts, in which case the holder of the depository receipt shall be considered as the shareholder of the underlying Shares represented by the depository receipts.
          Shell Bank A bank that has no physical presence in the country in which it is incorporated or licensed and which is not affiliated with a regulated financial Group that is subject to effective consolidated supervision.
          Simplified Customer Due Diligence Means Customer Due Diligence as modified under AML 8.5.
          Source of Funds Means the origin of customer's funds which relate to a Transaction or service and includes how such funds are connected to a customer's Source of Wealth.
          Source of Wealth Means how the customer's global wealth or net worth is or was acquired or accumulated.
          Suspicious Activity Report (SAR) Means a report in the prescribed format regarding suspicious activity (including a suspicious Transaction) made to the FIU.
          Transaction Means any transaction undertaken by a Relevant Person for or on behalf of a customer in the course of carrying on a business in or from the ADGM.
          U.A.E. Means the United Arab Emirates.
          Undertaking Means:
          (a) a Body Corporate or Partnership; or
          (b) an unincorporated association carrying on a trade or business, with or without a view to profit.
          Unlawful Organisation An organisation, the establishment or activities of which have been declared to be criminal under Federal AML Legislation.
          Waiver Means in relation to GEN 8.2 written notice provided under FSMR.

           

          Amended on (3 February, 2020).

    • AML 4. AML 4. General Compliance Requirements

      Chapter 4 in this version of AML is a combination of Chapter 4 and Chapter 15 (General Obligations) from the previous version.

      • AML 4.1 AML 4.1 General requirements

        • AML 4.1.1

          (1) A Relevant Person must establish and maintain effective Anti-Money Laundering policies, procedures, systems and controls to prevent opportunities for money laundering, in relation to the Relevant Person and its activities.
          (2) A Relevant Person's Anti-Money Laundering policies, procedures, systems and controls must:
          (a) ensure compliance with Federal AML Legislation;
          (b) enable suspicious Persons and Transactions to be detected and reported;
          (c) ensure the Relevant Person is able to provide an appropriate audit trail of a Transaction; and
          (d) ensure compliance with any other obligation in these Rules.
          (3) A Relevant Person must take reasonable steps to ensure that its Employees comply with the relevant requirements of its Anti-Money Laundering policies, procedures, systems and controls.
          (4) A Relevant Person must review the effectiveness of its Anti-Money Laundering policies, procedures, systems and controls at least annually.
          (5) The review process may be undertaken:
          (a) internally by its internal audit or compliance function; or
          (b) by a competent firm of independent auditors or compliance professionals.
          (6) The review process required under Rule 4.1.1(4) must cover at least the following:
          (a) a sample testing of customer documentation relevant to an assessment of the adequacy of the customer risk assessment or CDD performed by the Relevant Person;
          (b) an analysis of all Suspicious Activity Reports to highlight any area where procedures or training may need to be enhanced; and
          (c) a review of the adequacy of the level of responsibility and oversight of the Relevant Person's Governing Body and Senior Management in ensuring the Relevant Person has implemented and maintained adequate controls.
          Amended on (15 April, 2019).

        • AML 4.1.2 [ Deleted]

          Amended on (3 February, 2020).

        • AML 4.1.2

          If another jurisdiction's laws or regulations prevent or inhibit a Relevant Person from complying with the Federal AML Legislation or with these Rules, the Relevant Person must immediately inform the Regulator in writing.

          Amended on (3 February, 2020).

      • AML 4.2 AML 4.2 Groups, branches and subsidiaries

        • AML 4.2.1 AML 4.2.1

          (1) A Relevant Person which is an ADGM Entity must ensure that its policies, procedures, systems and controls required by Rule 4.1.1 apply to:
          (a) all of its branches or subsidiaries; and
          (b) all of its Group entities in the ADGM.
          (2) The requirement in (1) does not apply if the Relevant Person can satisfy the Regulator that the relevant branch, subsidiary or Group entity is subject to regulation, including Anti-Money Laundering, by a Financial Services Regulator or other competent authority in a country or jurisdiction with Anti-Money Laundering regulations which are equivalent to the standards set out in the FATF Recommendations and is supervised for compliance with such regulations.
          (3) Where the regulator in another jurisdiction does not permit the implementation of policies, procedures, systems and controls consistent with these Rules, the Relevant Person must:
          (a) inform the Regulator in writing immediately; and
          (b) apply appropriate additional measures to manage the money laundering risks posed by the relevant branch or subsidiary.
          Added on (15 April, 2019).

          • Guidance

            A Relevant Person that is an ADGM Entity should conduct a periodic review to verify that any branch or subsidiary operating in another jurisdiction is in compliance with the obligations imposed under these Rules.

            Added on (15 April, 2019).

        • AML 4.2.2 AML 4.2.2

          A Relevant Person must:

          (a) communicate the policies and procedures that it establishes and maintains in accordance with these Rules to its Group entities, branches and subsidiaries; and
          (b) document the basis for its satisfaction that the requirement in Rule 4.2.1(1) is met.
          Added on (15 April, 2019).

          • Guidance

            In relation to an Authorised Person, if the Regulator is not satisfied in respect of the Anti-Money Laundering compliance of its branches and subsidiaries in another jurisdiction, it may take action, including making it a condition of the Authorised Person's Financial Services Permission that it must not operate a branch or subsidiary in that jurisdiction.

            Added on (15 April, 2019).

      • AML 4.3 AML 4.3 Group policies

        • AML 4.3.1

          A Relevant Person which is part of a Group must ensure that it:

          (a) has developed and implemented policies and procedures for the sharing of information between Group entities , including the sharing of information relating to CDD and money laundering risks;
          (b) has in place adequate safeguards on the confidentiality and use of information exchanged between Group entities, including consideration of relevant data protection legislation;
          (c) remains aware of the money laundering risks of the Group as a whole and of its exposure to the Group and takes active steps to mitigate such risks;
          (d) contributes to a Group-wide risk assessment to identify and assess money laundering risks for the Group; and
          (e) provides its Group-wide compliance, audit and Anti-Money Laundering functions with customer account and Transaction information from its Branches and Subsidiaries when necessary for Anti-Money Laundering purposes.
          Added on (15 April, 2019).

      • AML 4.4 AML 4.4 Notifications

        • AML 4.4.1

          A Relevant Person must inform the Regulator in writing immediately if, in the course of its activities carried on in or from the ADGM or in relation to any of its Branches or Subsidiaries, it:

          (a) receives a request for information from a regulator or agency in another jurisdiction responsible for Anti-Money Laundering or Sanctions regarding enquiries into potential money laundering or terrorist financing or Sanctions breaches;
          (b) becomes aware, or has reasonable grounds to believe, that the following has or may have occurred in or through its business:
          (i) money laundering, contrary to relevant Federal AML Legislations
          (ii) a breach of Sanctions; or
          (iii) acts amounting to bribery under the Organisation for Economic Co-operation and Development (“OECD”) Convention on Combating Bribery of Foreign Public Officials in International Business Transactions;
          (c) becomes aware of any money laundering or Sanctions matter in relation to the Relevant Person or a member of its Group which could result in adverse reputational consequences to the Relevant Person; or
          (d) becomes aware of any a significant breach of a Rule in the AML Rulebook or breach of relevant Federal AML Legislations
          Added on (15 April, 2019).

        • AML 4.4.2

          A Relevant Person must inform the Regulator in writing as soon as possible if, in the course of its activities carried on in or from the ADGM, it suspects or becomes aware that another Person outside of its business is engaged in:

          (a) money laundering, contrary to relevant Federal AML Legislations
          (b) a breach of Sanctions; or
          (c) acts amounting to bribery under the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions.

          This requirement does not apply to information or documents that are legally privileged or in the public domain.

          Added on (15 April, 2019).

      • AML 4.5 AML 4.5 Record keeping

        • AML 4.5.1

          A Relevant Person must, where relevant, maintain the following records:

          (a) a copy of all documents and information obtained in undertaking initial and on-going CDD or due diligence on business partners;
          (b) records, consisting of the original documents or certified copies, in respect of the customer business relationship, including:
          (i) business correspondence and other information relating to a customer's account;
          (ii) sufficient records of transactions to enable individual transactions to be reconstructed; and
          (iii) internal findings and analysis relating to a transaction or any business, if the transaction or business appears unusual or suspicious, whether or not it results in a Suspicious Activity Report;
          (c) Internal Suspicious Activity Report notifications made under Rule 14.2.2;
          (d) Suspicious Activity Reports and any relevant supporting documents and information, including internal findings and analysis;
          (e) any relevant communications with the FIU;
          (f) the documents in Rule 4.6.1; and
          (g) any other matter that the Relevant Person is expressly required to record under these Rules,
          for at least six years from the date on which the notification or report was made, the business relationship ends or the Transaction is completed, whichever occurs last.
          Amended on (3 February, 2020).

        • AML 4.5.2 AML 4.5.2

          A Relevant Person must immediately provide to the Regulator, upon request, or a law enforcement agency, pursuant to a valid and enforceable request or requirement, a copy of the record referred to in Rule 4.6.1.

          Added on (15 April, 2019).

          • Guidance

            The Regulator expects that a Relevant Person will be able to ordinarily provide the records within one day of a request from the Regulator.

            Added on (15 April, 2019).

        • AML 4.5.3

          A Relevant Person must document, and provide to the Regulator immediately upon request, any of the following:

          (a) the risk assessment of its business as required by Rule 6.1.1;
          (b) how the assessment in (a) was used for the purposes of complying with Rule 7.2.1(1);
          (c) the risk assessment of the customer undertaken under Rule 7.1.1(a); and
          (d) the determination made under Rule 7.1.1(b).
          Added on (15 April, 2019).

        • AML 4.5.4 AML 4.5.4

          The records maintained by a Relevant Person must be kept in such a manner that:

          (a) the Regulator or another competent third party is able to assess the Relevant Person's compliance with legislation applicable in ADGM;
          (b) any Transaction which was processed by or through the Relevant Person on behalf of a customer or other third party can be reconstructed;
          (c) any customer or third party can be identified;
          (d) all internal and external Suspicious Activity Reports can be identified; and
          (e) the Relevant Person can satisfy, within an appropriate time, any regulatory enquiry or court order to disclose information.
          Added on (15 April, 2019).

          • Guidance

            1. The records required to be kept under Rule 4.6.1 may be kept in electronic format, provided that such records are readily accessible and available to respond promptly to any requests from the Regulator for information.
            2. If the date on which the business relationship with a customer ended is unclear, it may be taken to have ended on the date of the completion of the last Transaction.
            Added on (15 April, 2019).

        • AML 4.5.5

          Where the records referred to in Rule 4.6.1 are kept by a Relevant Person outside ADGM, a Relevant Person must:

          (a) take reasonable steps to ensure that the records are held in a manner consistent with these Rules;
          (b) ensure that the records are easily accessible to the Relevant Person; and
          (c) upon request by the Regulator, ensure that the records are immediately available for inspection.
          Added on (15 April, 2019).

        • AML 4.5.6

          A Relevant Person must:

          (a) identify where there is secrecy or data protection legislation that might restrict access without delay to the records referred to in Rule 4.6.1 by the Relevant Person, the Regulator or the law enforcement agencies of the U.A.E.; and
          (b) where such legislation exists, obtain without delay certified copies of the relevant records and keep such copies in a jurisdiction which allows access by those persons in (a).
          Added on (15 April, 2019).

        • AML 4.5.7 AML 4.5.7

          A Relevant Person must be able to demonstrate that it has complied with the training and awareness requirements in Chapter 13 through appropriate measures, including the maintenance of relevant training records.

          Added on (15 April, 2019).

          • Guidance

            The Regulator considers that "appropriate measures" in Rule 4.5.7 may include the maintenance of a training log setting out details of:

            (a) the dates when the training was given;
            (b) the nature of the training; and
            (c) the names of Employees who received the training.
            Added on (15 April, 2019).

      • AML 4.6 AML 4.6 Annual AML Return

        • AML 4.6.1 AML 4.6.1

          A Relevant Person must complete the prescribed AML Return form and submit it to the Regulator by the end of April each year. The AML Return must cover the period from 1 January to 31 December of the preceding year.

          Added on (15 April, 2019).

          • Guidance [Deleted]

            Amended on (3 February, 2020).

      • AML 4.7 AML 4.7 Co-operation with the Regulators

        Amended on (15 April, 2019).

        • AML 4.7.1

          A Relevant Person must:

          (a) be open and cooperative in all its dealings with the Regulator; and
          (b) ensure that any communication with the Regulator is conducted in the English language.
          Amended on (15 April, 2019).

      • AML 4.8 AML 4.8 Employee disclosures

        • AML 4.8.1 AML 4.8.1

          A Relevant Person must ensure that it does not prejudice an Employee who discloses any information regarding money laundering to the Regulator or to any other relevant body involved in the prevention of money laundering.

          Added on (15 April, 2019).

          • Guidance

            The Regulator considers that "relevant body" in Rule 4.8.1 would include the FIU, any other financial intelligence unit, the police, or an Abu Dhabi or Federal ministry.

            Amended on (3 February, 2020).

    • AML 5. AML 5. Applying A Risk-Based Approach To AML

      • AML 5.1 AML 5.1 The risk-based approach

        • AML 5.1.1 AML 5.1.1

          A Relevant Person must:

          (a) assess and address its Anti-Money Laundering risks under the AML Rulebook by reviewing the risks to which the Relevant Person is exposed as a result of the nature of its business, customers, products, services and any other matters which are relevant in the context of money laundering; and
          (b) ensure that any risk-based assessment for the purposes of complying with a requirement in the AML Rulebook is:
          (i) objective and proportionate to the risks;
          (ii) based on reasonable grounds;
          (iii) properly documented; and
          (iv) updated at appropriate intervals.
          Amended on (15 April, 2019).

          • Guidance

            1. Rule 5.1.1 requires a Relevant Person to adopt an approach to Anti-Money Laundering which is proportionate to the risks. This is called the "risk-based approach" ("RBA"). The Regulator expects the RBA to be a key part of the Relevant Person's anti-money laundering compliance culture and to cascade down from the Senior Management to the rest of the organisation. Embedding the RBA within its business allows a Relevant Person to make decisions and allocate Anti-Money Laundering resources in the most efficient and effective way.
            2. In implementing the RBA, a Relevant Person is expected to have in place processes to identify, assess, monitor, manage and mitigate money laundering risks. The general principle is that where there are assessed to be higher risks of money laundering, a Relevant Person is required to take enhanced measures to manage and mitigate those risks, and that, correspondingly, when the risks are assessed to be lower, simplified measures are permitted. Simplified measures are not permitted where there is any suspicion of money laundering.
            3. The RBA should not be seen as a "tick-box" approach to Anti-Money Laundering. Instead a Relevant Person is required to assess relevant money laundering risks and adopt a proportionate response to such risks; however, even where a customer is assessed through the RBA as being low risk a minimum of simplified CDD must be undertaken in relation to that customer.
            4. The Rules regarding record-keeping for the purposes of the AML Rulebook are in Rule 4.5 and 4.7. These Rules apply in relation to Rule 5.1.1(b)(iii).
            Amended on (15 April, 2019).

        • AML 5.1.2 [Deleted]

          Deleted on (15 April, 2019).

    • AML 6. AML 6. Business Risk Assessment

      • AML 6.1 AML 6.1 Assessing business AML risks

        • AML 6.1.1

          A Relevant Person must:

          (a) take appropriate steps to identify and assess money laundering risks to which its business is exposed, taking into consideration the nature, size and complexity of its activities;
          (b) when identifying and assessing the risks in (a), take into account, to the extent relevant, any vulnerabilities relating to:
          (i) its type of Customers and their activities;
          (ii) the countries or geographic areas in which it does business;
          (iii) its products, services and activity profiles;
          (iv) its distribution channels and business partners;
          (v) the complexity and volume of its Transactions;
          (vi) the development of new products and business practices, including new delivery mechanisms, channels and partners;
          (vii) the use of new or developing technologies for both new and pre-existing products and services; and
          (c) take appropriate measures to ensure that any risk identified as part of the assessment in (a) is taken into account in its day to day operations and is mitigated, including in relation to:
          (i) the development of new products, services, business practices and technologies;
          (ii) the taking on of new customers; and
          (iii) changes to its business profile.
          Amended on (15 April, 2019).

        • AML 6.1.2

          A Relevant Person must use the information obtained in undertaking its business risk assessment to:

          (a) develop and maintain its Anti-Money Laundering policies, procedures, systems and controls as required by Rule 6.2.1;
          (b) ensure that its Anti-Money Laundering policies, procedures, systems and controls adequately mitigate the risks identified as part of the assessment in Rule 6.1.1;
          (c) assess the effectiveness of its Anti-Money Laundering policies, procedures, systems and controls as required by Rule 6.2.1(c);
          (d) assist in the allocation and prioritisation of Anti-Money Laundering resources; and
          (e) assist in the carrying out of the customer risk assessment under Chapter 7.
          Amended on (15 April, 2019).

        • AML 6.1.3 AML 6.1.3

          Without limiting compliance with Rules 6.1.1 and 6.1.2 a Relevant Person must, prior to launching any new product, service, business practice or using a new or developing technology, take reasonable steps to ensure that it has:

          (a) assessed and identified the money laundering risks relating to the product, service, business practice or technology; and
          (b) taken appropriate steps to mitigate or eliminate the risks identified under (a).
          Added on (15 April, 2019).

          • Guidance

            1. Unless a Relevant Person understands the money laundering risks to which it is exposed, it cannot take appropriate steps to prevent its business being used for the purposes of money laundering. Money laundering risks vary from business to business depending on the nature of the business, the type of customers a business has, the nature of the products and services sold, and the geographical operations in which it operates.
            2. Using the RBA, a Relevant Person should assess its own vulnerabilities to money laundering and take all reasonable steps to eliminate or manage such risks. The results of this assessment will also feed into the Relevant Person's risk assessment of its Customers under Chapter 7.
            3. A Relevant Person should, prior to launching any new product, service, business practice pay specific attention to assessing the potential for risks associated with money laundering. This is especially important given the innovative nature of any such new offering as the Relevant Person may be less familiar with the functioning of the offering, compared to existing offerings.
            4. Similarly, in using a new or developing technology, such as those associated with the Regulated Activity of Developing Financial Technology Services within the RegLab, a Relevant Person should pay specific attention to assessing the potential for risks associated with money laundering that might arise as a result of implementing that innovative technology.
            Amended on (15 April, 2019).

      • AML 6.2 AML 6.2 Anti-Money Laundering systems and controls

        Amended on (15 April, 2019).

        • AML 6.2.1 AML 6.2.1

          A Relevant Person must:

          (a) establish and maintain effective policies, procedures, systems and controls to prevent opportunities for money laundering in relation to the Relevant Person and its activities;
          (b) ensure that its systems and controls in (a):
          (i) include the provision to the Relevant Person's Senior Management of regular management information on the operation and effectiveness of its Anti-Money Laundering systems and controls necessary to identify, measure, manage and control the Relevant Person's money laundering risks;
          (ii) enable it to determine whether a customer or a Beneficial Owners is a PEP;
          (iii) enable the Relevant Person to comply with these Rules and Federal AML Legislation; and
          (iv) the Penal Code of the United Arab Emirates; and
          (c) ensure that regular risk assessments are carried out on the adequacy of the Relevant Person's Anti-Money Laundering systems and controls to ensure that they continue to enable it to identify, assess, monitor and manage money laundering risk adequately, and are comprehensive and proportionate to the nature, scale and complexity of its activities.
          Amended on (15 April, 2019).

          • Guidance

            In Rule 6.2.1(c) the regularity of risk assessments will depend on the nature, size and complexity of the Relevant Person's business and also on when any material changes are made to its business.

            Amended on (15 April, 2019).

      • AML 6.3 [Deleted]

        Deleted on (15 April, 2019).

    • AML 7. AML 7. Customer Risk Assessment

      • Guidance

        1. This Chapter prescribes the risk-based assessment that must be undertaken by a Relevant Person on a customer and the proposed business relationship, Transaction or product. The outcome of this process is to produce a risk rating for a customer, which determines the level of CDD that must be undertaken in relation to that customer under Chapter 8. Chapter 8 prescribes the requirements of CDD and of Enhanced CDD for high-risk customers and, where appropriate, Simplified CDD for low-risk customers.
        2. CDD in the context of AML refers to the process of identifying a customer, verifying such identification and monitoring the customer's business and the potential for any money laundering risk on an on-going basis. CDD is required to be completed following a risk-based assessment of the customer and the proposed business relationship, Transaction or product.
        3. Relevant Persons should note that the on-going CDD requirements in Rule 8.6.1 require a Relevant Person to ensure that it reviews a customer's risk rating to ensure that it remains appropriate in light of the potential money laundering risks.
        4. The risk-based assessment of the customer and the proposed business relationship, Transaction or product required under this Chapter is required to be undertaken prior to the establishment of a business relationship with a customer. Because the risk rating assigned to a customer resulting from this assessment determines the level of CDD that must be undertaken for that customer, this process must be completed before the CDD is completed for the customer. The Regulator is aware that in practice there will often be some degree of overlap between the customer risk assessment and CDD. For example, a Relevant Person may undertake some aspects of CDD, such as identifying Beneficial Owners, when it performs a risk assessment of the customer. Conversely, a Relevant Person may also obtain relevant information as part of CDD which has an impact on its customer risk assessment. Where information obtained as part of CDD of a customer affects the risk rating of a customer, the change in risk rating should be reflected in the degree of CDD undertaken.
        Added on (15 April, 2019).

      • AML 7.1 AML 7.1 Customer risk-based assessment [Deleted]

        Deleted on (15 April, 2019).

        • AML 7.1.1 [Deleted]

          Deleted on (15 April, 2019).

        • AML 7.1.2 [Deleted]

          Deleted on (15 April, 2019).

        • AML 7.1.3 AML 7.1.3 [Deleted]

          Deleted on (15 April, 2019).

          • [Deleted]

            Deleted on (15 April, 2019).

      • AML 7.2 AML 7.2 Assessing Customer AML risks [Deleted]

        Deleted on (15 April, 2019).

        • AML 7.2.1 [Deleted]

          Deleted on (15 April, 2019).

        • AML 7.2.2 AML 7.2.2 [Deleted]

          Deleted on (15 April, 2019).

          • Guidance on the Customer risk assessment [Deleted]

            Deleted on (15 April, 2019).

          • Guidance on the term "Customer" [Deleted]

            Deleted on (15 April, 2019).

          • Guidance on Restricted Scope Companies [Deleted]

            Deleted on (15 April, 2019).

          • Guidance on high-risk Customers [Deleted]

            Deleted on (15 April, 2019).

      • AML 7.3 [Deleted]

        Deleted on (15 April, 2019).

      • AML 7.1 AML 7.1 Assessing customer Anti-Money Laundering risks

        • AML 7.1.1

          (1) A Relevant Person must:
          (a) undertake a risk-based assessment of every customer; and
          (b) assign the customer a risk rating proportionate to the assessed money laundering risks associated with the customer.
          (2) The customer risk assessment in (1) must be completed:
          (a) prior to establishing a business relationship with a customer;
          (b) on a periodic basis, in accordance with Rule 8.6.1(e); and
          (c) whenever it is otherwise appropriate for existing customers, including where the Relevant Person becomes aware of any change to the risk factors associated with the customer that might contribute to the potential for money laundering risk to increase materially.
          (3) When undertaking a risk-based assessment of a customer under (a), a Relevant Person must identify, assess and consider:
          (a) the customer and any Beneficial Owners;
          (b) the purpose and intended nature of the business relationship, and the nature of the customer's business;
          (c) the nature, ownership and control structure of the customer, its beneficial ownership (if any) and its business;
          (d) the customer's country of origin, residence, nationality, place of incorporation or place of business;
          (e) the relevant product, service or Transaction;
          (f) in relation to life insurance or other similar insurance policy, the beneficiary of the policy and Beneficial Owners of the beneficiary; and
          (g) the outcomes of the business risk assessment undertaken under Chapter 6.
          Added on (15 April, 2019).

        • AML 7.1.2

          (1) When undertaking a risk-based assessment of a customer and considering whether or not to assign a high risk rating under 7.1.1(1), a Relevant Person must take into account all relevant risk factors that would reasonably apply to the customer, including but not limited to:
          (a) customer risk factors, including whether the:
          (i) business relationship is conducted in unusual circumstances;
          (ii) customer is resident, established, registered or conducts business in a geographical area or jurisdiction of high risk (as set out in paragraph (c));
          (iii) customer is a Legal Person or a Legal Arrangement that is a vehicle for holding personal assets;
          (iv) customer is a company that has nominee shareholders or shares in bearer form;
          (v) customer is a business that is cash intensive, such as a business that receives a majority of its revenue in cash;
          (vi) corporate structure of the customer or any group to which it belongs is unusual or excessively complex given the nature of the business;
          (b) product, service, transaction or delivery channel risk factors, including whether:
          (i) the service involves private banking;
          (ii) the product, service or transaction is one that might allow for anonymity or obfuscation of the true identity of any of the parties involved in the transaction;
          (iii) the situation involves non face-to-face business relationships or transactions, or lacks appropriate safeguards, such as electronic signatures;
          (iv) payments will be received from unknown or unassociated third parties;
          (v) the service involves the provision of nominee directors, nominee shareholders or shadow directors, or the formation of companies in another country;
          (vi) new products and new business practices are involved, including new delivery mechanisms or the use of new or developing technologies for both new and pre-existing products; and
          (c) geographical or jurisdictional risk factors, including whether the relevant country or countries:
          (i) are identified by credible sources, as:
          (A) not having effective systems to counter money laundering; or
          (B) not implementing requirements to counter money laundering that are consistent with FATF Recommendations;
          (ii) are identified by credible sources as having significant levels of corruption or other criminal activity, such as terrorism, money laundering or the production and supply of illicit drugs;
          (iii) are subject to sanctions, embargos or similar measures issued by, for example, the United Nations or the State;
          (iv) are identified by credible sources as providing funding or support for terrorism;
          (v) have organisations operating within their territory that have been designated by the State, other countries or International Organisations as terrorist organisations.
          (2) For the purposes of 7.1.2(1)(c), a credible source includes, but is not limited to, mutual evaluations, detailed assessment reports or follow up reports issued by FATF, the International Monetary Fund ("IMF"), the World Bank, the OECD and other International Organisations.
          Amended on (3 February, 2020).

        • AML 7.1.3 AML 7.1.3

          (1) When undertaking a risk-based assessment of a customer and considering whether or not to assign a low risk rating under 7.1.1(1), a Relevant Person must take into account all relevant risk factors that would reasonably apply to the customer, including but not limited to:
          (a) customer risk factors, including whether the customer is:
          (i) a public body or a publicly owned enterprise;
          (ii) resident, established, registered or conducts business in a geographical area or jurisdiction of lower risk (as set out in paragraph (c));
          (iii) an Authorised Person;
          (iv) a Regulated Financial Institution that is subject to regulation and supervision, including Anti Money Laundering regulation and supervision, in a jurisdiction with Anti Money Laundering regulations that are equivalent to the standards set out in the FATF Recommendations;
          (v) a Subsidiary of a Regulated Financial Institution referred to in (iv), if the law that applies to the Parent ensures that the Subsidiary also observes the same Anti-Money Laundering standards as its Parent;
          (vi) a company whose Securities are listed by the Regulator, another Financial Services Regulator or a Regulated Exchange, which is subject to disclosure obligations broadly equivalent to those set out in the Market Rules;
          (vii) a law firm, notary firm or other legal business that carries on its business in ADGM;
          (viii) an accounting firm, insolvency firm, auditor or other audit firm that carries on its business in ADGM;
          (b) product, service, transaction or delivery channel risk factors, including whether the product or service is:
          (i) a Contract of Insurance which is non-life insurance;
          (ii) a Contract of Insurance which is a life insurance product with no investment return or redemption or surrender value;
          (iii) an insurance policy for a pension scheme that does not provide for an early surrender option, and cannot be used as collateral;
          (iv) a pension, superannuation or similar scheme that satisfies the following conditions:
          (A) the scheme provides retirement benefits to employees;
          (B) contributions to the scheme are made by way of deductions from wages; and
          (C) the scheme rules do not permit the assignment of a member's interest under the scheme;
          (v) a product where the risks of money laundering are adequately managed by other factors such as transaction limits or transparency of ownership; and
          (c) geographical and jurisdictional risk factors, including whether a country or countries:
          (i) are identified by credible sources as having effective systems to counter money laundering;
          (ii) are identified by credible sources as having a low level of corruption or other criminal activity, such as terrorism, money laundering, or the production and supply of illicit drugs;
          (iii) have been assessed by credible sources, as having::
          (A) requirements to counter money laundering that are consistent with the FATF Recommendations; and
          (B) effectively implement FATF Recommendations.
          (2) For the purposes of (1)(c), a credible source includes, but is not limited to, mutual evaluations, detailed assessment reports or follow up reports issued by FATF, the IMF, the World Bank, the OECD and other International Organisations.
          Added on (15 April, 2019).

          • Guidance on high risk customers

            1. When assessing the risk factors referred to in 7.1.2(1), Relevant Persons must bear in mind that the presence of one or more risk factors may not always indicate a high risk of money laundering in a particular situation.
            2. An example of a business relationship conducted in unusual circumstances, for the purposes of Rule 7.1.2 (1)(a)(i), would include, but is not limited to a business relationship or proposed business relationship that involves, or would involve, significant unexplained geographic distance between the location of the Relevant Person and the customer or proposed customer.
            3. The highest risk products or services in respect of money laundering are those where unlimited third party funds can be freely received from or paid to third parties, without evidence of the identity of the third parties being obtained and the identity being verified.
            4. Money laundering risks are likely to be increased if a Person is able to hide behind corporate structures such as limited companies, trusts, special purpose vehicles and nominee arrangements. When devising its internal procedures, a Relevant Person should consider how its customers and operational systems impact upon the capacity of its staff to identify suspicious Transactions. Generally, the lowest risk products in respect of money laundering are those where funds can only be received from a named customer by way of payment from an account held in the customer's name, and similarly where the funds can only be remitted to a named customer.
            Added on (15 April, 2019).

          • Guidance on the customer risk assessment

            1. The risk assessment of a customer requires a Relevant Person to allocate an appropriate risk rating to the customer. Risk ratings should be either descriptive, such as "low", "medium" or "high", or a sliding, ordinal numeric scale such as 1 for the lowest risk to 10 for the highest, with at least three differentiated risk ratings. All the factors set out in both 7.1.2 and 7.1.3 should be considered in order to assess and allocate the appropriate risk rating to the customer.
            2. Depending on the outcome of a Relevant Person's assessment of its customer's money laundering risk, a Relevant Person should decide to what degree CDD will need to be performed. For a customer exhibiting significant potential risk for money laundering, the Relevant Person is required to carry out Enhanced CDD under Rule 8.4, in addition to the normal CDD required under Rule 8.3. For a customer rated low risk, the Relevant Person may be able to carry out Simplified CDD under Rule 8.5. For any other customer, the Relevant Person must undertake CDD under Rule 8.3.
            3. Using the RBA, a Relevant Person could, when assessing two customers with near identical risk profiles, consider that one is high-risk and the other low-risk. This may occur, for example, where both customers may be from the same high-risk country, but one customer may be a customer in relation to a low-risk product, or may be a long-standing customer of a Group company which has been introduced to the Relevant Person.
            Added on (15 April, 2019).

          • Guidance on low risk customers

            When assessing the risk factors referred to in 7.1.3 (1), a Relevant Person must bear in mind that the presence or absence of one or more risk factors may not always indicate a high or low risk of money laundering respectively in a particular situation.

            Added on (15 April, 2019).

      • AML 7.2 AML 7.2 Prohibition on Establishing Business Relationships with Certain customers

        • AML 7.2.1

          A Relevant Person must not establish a business relationship with a prospective customer that is a Legal Person or Legal Arrangement if the ownership or control arrangements of the customer prevents the Relevant Person from identifying one or more of the customer's Beneficial Owners.

          Added on (15 April, 2019).

        • AML 7.2.2

          A Relevant Person must not establish or maintain a business relationship with a Shell Bank.

          Added on (15 April, 2019).

        • AML 7.2.3 AML 7.2.3

          A Relevant Person must not knowingly establish or maintain an anonymous account, an account in a fictitious name, or a nominee account which is held for the benefit of another person whose true identity has not been disclosed to the Relevant Person.

          Added on (15 April, 2019).

          • Guidance

            1. In Rules 7.2.1, ownership arrangements which may prevent the Relevant Person from identifying one or more Beneficial Owners include bearer shares and other negotiable instruments in which ownership is determined by possession.
            2. A Shell Bank is a bank that has no physical presence in the country in which it is incorporated and licensed, and which is unaffiliated with a regulated financial Group that is subject to effective consolidated supervision. The Regulator does not consider that the existence of a local agent or low-level staff constitutes physical presence.
            Added on (15 April, 2019).

        • AML 7.2.4 AML 7.2.4

          If a Relevant Person uses a numbered account with an abbreviated name, it must ensure that:

          (a) such an account is used only for internal purposes;
          (b) it has undertaken the same CDD procedures in relation to the account holder as are required for other account holders;
          (c) it maintains the same information in relation to the account and account holder as is required for other accounts and account holders; and
          (d) staff performing AML functions, including staff responsible for identifying and monitoring transactions for suspicious activity, and staff performing compliance and audit functions, have full access to information about the account and the account holder.
          Added on (15 April, 2019).

          • Guidance on anonymous accounts

            A Relevant Person should note that, in addition to the prohibition in Rule 7.2.3 against knowingly establishing anonymous accounts, accounts in a fictitious name or nominee accounts, the Federal AML legislation also prohibits the opening of accounts held under borrowed, mock or fake names or accounts designated solely with numbers and without the names of account holders.

            Added on (15 April, 2019).

          • Guidance on Restricted Scope Companies

            1. A Restricted Scope Company is a corporate vehicle offering a greater degree of confidentiality than other forms of corporate entity in ADGM. Restricted Scope Companies are not required to file accounts and are not required to have their accounts audited. Restricted Scope Companies must file an annual return, articles, and details of their registered offices, directors and secretary (if they have one) with the ADGM Registrar of Companies.
            2. Relevant Persons will know that Restricted Scope Companies are subject to less onerous corporate disclosure requirements than other forms of corporate entities due to the requirement to have "(Restricted)" in a company's name. Given that only the constitution and details of the registered office of a Restricted Scope Company will be available in a public register, a Relevant Person will be required to have a bilateral dialogue with the Restricted Scope Company, in accordance with the RBA, to obtain any other relevant information which it needs to assess the money laundering risks to which it is exposed.
            3. Restricted Scope Companies should be forthcoming with relevant information in response to requests by other Persons and entities for the purpose of the compliance of the latter with the requirements in the AML Rulebook. The fact that Restricted Scope Companies are not subject to strict standards of disclosure of corporate documentation to a public registry should not be interpreted by Restricted Scope Companies to limit or prohibit their providing of any relevant information to other Persons and entities for Anti-Money Laundering purposes.
            Added on (15 April, 2019).

    • AML 8. AML 8. Customer Due Diligence

      • AML 8.1 AML 8.1 Requirement to undertake Customer Due Diligence

        • AML 8.1.1

          (1) A Relevant Person that is an Authorised Person or a Recognised Body must undertake CDD under Rule 8.3.1 where the Relevant Person:
          (a) establishes a business relationship with a customer;
          (b) carries out an occasional Transaction for a customer that is of an amount of equal to or more than USD15,000; 
          (c) suspects a customer of, or a Transaction to be for the purposes of, money laundering; or
          (d) doubts the veracity or adequacy of any documents or information previously provided by, or obtained for, a customer in relation to (a), (b) or (c) above.
          (2) A Relevant Person that is a DNFBP must undertake CDD under Rule 8.3.1 where it:
          (a) is a real estate agency and it prepares for or is involved in a Transaction, or the provision of real estate agency services to a Person, that involves the buying and selling of real property;
          (b) is a dealer in precious metals or precious stones and it is involved in a Transaction in cash that amounts to USD15,000 or more, whether or not the Transaction is executed in a single operation or in several operations that are or appear to be linked;
          (c) is a dealer in any saleable item of a price equal to or greater than USD15,000 and it is involved in a Transaction in cash that amounts to USD15,000 or more, whether or not the Transaction is executed in a single operation or in several operations that are or appear to be linked;
          (d) is an accounting firm, audit firm, insolvency firm or taxation consulting firm and it prepares for or is involved in the provision of accounting, auditing, insolvency or taxation consulting services to a Person;
          (e) is a law firm, notary firm or other independent legal business and it prepares for or is involved in the provision of legal or notarial services to another Person participating in financial or real property Transactions concerning the following activities:
          (i) the buying and selling of real property;
          (ii) the managing of client money, securities or other assets;
          (iii) the management of bank, savings or securities accounts;
          (iv) the organisation of contributions for the creation, operation or management of companies; or
          (v) the creation, operation or management of legal persons or arrangements, and buying and selling of business entities; or
          (f) is a Company Service Provider and it prepares for or is involved in the provision of any of the following services to another Person:
          (i) acting as a formation agent of Legal Persons or Legal Arrangements;
          (ii) acting as (or arranging for another Person to act as) a director or secretary of a company, a partner of a partnership, or a similar position in relation to other Legal Persons or Legal Arrangements;
          (iii) providing a registered office, business address or accommodation, correspondence or administrative address for a company, a partnership or any other Legal Person or Legal Arrangement;
          (iv) acting as (or arranging for another Person to act as) a trustee of an express trust or performing the equivalent function for another form of Legal Arrangement; or
          (v) acting as (or arranging for another Person to act as) a nominee shareholder for another Person.
          (3) In addition to undertaking CDD in accordance with Rule 8.3.1, a Relevant Person must undertake Enhanced CDD in accordance with Rule 8.4.1 for each of its customers assigned a high risk rating;
          (4) A Relevant Person may undertake Simplified CDD in accordance with Rule 8.5.1 by modifying the CDD undertaken in accordance with Rule 8.3.1 for any customer assigned a low risk rating.
          Amended on (3 Fenruary, 2020).

        • AML 8.1.2 AML 8.1.2

          (1) A Relevant Person must also apply CDD measures to each existing customer under Rules 8.3.1, 8.4.1 or 8.5.1 as applicable:
          (a) with a frequency appropriate to the outcome of the risk-based approach in relation to each customer; and
          (b) when the Relevant Person becomes aware that any of circumstances relevant to its risk assessment for a customer has changed.
          (2) For the purposes of 8.1.2(1), in determining when it is appropriate to apply CDD measures in relation to existing customers, a Relevant Person must take into account, amongst other things:
          (a) any indication that the identity of the customer, or the customer's Beneficial Owners, has changed;
          (b) any Transactions that are not reasonably consistent with the Relevant Person's knowledge of the customer;
          (c) any change in the purpose or intended nature of the Relevant Person's relationship with the customer; or
          (d) any other matter that might affect the Relevant Person's risk assessment of the customer.
          Amended on (15 April, 2019).

          • Guidance

            1. A Relevant Person should undertake appropriate CDD in a manner proportionate to the customer's money laundering risks. This means that all customers are subject to CDD under Rule 8.3.1. However, for high-risk customers, additional Enhanced Customer Due Diligence measures should also be undertaken under Rule 8.4.1. For customers having a low-risk rating, the requirements under Rule 8.3.1 may be modified according to the assessed risk, in accordance with Rule 8.5.1.
            2. The frequency for undertaking CDD for existing customers will be determined by the risk rating assigned to a particular customer. The Regulator expects that customers rated high risk for money laundering should be reviewed more frequently than customers rated lower risk for money laundering.
            Added on (15 April, 2019).

        • AML 8.1.3 AML 8.1.3

          (1) A Relevant Person must:
          (a) undertake periodic reviews to ensure that the information and documentation concerning a Customer's identity remains appropriate, accurate and up-to-date; and
          (b) conduct on-going due diligence on its business relationship with, and ongoing scrutiny of Transactions undertaken by, a Customer throughout the course of the relationship.
          (2) If, at any time, a Relevant Person becomes aware that it lacks sufficient information or documentation concerning a Customer's identification, or develops a concern about the accuracy of its current information or documentation, it must promptly obtain appropriate material to verify the Customer's identity.

          • Guidance

            1. A Relevant Person should undertake CDD in a manner proportionate to the Customer's money laundering risks identified under Rule 7.2.1(1). This means that all Customers are subject to CDD under Rule 8.3.1. However, for high-risk Customers, additional Enhanced Customer Due Diligence measures should also be undertaken under Rule 8.4.1. For low-risk Customers, Rule 8.3.1 may be modified according to the risks in accordance with Rule 8.5.1.
            2. Subject to the exception for Simplified Customer Due Diligence, in establishing and verifying a Customer's true identity, a Relevant Person must obtain sufficient and satisfactory evidence of that identity, having considered its risk assessment in respect of the Customer and a Relevant Person must update, as appropriate, any Customer identification policies, procedures, systems and controls.
            3. Subject to the exception for Simplified Customer Due Diligence, whenever a Relevant Person comes into contact with a Customer with or for whom it acts or proposes to act, it must establish whether the Customer is acting on his own behalf or on behalf of another Person, and a Relevant Person must establish and verify the identity of both the Customer and any other Person on whose behalf the Customer is acting, including that of the Beneficial Owner of the relevant funds, which may be the subject of a Transaction to be considered, and must obtain sufficient and satisfactory evidence of their identities. A Relevant Person should obtain a statement from a prospective Customer to the effect that he is, or is not, acting on his own behalf. In cases where the Customer is acting on behalf of third parties, it is recommended that the Relevant Person obtain a written statement, confirming the statement made by the Customer, from the parties, including the Beneficial Owner.
            4. An institution falls within Rule 8.1.1(2)(c) if it is:
            a. a Credit Institution or other Financial Institution whose entire operations are subject to regulation, including AML, by:
            i. a Non-ADGM Financial Services Regulator in a FATF country; or
            ii. another relevant authority in a FATF country; or
            iii. is publically listed in or outside of ADGM; or
            b. a Subsidiary of a Credit Institution or other Financial Institution referred to in a., provided that the Parent Credit Institution or other Financial Institution ensures that the Subsidiary also observes the same provisions.
            5. A Relevant Person must take reasonable steps to determine whether or not a Customer falls within the exceptions under Rule 8.1.2(3), and, if applicable, must keep records of the basis on which a Customer was considered to fall within an exception.
            6. A Relevant Person is required to be satisfied that a prospective Customer is who he claims to be and to obtain evidence to prove this. "Know Your Customer" and knowing the Persons with or for whom the Customer acts or proposes to act, consists of several aspects:
            a. personal details: a Relevant Person should obtain and verify details which include the true full name or names used and the current permanent address;
            b. the nature and level of business to be conducted: a Relevant Person should ensure that sufficient information is obtained regarding the nature of the business that the Customer expects to undertake, and any expected or predictable pattern of Transactions. This information should include the purpose and reason for opening the account or establishing the business relationship, the anticipated level and nature of the activity that is to be undertaken and the various relationships of signatories to the account and the underlying Beneficial Owners;
            c. the origin of funds: a Relevant Person should identify how all payments were made, from where and by whom. All payments should be recorded to provide an audit trail; and
            d. the Source of Wealth: a Relevant Person should establish a Source of Wealth or income, including how the funds were acquired, to assess whether the actual Transaction pattern is consistent with the expected Transaction pattern and whether this constitutes any grounds for suspicion of money laundering.
            7. It is important for a Relevant Person to obtain such information because this process should allow the risk of being exploited for the purpose of money laundering to be reduced to a minimum. It should also enable suspicious Transactions to be detected because they are incompatible with the information received.
            8. Any unusual facts of which a Relevant Person becomes aware during the identification process may be an indication of money laundering and should prompt the Relevant Person to request supplementary information and evidence.
            9. The Regulator expects a Relevant Person to establish the full identity of all relevant parties to the business relationship. Further, a Relevant Person should apply adequate measures to enable it to understand the relationship between the counterparties involved. The following list includes some identification checks for particular relationships:
            a. joint account holders and joint applicants: identification should be performed and evidence obtained for all applicants and account holders;
            b. pooled accounts which are managed by professional intermediaries such as mutual funds, pension funds, money funds, lawyers and stockbrokers on behalf of entities or other Persons: all Beneficial Owners of the account held by the intermediary should be identified;
            c. power of attorney: identification and evidence should be obtained for the applicants and account holders as well as for the holder of the power of attorney; and
            d. minors: an account for a minor should be opened by a family member or guardian whose identification evidence should be obtained in addition to the birth certificate or passport of the minor.

      • AML 8.2 AML 8.2 Timing of Customer Due Diligence

        • AML 8.2.1 AML 8.2.1

          (1) For a Relevant Person that is an Authorised Person or Recognised Body:
          (a) the appropriate CDD obligations must, subject to (1)(b), must be fulfilled before the Relevant Person undertakes any Transaction on behalf of the customer or when undertaking an occasional transaction under 8.1.1(1)(b).
          (b) the Relevant Person does not have to fulfil the verification of the identity of a customer and Beneficial Owners obligations under the AML Rules before undertaking a Transaction for a customer or occasional transaction where it has, on reasonable grounds, established that:
          (i) there is little risk of money laundering and that risk is effectively managed; and
          (ii) doing so would interrupt or delay the normal course of business in respect of effecting the Transaction.
          (2) (a) A Relevant Person that is a DNFBP must fulfil the appropriate CDD obligations before the Relevant Person prepares for or carries out a Transaction or provision of a service in Rule 8.1.1(2) (a), (d), (e) or (f).
          (b) A Relevant Person that is a DNFBP as a result of carrying on one or more of the business activities referred to in Rule 8.1.1(2) (b) or (c) must fulfil the appropriate CDD obligations before the Relevant Person prepares for or carries out a transaction in cash that amounts to USD 15,000 or more, whether in a single operation or several operations that are or appear to be linked.
          (3) The Relevant Person does not have to fulfil the verification of the identity of a customer and Beneficial Owners obligations under the AML Rules preparing for or carrying out a Transaction for its customer concerning those business activities referred to in Rule 8.1.1(2) where it has, on reasonable grounds, established that:
          (i) there is little risk of money laundering and that risk is effectively managed; and
          (ii) doing so would interrupt or delay the normal course of business in respect of effecting the Transaction.
          (4) A Relevant Person that has relied on Rule 8.2.1(1)(b) or 8.2.1(3) must fulfil its CDD obligations as soon as practicable after effecting the Transaction.
          (5) Where the Relevant Person, having relied on Rule 8.2.1(1)(b) or 8.2.1(3) is unable to complete the verification of the identity of a customer and any Beneficial Owners, within thirty days of effecting a Transaction or occasional transaction it must:
          (a) consider the circumstances and determine whether to make an internal Suspicious Activity Report to the MLRO;
          (b) where it has determined that it is unnecessary to make such a report, return to the customer any monies associated with the Transaction or occasional transaction, excluding any reasonable costs incurred by the Relevant Person;
          (c) where it has determined that it is necessary to make such a report, not return any monies or provide any Investments to the customer, unless instructed to do so by the MLRO and otherwise act in accordance with instructions issued by the MLRO; and
          (d) not establish any further business relationship with that customer until the verification process has been completed for that customer in accordance with these Rules.
          Amended on (15 April, 2019).

          • Guidance

            1. For the purposes of Rule 8.2.1(2)(a), examples of situations which might lead a Relevant Person to have doubts about the veracity or adequacy of documents, data or information previously obtained could be where there is a suspicion of money laundering in relation to that Customer, where there is a material change in the way that the Customer's account is operated which is not consistent with the Customer's business profile, or where it appears to the Relevant Person that a Person other than the Customer is the real Customer.
            2. In Rule 8.2.1(3)(a), situations that the Relevant Person may take into account include, for example, accepting subscription monies during a short offer period or executing a time critical Transaction which, if not executed immediately, would or may cause a Customer to incur a financial loss due to price movement or loss of opportunity or when a Customer seeks immediate insurance cover.
            3. When complying with Rule 8.2.1, a Relevant Person should also, where relevant, consider Rule 8.7.1 regarding failure to conduct or complete CDD and Chapter 14 regarding Suspicious Activity Reports and tipping off.
            4. For the purposes of Rule 8.2.1(3)(d), the Regulator considers that in most situations as soon as reasonably practicable would be within 30 days after the establishment of a business relationship. However, it will depend on the nature of the Customer business relationship.

        • AML 8.2.2 AML 8.2.2

          (1) A Relevant Person must ensure that its Anti-Money Laundering systems and controls referred to in Rule 6.2.1 include risk management policies and procedures concerning the conditions under which business relationships may be established with a customer before completing verification of the identity of a customer and Beneficial Owners.
          Added on (15 April, 2019).

          • Guidance

            1. Examples of situations that might lead a Relevant Person to have doubts about the veracity or adequacy of documents, data or information previously obtained might be where: there is a suspicion of money laundering in relation to that customer; there is a material change in the way that the customer's account is operated which is not consistent with the customer's business profile; or it appears to the Relevant Person that a Person other than the nominal customer is the real customer.
            2. Situations that the Relevant Person may take into account include, for example, accepting subscription monies during a short offer period or executing a time critical Transaction which, if not executed immediately, would or may cause a customer to incur a financial loss due to price movement or loss of opportunity or when a customer seeks immediate insurance cover.
            3. When complying with Rule 8.2.1, a Relevant Person should also, where relevant, consider Rule 8.7.1 regarding failure to conduct or complete CDD and Chapter 14 regarding Suspicious Activity Reports and tipping off.
            Added on (15 April, 2019).

      • AML 8.3 AML 8.3 Customer Due Diligence requirements

        • AML 8.3.1

          (1) In undertaking CDD a Relevant Person must:
          (a) identify the customer and verify the customer's identity including identification and verification of the identify of any Person purporting to act on behalf of the customer;
          (b) identify all the Beneficial Owners and take reasonable measures to verify the identity of the Beneficial Owners, such that the Relevant Person is satisfied that it knows who the Beneficial Owners are;
          (c) assess and understand and, as appropriate, obtain information on the purpose and intended nature of the business relationship; and
          (d) conduct on-going due diligence of the business relationship as required under Rule 8.6.1.
          (2) In addition to complying with (a), for life insurance or other similar policies a Relevant Person must:
          (a) record the names of any beneficiaries named in the policy;
          (b) verify the identity of all Persons in all classes of beneficiary when a payout of the policy is due;
          (c) undertake the measures referred to in (a) and (b) as soon as the beneficiary of the policy is identified or designated; and
          (d) verify the identity of beneficiaries and any Beneficial Owners of a beneficiary before it makes a payout under the policy.
          (3) A Relevant Person must have systems and controls in place and take reasonable measures to determine whether:
          (a) a customer,
          (b) any Beneficial Owners of the customer; or
          (c) for a life insurance or other similar policy, any beneficiary of the policy, or any Beneficial Owners of a beneficiary;
          is a PEP.
          (4) If a PEP is identified under (3), then the Relevant Person must, in addition to CDD under 8.3.1, undertake Enhanced CDD under 8.4.1.
          Amended on (15 April, 2019).

        • AML 8.3.2 AML 8.3.2

          (1) For the purposes of Rule 8.3.1(1)(a), a Relevant Person must identify a customer and verify the customer's identity in accordance with this Rule.
          (2) If a customer is a natural person, a Relevant Person must obtain and verify information about the person's:
          (a) full name (including any alias);
          (b) date of birth;
          (c) nationality;
          (d) legal domicile; and
          (e) current residential address (other than a post office box).
          (3) If a customer is a Body Corporate, the Relevant Person must obtain and verify:
          (a) the full name of the Body Corporate and any trading name;
          (b) the address of its registered office and, if different, its principal place of business;
          (c) the date and place of incorporation or registration;
          (d) relevant corporate documents of the customer; and
          (e) the full names of the members of its Governing Body and persons exercising a senior management position.
          (4) If a customer is a foundation, the Relevant Person must obtain and verify:
          (a) a certified copy of the charter and by-laws of the foundation or any other documents constituting the foundation; and
          (b) documentary evidence of the appointment of the guardian or any other person who may exercise powers in respect of the foundation.
          (5) If a customer is a trust or other similar Legal Arrangement, the Relevant Person must obtain and verify:
          (a) a certified copy of the trust deed or other documents that set out the nature, purpose and terms of the trust or arrangement; and
          (b) documentary evidence of the appointment of the trustee or any other person exercising powers under the trust or arrangement.
          Amended on (15 April, 2019).

          • Guidance on CDD

            1. The information required under 8.3.2(2)(a) and (b) should be obtained through a first-hand inspection of an original current, valid passport or, where a customer does not own a passport, an official identification document which includes a photograph.
            2. A Relevant Person should ensure that any documents used for the purpose of identification are original documents.
            3. Where personal identity documents, such as a passport, ID card or other identification documentation cannot be obtained in original form, for example because a Relevant Person has no physical contact with the Customer, the identification documentation provided should be certified as a true copy of the original document by any one of the following:
            a. a registered lawyer;
            b. a registered notary;
            c. a chartered accountant;
            d. a government ministry;
            e. a post office;
            f. a police officer; or
            g. an embassy or consulate.
            The individual or authority undertaking the certification should be contactable if necessary.
            Where a copy of an original identification document is made by a Relevant Person, the copy should be dated, signed and marked with 'original sighted'.
            Amended on (15 April, 2019).

        • AML 8.3.3 AML 8.3.3

          (1) For the purposes of Rule 8.3.1(1)(b), and subject to (4), a Relevant Person must identify the Beneficial Owners of a Body Corporate in accordance with this Rule.
          (2) The Relevant Person must identify any natural person who:
          (a) owns or controls (in each case whether directly or indirectly) 25% or more of the shares or voting rights in the Body Corporate; or
          (b) controls the Body Corporate.
          (c) exercises ultimate control over the management of the Body Corporate.
          (3) For the purposes of (2)(b), a natural person controls a Body Corporate if such person:
          (a) holds, directly or indirectly:
          (i) 25% or more of the Body Corporate's shares;
          (ii) 25% or more of the voting rights in the Body Corporate; or
          (iii) the right to appoint or remove a majority of the board of directors of the Body Corporate; or
          (b) has the right to exercise, or actually exercises, significant influence or control over the Body Corporate.
          (4) A Relevant Person is not required to comply with Rule 8.3.1(1)(b) if the customer is:
          (a) a Listed Body Corporate; or
          (b) a Body Corporate that is wholly-owned by the Federal Government of the United Arab Emirates, or by any of the governments of the member Emirates of the United Arab Emirates; or
          (c) a Body Corporate created by Emiri decree within the United Arab Emirates.
          Amended on (15 April, 2019).

          • Individuals

            2. A Relevant Person should, in complying with Rule 8.3.1(1)(a), and adopting the RBA, obtain, verify and record, for every Customer who is a Natural Person, the following identification information in either documentary (hard copy) or electronic form:
            a. true full name (or names) used;
            b. date and place of birth;
            c. nationality;
            d. complete current permanent address, including all relevant details with regard to country of residence; and
            e. telephone and email address.
            3. Items 2a. to 2c. above should be obtained by sighting a current valid passport or, where a Customer does not own a passport, an official identification document which includes a photograph.
            4. The following additional information may be requested depending on the facts and the nature and size of the transaction or the business relationship:
            a. occupation or profession, name of employer and location of activity;
            b. information regarding the nature of the business to be conducted;
            c. information regarding the origin of the funds;
            d. legal domicile or fiscal residence; and
            e. information regarding the Source of Wealth or income.
            5. The concept of domicile referred to at item 4d. above generally refers to the place which a Person regards as his permanent home and with which he has the closest ties or which is his place of origin.
            6. The address of a prospective Customer should enable a Relevant Person to physically locate the Customer. If P.O. Box numbers are customary to a country, additional methods of physically locating the Customer should be applied.
            7. Documentary evidence of identity:
            a. current, signed passport;
            b. current, signed ID card; or
            c. other identification documentation that is customary in the country of residence, such as a driving licence, including a clear photograph of the prospective Customer.
            8. A Relevant Person should ensure that any documents used for the purpose of identification are original documents.
            9. Where personal identity documents, such as a passport, ID card or other identification documentation cannot be obtained in original form, for example because a Relevant Person has no physical contact with the Customer, the identification documentation provided should be certified as a true copy of the original document by any one of the following:
            a. a registered lawyer;
            b. a registered notary;
            c. a chartered accountant;
            d. a government ministry;
            e. a post office;
            f. a police officer; or
            g. an embassy or consulate.
            The individual or authority undertaking the certification should be contactable if necessary.

            Where a copy of an original identification document is made by a Relevant Person, the copy should be dated, signed and marked with 'original sighted'.
            10. Documentary evidence of address:
            a. record of home visit;
            b. confirmation from an electoral register search that a Person of such a name lives at that address;
            c. tenancy agreement;
            d. utility bill; or
            e. local authority tax bill.

          • Unincorporated businesses or partnerships

            11. Evidence to be obtained in either documentary or electronic form:
            a. true full name or names;
            b. complete current registered and trading address, including relevant details with regard to country of establishment;
            c. telephone number and email address;
            d. fiscal residence;
            e. business activity;
            f. information on the nature of the business to be conducted;
            g. trading licence, with renewal date;
            h. a list of authorised signatories of the business or partnership;
            i. regulatory body, if applicable;
            j. information regarding the origin of funds; and
            k. information regarding the Source of Wealth/income.
            12. Documentary evidence of identity:
            a. the latest annual report and accounts, audited where applicable; and
            b. a certified copy of the partnership deed, to ensure that it has a legitimate purpose and to ascertain the nature of the business or partnership.
            13. Evidence of the trading address of the business or partnership should be obtained and may be verified with a visit to the place of business.

          • Guidance on Restricted Scope Companies

            14. The Restricted Scope Company is a corporate vehicle offering a greater degree of confidentiality than other forms of corporate entity in ADGM. Restricted Scope Companies are not required to file accounts and are not required to audit their accounts. Restricted Scope Companies must file an annual return, articles, and details of their registered offices, directors and secretary (if they have one) with the Registrar.
            15. Relevant Persons will know that the Restricted Scope Company is subject to less onerous corporate disclosure requirements than other forms of corporate entity due to the requirement to have "(Restricted)" in the company's name. Given that only a Restricted Scope Company's constitution and details of its registered office will be available in a public register, Relevant Persons will be required to have a bilateral dialogue with the Restricted Scope Company in accordance with the RBA to obtain any other relevant information which is needed to assess the money laundering risks to which it is exposed.
            16. Evidence to be obtained in either documentary or electronic form:
            a. true full name or names;
            b. registered address;
            c. telephone number and email address;
            d. fiscal residence;
            e. business activity;
            f. information regarding the origin of funds;
            g. information regarding the Source of Wealth/income; and
            h. the latest annual report and accounts, audited where applicable.

          • Corporate entities including Financial Institutions or Credit Institutions that are not covered by an exemption, including Financial Institutions or Credit Institutions that are not regulated by the Regulator or regulated in a FATF country

            17. Evidence to be obtained in either documentary or electronic form:
            a. registered corporate name and any trading names used;
            b. complete current registered address and any separate principal trading addresses, including all relevant details with regard to country of residence;
            c. telephone number and email address;
            d. date and place of incorporation;
            e. corporate registration number;
            f. fiscal residence;
            g. business activity;
            h. regulatory body, if applicable;
            i. name and address of Group, if applicable;
            j. legal form;
            k. name of external auditor;
            l. information regarding the nature and level of the business to be conducted;
            m. information regarding the origin of the funds; and
            n. information regarding the Source of Wealth/income.
            18. Documentary evidence of identity:
            a. copy of the extract of the register of the regulator or exchange, or state law or edict creating the entity, in case of regulated, listed or state-owned companies;
            b. certified copy of the articles of association or statutes;
            c. certified copy of either the certificate of incorporation or the trade register entry and the trading licence, including the renewal date;
            d. latest annual report, audited and published if applicable;
            e. certified copies of the list of authorised signatories specifying who is authorised to act on behalf of the Customer account and of the board resolution authorising the signatories to operate the account;
            f. certified copies of the identification documentation of the authorised signatories;
            g. names, country of residence, nationality of Directors or partners and of the members of the Governing Body; and
            h. list of the main shareholders holding more than 5% of the issued capital.
            19. If the applying Customer is not obliged to publish an audited annual report, adequate information about the financial accounts should be obtained.
            20. A Relevant Person should verify that the applying Customer is active and has not been, or is not in the process of being dissolved, wound-up or terminated.

          • Trusts, nominees and fiduciaries

            21. In addition to the identification documentation listed under 'corporate entities' (Paragraphs 17 to 20 above), the following information and documentation should be obtained:
            a. identity of any settlor, the trustee and any principal controller who has the power to remove the trustee, as well as the identity of the Beneficial Owner;
            b. a certified copy of the trust deed, to ascertain the nature and purpose of the trust; and
            c. documentary evidence of the appointment of the current trustees.
            22. A Relevant Person should ensure that it is advised about any changes concerning the individuals who have control over the funds, and concerning the Beneficial Owners.
            23. Where a trustee, principal controller or Beneficial Owner who has been identified is about to be replaced, the identity of the new trustee, principal controller or Beneficial Owner should be verified before they are allowed to exercise control over the funds.

          • Authorised Persons and Recognised Bodies regulated by the Regulator or Financial Institutions or Credit Institutions regulated in a FATF country

            24. Pursuant to the exception under Simplified Customer Due Diligence, identification evidence is generally not required for Customers of a firm who are themselves Authorised Persons, Auditors, Recognised Clearing Houses or Recognised Investment Exchanges registered or regulated by the Regulator or are Financial Institutions or Credit Institutions regulated by any FATF country's relevant Non-ADGM Financial Services Regulator or other relevant regulatory authority or regulator.
            25. However, the confirmation of the existence of such a relevant firm or institution and its regulatory status, including the application of AML applying in the ADGM or equivalent AML provisions, should be verified by the Relevant Person prior to entering into a Customer relationship. Regular professional and commercial checks and due diligence investigations should still be performed. The Relevant Person should verify the regulatory status of the firm or institution by one of the following means:
            a. requesting confirmation from the relevant Non-ADGM Financial Services Regulator or other relevant regulatory authority, regulator, body, or home country Central Bank; or
            b. requesting a certified copy of a relevant licence or authorisation to conduct financial or banking business from the firm or institution.

          • Clubs, cooperative, charitable, social or professional societies

            26. A Relevant Person should take steps to satisfy itself as to the legitimate purpose of clubs and societies by, for example, obtaining a certified copy of the constitution of the organisation.
            27. The identity of the principal signatories and controllers should be verified in accordance with the requirements for private individuals. The capacity of the signatories to act on behalf of the club or society and the identity of Beneficial Owners of the funds should be established and verified.
            28. A Relevant Person should consider the following items while completing the Customer identification requirements for a Client which is a charitable society:
            a. whether the charity is licensed or permitted by a regulatory authority, regulator or government entity in its home country. (Note: charities in the U.A.E. are required to obtain from the U.A.E. Minister of Labour and Social Affairs a certificate which confirms their identity, permits them to open bank accounts and states whether they are permitted to collect donations and make financial transfers outside the U.A.E. through such bank accounts);
            b. the type and quality of regulation to which the charity is subject in its home state;
            c. the structure and overall character of management and trustees;
            d. whether the charity allows donors to specify beneficiaries. If yes, then it would be prudent to ensure that such charities are closely regulated;
            e. the pattern of beneficiaries: a small number of targeted beneficiaries could indicate potential risks;
            f. whether the charity and its functioning is dominated by a few large donors and the pattern of donors; and
            g. whether it is a private foundation as, if it is, it is more likely to be dominated by a single donor and linked to a small number of beneficiaries which will necessitate scrutiny of both the donor and the beneficiaries.
            29. The Regulator may, from time to time:
            a. review the relevant guidance in light of changing money laundering legislation issued by the U.A.E. Central Bank, money laundering trends and techniques and according to international standards, in order to keep the guidance current; and
            b. provide such other guidance as it deems appropriate regarding Customer identification obligations.
            30. The Regulator expects that a Relevant Person will take these changes into account by amending, as appropriate, its policies, procedures, systems and controls.
            31. Sound "Know Your Customer" arrangements have particular relevance to the safety and soundness of a Relevant Person, in that:
            a. they help to protect its reputation and the integrity of the ADGM by reducing the likelihood of Relevant Persons becoming a vehicle for, or a victim of, financial crime and suffering consequential reputational damage; and
            b. they constitute an essential part of sound risk management, for example by providing the basis for identifying, limiting and controlling risk exposures to assets and liabilities, including assets under management.

          • Risk-Based Approach

            32. Any inadequacy of "Know Your Customer" standards can expose Relevant Persons to serious business operation and control risks.
            33. In complying with Rule 8.3.1(1)(a), a Relevant Person should adopt an RBA for the Customer identification and verification process. Depending on the money laundering risk assessment regarding the Relevant Person's Customer, the Relevant Person should decide to what level of detail the Customer identification and verification process will need to be performed. The risk assessment regarding a Customer should be recorded in the Customer file.
            34. The RBA does not release a Relevant Person from its overall obligation to identify fully and obtain evidence of Customer identification to the Regulator's satisfaction.
            35. A Relevant Person is advised that in cases of doubt it should adopt a stricter rather than a moderate approach in its judgement concerning the risk level and the level of detail to which Customer identification is performed and evidence obtained.

          • No Original Documents

            36. In complying with Rule 8.3.1(1)(a), it may not always be possible to obtain original documents. Where identification documents cannot be obtained in original form, for example because a Relevant Person has no physical contact with the Customer, the Relevant Person should obtain a copy certified as a true copy by a Person of good standing such as a registered lawyer or notary, a chartered accountant, a bank manager, a police officer, an Employee of the Person's embassy or consulate, or other similar Person. The Regulator considers that downloading publicly-available information from an official source (such as a regulator's or other official government website) is sufficient to satisfy the requirements of Rule 8.3.1(1)(a). The Regulator also considers that CDD information and research obtained from a reputable company or information-reporting agency may also be acceptable as a reliable and independent source as would banking references and, on a risk-sensitive basis, information obtained from researching reliable and independent public information found on the internet or on commercial databases.
            37. For higher risk situations the Regulator would expect identification information to be independently verified, using both public and non-public sources. For lower risk situations, not all of the relevant identification information would need to be verified.
            38. In complying with Rule 8.3.1(1)(b) and (c), a Relevant Person is required to "understand" a Customer's Source of Funds and wealth. This would mean obtaining information from the Customer or from a publicly-available source on the Source of Funds and wealth. For a public company, this might be achieved by looking at their published accounts. For a natural or Legal Person, this might involve including a question on Source of Funds and wealth in an application form or Client questionnaire. Understanding a Customer's Source of Funds and wealth is also important for the purposes of undertaking on-going due diligence under Rule 8.3.1(1)(d).
            39. An insurance policy which is similar to a life policy would include life-related protection, or a pension, or investment product which pays out to the policy holder or beneficiary upon a particular event occurring or upon redemption.

          • Guidance on verification of Beneficial Owner

            40. In determining whether an individual meets the definition of a Beneficial Owner or controller, regard should be had to all the circumstances of the case, in particular the size of an individual's legal or beneficial ownership in a Transaction. The question of what is a "small" ownership interest for the purposes of the definition of a Beneficial Owner will depend on the individual circumstances of the Customer. The Regulator considers that the question of whether an ownership interest is small should be considered in the context of the Relevant Person's knowledge of the Customer and the Customer risk assessment and the risk of money laundering.
            41. When verifying Beneficial Owners under Rule 8.3.1(1)(a), a Relevant Person is expected to adopt a substantive (as opposed to form over substance) approach to CDD for Legal Persons. Adopting a substantive approach means focusing on the money laundering risks of the Customer and the product/service and avoiding an approach which focuses purely on the legal form of an arrangement or sets fixed percentages at which Beneficial Owners are identified (or not). It should take all reasonable steps to establish and understand a corporate Customer's legal ownership and control and to identify the Beneficial Owner. The Regulator does not set explicit ownership or control thresholds in defining the Beneficial Owner because the Regulator considers that the applicable threshold to adopt will ultimately depend on the risks associated with the Customer, and so the Regulator expects a Relevant Person to adopt the RBA and justify on reasonable grounds an approach which is proportionate to the risks identified. A Relevant Person should not set fixed thresholds for identifying the Beneficial Owner without objective and documented justification as required by Rule 5.1.1. An overly formal approach to defining the Beneficial Owner may result in a criminal "gaming" the system by always keeping his financial interest below the relevant threshold.
            42. The Regulator considers that in some circumstances no threshold should be used when identifying Beneficial Owners because it may be important to identify all underlying Beneficial Owners in order to ensure that they are not associated or connected in some way. This may be appropriate where there are a small number of investors in an account or fund, each with a significant financial holding and the Customer-specific risks are higher. However, where the Customer-specific risks are lower, a threshold can be appropriate. For example, for a low-risk corporate Customer combined with a lower-risk product or service, a percentage threshold may be appropriate for identifying "control" of the Legal Person for the purposes of the definition of a Beneficial Owner.
            43. For a retail investment fund which is widely-held and where the investors invest via pension contributions, the Regulator would not expect the manager of the fund to look through to any underlying investors where there are none with any material control or ownership levels in the fund. However, for a closely-held fund with a small number of investors, each with a large shareholding or other interest, the Regulator would expect a Relevant Person to identify and verify each of the Beneficial Owners, depending on the risks identified as part of its risk-based assessment of the Customer. For a corporate health policy with defined benefits, the Regulator would not expect a Relevant Person to identify the Beneficial Owners.
            44. Where a Relevant Person carries out identification and verification in respect of actual and potential Beneficial Owners of a trust, this should include the trustee, the settlor, the protector, the enforcer, the beneficiaries, other Persons with power to appoint or remove a trustee and any Person entitled to receive a distribution, whether or not such Person is a named beneficiary.

          • Guidance on Politically Exposed Persons and corruption

            45. Individuals who have, or have had, a high political profile, or hold, or have held, public office, can pose a higher money laundering risk to a Relevant Person as their position may make them vulnerable to corruption. This risk also extends to members of their families and to known close associates. PEP status itself does not, of course, incriminate individuals or entities. It does, however, put the Customer into a higher risk category.
            46. Generally, a foreign PEP presents a higher risk of money laundering because there is a greater risk that such Person, if he were committing money laundering, would attempt to place his money offshore where he is less likely to be recognised as a PEP and where it would be more difficult for law enforcement agencies in his home jurisdiction to confiscate or freeze his criminal property.
            47. Due diligence to uncover information about PEPs can be time consuming and difficult, requiring close fact checking of the names, dates of birth, photographs and identification numbers of individuals against reputable PEP lists. However, despite the development of such lists by certain vendors, as well as the United Nations' compilation of a list of heads of states which fall within the FATF definition of PEPs, there is no "official" centralised global PEP list. It is therefore left to each Relevant Person to determine whether they would like to internally develop their own database or list of PEPs as a due diligence tool.
            48. Where a Customer relationship is maintained with a PEP, detailed monitoring and due diligence procedures should include:
            a. analysis of any complex structures, for example involving trusts or multiple jurisdictions;
            b. appropriate measures to establish the Source of Wealth;
            c. development of a profile of expected activity for the business relationship in order to provide a basis for Transaction and account monitoring;
            d. initial screening and due diligence prior to the account opening;
            e. Senior Management approval for the account opening;
            f. regular oversight of the relationship with a PEP by Senior Management; and
            g. ongoing and periodical screening of accounts opened by PEPs.
            49. A Relevant Person is advised that Customer relationships with family members or close associates of PEPs involve similar risks to those with PEPs themselves.
            50. Corruption-related money laundering risk increases when a Relevant Person deals with a PEP. Corruption may involve serious crimes and has become the subject of increasing global concern. Corruption offences are predicate crimes under Federal Law No. 4 of 2002.
            51. The Regulator considers that after leaving office a PEP may remain a higher risk for money laundering if such Person continues to exert political influence or otherwise pose a risk of corruption.

          • Guidance on Insurers

            52. With regard to Insurers, the following "Know Your Customer" verification and identification set out in this section should be taken into account.
            53. An Insurer undertaking verification should establish to its satisfaction that every verification subject exists. All verification subjects of joining applicants for Insurance Business should normally be verified. In the case of arrangements such as trusts, nominee companies and front companies, verification should include an assessment of the substance of the arrangement, for example in relation to settlors, trustees and beneficiaries.
            54. An Insurer should carry out verification in respect of the parties entering into the Contract of Insurance. On some occasions there may be underlying principals and, if this is the case, the true nature of the relationship between principals and the policyholders should be established and appropriate enquiries performed about the former, especially if the policyholders are accustomed to acting on their instructions. 'Principal' should be understood in its widest sense to include, for example, Beneficial Owners, settlors, controlling shareholders, Directors and major beneficiaries.

          • Guidance on electronic money

            55. The following factors will increase the risk of electronic money products being used for money laundering or terrorist financing:
            a. high, or no, Transaction or purse limits: the higher the value and frequency of Transactions, and the higher the purse limit, the greater the risk, particularly where Customers are permitted to hold multiple purses;
            b. frequent cross-border Transactions, unless within a single scheme, can give rise to difficulties with information sharing: dependence on counterparty systems increases the risk;
            c. funding of purses by unverified parties presents a higher risk of money laundering, whether it is the Customer who is unverified or a third party;
            d. funding of purses using cash offers little or no audit trail of the source of the funds and hence presents a higher risk of money laundering;
            e. funding of purses using electronic money products that have not been verified may present a higher risk of money laundering;
            f. the non-face-to-face nature of many products gives rise to increased risk;
            g. the ability of consumers to hold multiple purses (for example, open multiple accounts or purchase a number of cards) without verification of identity increases the risk;
            h. cash access, for example by way of ATMs, as well as an allowance for the payment of refunds in cash for purchases made using electronic money, will increase the risk;
            i. increased product functionality may, in some instances, give rise to a higher risk of money laundering (product functionality includes Person-to-business, Person-to-Person, and business-to-business transfers);
            j. products that feature multiple cards linked to the same account increase the utility provided to the user, but may also increase the risk of money laundering, particularly where the Customer is able to pass on linked 'partner' cards to anonymous third parties;
            k. segmentation of the business value chain, including use of multiple agents and outsourcing, in particular to overseas locations, may give rise to a higher risk; and
            l. the technology adopted by the product may give rise to specific risks that should be assessed.
            56. Electronic money issuers should address the risks that are inherent in payments in a similar manner to other retail products: by putting in place systems and controls that prevent money laundering and terrorist financing by detecting unusual Transactions and predetermined patterns of activity.
            57. The systems and controls electronic money issuers put in place must be commensurate with the money laundering and terrorist financing risk to which they are exposed. The detail of electronic money issuers' systems and controls will therefore vary. Examples include those that:
            a. place limits on purse storage values, cumulative turnover or amounts transacted;
            b. can detect money laundering Transaction patterns;
            c. will detect anomalies to normal Transaction patterns;
            d. can identify multiple purses held by a single individual or group of individuals, such as the holding of multiple accounts or the 'stockpiling' of pre-paid cards;
            e. can look for indicators of accounts being opened with different electronic money issuers as well as attempts to pool funds from different sources;
            f. can identify discrepancies between submitted and detected information, for example between country of origin submitted information and the electronically-detected IP address;
            g. deploy sufficient resources to address money laundering risks, including, where necessary, specialist expertise for the detection of suspicious activity;
            h. allow collaboration with merchants that accept electronic money to identify and prevent suspicious activity; and
            i. restrict funding of electronic money products to funds drawn on accounts held in the ADGM.

        • AML 8.3.4

          (1) For the purposes of Rule 8.3.1(1)(b), a Relevant Person must identify the Beneficial Owners of a Partnership in accordance with this Rule.
          (2) The Relevant Person must identify any natural person who:
          (a) ultimately is entitled to or controls (in each case whether directly or indirectly) a 25% or more share of the capital or profits of the Partnership or 25% or more of the voting rights in the Partnership; or
          (b) otherwise exercises ultimate control over the management of the Partnership.
          Added on (15 April, 2019).

        • AML 8.3.5

          (1) For the purposes of Rule 8.3.1(1)(b), a Relevant Person must identify the Beneficial Owners of a customer that is a trustee of a trust or an equivalent position in respect of a similar Legal Arrangement in accordance with this Rule.
          (2) The Relevant Person must identify:
          (a) the settlor of the trust;
          (b) any other trustee(s) aside from the customer;
          (c) each beneficiary of the trust;
          (d) where the persons (or some of the persons) benefiting from the trust have not been determined, the class of persons in whose main interest, in the opinion of the Registrar, the trust has been established or operates; and
          (e) any natural person who has control over the trust.
          (3) For the purposes of (2)(e),"control" means a power (whether exercisable alone, jointly with another person or with the consent of another person) under the trust instrument or by law to:
          (a) dispose of, advance, lend, invest, pay or apply trust property;
          (b) vary or terminate the trust;
          (c) add or remove a person as a beneficiary to or from a class of beneficiaries;
          (d) appoint or remove trustees or give another person control over the trust; and
          (e) direct, withhold consent to or veto the exercise of a power mentioned in sub-paragraphs (a) to (d).
          (4) Where any of the persons identified under (2)(a) to (e) are fulfilled by a Body Corporate or Partnership, the Relevant Person must identify the Beneficial Owners of Body Corporate or Partnership in accordance with Rule 8.3.3 and Rule 8.3.4.
          Added on (15 April, 2019).

        • AML 8.3.6 AML 8.3.6

          (1) For the purposes of Rule 8.3.1(1)(b), a Relevant Person must identify the Beneficial Owners of a customer that is a foundation or other Legal Arrangement similar to a foundation in accordance with this Rule.
          (2) The Relevant Person must identify:
          (a) the founder;
          (b) the foundation council members (or otherwise members of the governing body of the foundation);
          (c) the guardian, if any;
          (d) the beneficiaries (if names) or designee (if no beneficiaries are named) in whose main interest, in the opinion of the Relevant Person, the foundation or arrangement has been established or operates; and
          (e) any natural person who has control over the foundation or other Legal Arrangement.
          (3) For the purposes of (2)(e), a natural person shall have "control" over a foundation or a Legal Arrangement if such person:
          (a) holds, directly or indirectly, 25% or more of the voting rights in the conduct and management of the foundation or the Legal Arrangement; or
          (b) holds the right, directly or indirectly, to appoint or remove a majority of the officials of the foundation or the Legal Arrangement.
          (4) Where any of the persons identified under (2) (a) to (e) are a Body Corporate or Partnership, the Relevant Person must identify the Beneficial Owners of Body Corporate or Partnership in accordance with Rule 8.3.3 and Rule 8.3.4.
          Amended on (3 February, 2020).

          • Guidance on verification of the identity of Beneficial Owners

            1. In determining whether an individual meets the definition of Beneficial Owners regard should be had to all the circumstances of the case, in particular the size of an individual's legal engagement or beneficial ownership in a Transaction.
            2. For a retail investment fund that is widely-held and where the investors invest via pension contributions, the Regulator would not expect the manager of the fund to look through to any underlying investors where there are none with any material control or ownership of the fund. However, for a closely-held fund with a small number of investors, each having a large shareholding or other interest, the Regulator would expect a Relevant Person to identify and verify each of the Beneficial Owners, depending on the risks identified as part of its risk-based assessment of the customer. For a corporate health policy with defined benefits, however, the Regulator would not expect a Relevant Person to identify the Beneficial Owners.
            Added on (15 April, 2019).

          • Guidance on Politically Exposed Persons (PEPs) and corruption

            1. Individuals who have, or have had, a high political profile, or hold, or have held, public office, may pose a higher money laundering risk to a Relevant Person as their position may make them prone to corruption. This risk also extends to members of their families and to known close associates. Being a PEP does not, in itself, of course, incriminate individuals or entities.
            2. Generally, a foreign PEP presents a higher risk of money laundering because there is a greater risk that such a Person, if he were undertaking money laundering, would attempt to place his money offshore, away from his home jurisdiction, where he is less likely to be recognised as a PEP and where it would be more difficult for law enforcement agencies in his home jurisdiction to confiscate or freeze his criminal proceeds.
            3. A Relevant Person should be aware that customer relationships with family members or close associates of PEPs involve similar risks to those with PEPs themselves.
            4. The risk of corruption-related money laundering increases where a Relevant Person deals with a PEP. Corruption may involve serious crimes and has become the subject of increasing global concern. Corruption offences are predicate crimes under Federal AML Legislation.
            5. The Regulator considers that after leaving office a PEP may remain a higher risk for money laundering if such an individual continues to exert political influence or otherwise poses a risk of being involved in corruption.
            6. The fact that an individual is a PEP does not automatically mean that the individual must be assessed to be a high risk customer: however, Enhanced CDD still needs to be undertaken on PEPs. A Relevant Person will need to assess the particular circumstances relating to each PEP to determine what risk category is appropriate.
            Added on (15 April, 2019).

      • AML 8.4 AML 8.4 Enhanced Customer Due Diligence

        • AML 8.4.1 AML 8.4.1

          Where a Relevant Person is required to undertake Enhanced CDD, having assigned a customer a high risk rating or it or its Beneficial Owners is a PEP, then, in addition to CDD under Rule 8.3.1, it must:

          (a) obtain:
          (i) additional identification information on the customer and all Beneficial Owners;
          (ii) additional information on the intended nature of the business relationship;
          (iii) information on the reasons for a Transaction;
          (b) update the CDD information which it holds on the customer and any Beneficial Owners more regularly;
          (c) identify and verify:
          (i) the Source of Funds; and
          (ii) the Source of Wealth;
          of the customer and, if applicable, all Beneficial Owners;
          (d) conduct enhanced monitoring of the business relationship, by increasing the frequency and intensity of controls applied, and determining which groups of transactions need further examination;
          (e) obtain the approval of Senior Management to commence a business relationship with the customer; and
          (f) require the first payment to be carried out through an account in the customer's name with a financial institution that is subject to money laundering regulation and supervision in a jurisdiction that has standards equivalent to those set out in the FATF Recommendations.
          Amended on (15 April, 2019).

          • Guidance

            1. In Rule 8.4.1 Enhanced CDD measures are mandatory to the extent that they are applicable to the relevant customer or the circumstances of the business relationship and to the extent that the risks would reasonably require it. Therefore, the extent of additional measures to be conducted is a matter for the Relevant Person to determine on a case by case basis.
            2. In Rule 8.4.1(e), Senior Management approval may be given by an individual member of the Relevant Person's Senior Management or by a committee of senior managers appointed to consider high-risk customers. Such approval may also be outsourced within the Group, but only to a suitably qualified individual or committee.
            3. For high-risk customers, a Relevant Person should, in order to mitigate the perceived potential and actual risks, exercise a greater degree of diligence throughout the course of the customer relationship and should endeavour to understand the nature of the customer's business and consider whether it is consistent and reasonable.
            4. A Relevant Person should be satisfied that a customer's use of complex legal structures and/or the use of trust and private investment vehicles, has a genuine and legitimate purpose.
            5. For Enhanced CDD, where there are one or more Beneficial Owners, verification of the customer's Source of Funds and Wealth may require enquiring into the Beneficial Owners' Source of Funds and Wealth because the Source of Funds would normally be associated with the Beneficial Owners and not the customer.
            6. The Regulator considers that verification of Source of Funds includes obtaining independent corroborating evidence such as the proof of dividend payments connected to a shareholding, bank statements, salary/bonus certificates, loan documentation and proof of all Transactions which gave rise to payments into the account. A customer should be able to demonstrate and have documented how the relevant funds are connected to a particular event which gave rise to the payment into the account or to the source of the funds for a Transaction.
            7. The Regulator considers that verification of Source of Wealth includes obtaining independent corroborating evidence such as share certificates, publicly-available registers of ownership, bank or brokerage account statements, probate documents, audited accounts and financial statements, news items from a reputable source and other similar evidence.
            8. A Relevant Person may commission a report from a third party vendor to obtain further information on a customer or Transaction or to investigate a customer or Beneficial Owners in very high-risk cases. Such a report may be particularly useful where there is little or no publicly-available information on a Person or on a Legal Arrangement or where the Relevant Person has difficulty in obtaining and verifying information.
            9. For Rule 8.4.1, circumstances where it may be applicable to require the first payment made by a customer in order to open an account with a Relevant Person to be carried out through a bank account in the customer's name Customer include:
            (a) where, following the use of other Enhanced CDD measures, the Relevant Person is not satisfied with the results of due diligence; or
            (b) as an alternative measure, where one of the measures in Rule 8.4.1 (a) to (e) cannot be carried out.
            Amended on (3 February, 2020).

      • AML 8.5 AML 8.5 Simplified Customer Due Diligence

        • AML 8.5.1 AML 8.5.1

          (1) Where a Relevant Person is permitted to undertake Simplified CDD under Rule 8.1.1(2), modification of Rule 8.3.1 may include:
          (a) verifying the identity of the customer and any Beneficial Owners after the establishment of the business relationship;
          (b) deciding to reduce the frequency of, or as appropriate not undertake, customer identification updates;
          (c) deciding not to verify an identification document other than by requesting a copy;
          (d) reducing the degree of on-going monitoring of Transactions, based on a reasonable monetary threshold or on the nature of the Transaction; and
          (e) not collecting specific information or carrying out specific measures to understand the purpose and intended nature of the business relationship, but inferring such purpose and nature from the type of Transactions or business relationship established.
          (2) The modification undertaken under (1) must be proportionate to the customer's money laundering risks.
          Amended on (15 April, 2019).

          • Guidance

            1. Relevant Person should not use a "one size fits all" approach for all of its low-risk customers. Notwithstanding that the risks may be low for all such customers in that category, the extent of CDD undertaken needs to be proportionate to the specific risks identified on a case by case basis.
            2. A Relevant Person might reasonably reduce the frequency of or, as appropriate, eliminate customer identification updates where the money laundering risks are low and the service provided does not offer a realistic opportunity for money laundering.
            3. An example of where a Relevant Person might reasonably reduce the degree of on-going monitoring and scrutinising of Transactions, based on a reasonable monetary threshold or on the nature of the Transaction, would be where the Transaction is a recurring, fixed contribution to a savings scheme, investment portfolio or fund or where the monetary value of the Transaction is not material for money laundering purposes given the nature of the customer and the Transaction type.
            Amended on (15 April, 2019).

      • AML 8.6 AML 8.6 On-going Customer Due Diligence

        • AML 8.6.1

          When undertaking on-going CDD under Rule 8.3.1(d), a Relevant Person must:

          (a) monitor Transactions undertaken during the course of its customer relationship to ensure that the Transactions are consistent with the Relevant Person's knowledge of the customer, his business and risk rating;
          (b) pay particular attention to any complex or unusually large Transactions or unusual patterns of Transactions that have no apparent or visible economic or legitimate purpose;
          (c) enquire into the background and purpose of the Transactions in (b);
          (d) periodically review the adequacy of the CDD information it holds on customers and Beneficial Owners to ensure that the information is kept up to date, particularly for customers with a high-risk rating; and
          (e) periodically review each customer to ensure that the risk rating assigned to a customer under Rule 7.1.1(b) remains appropriate for the customer in light of the money laundering risks.
          Amended on (15 April, 2019).

        • AML 8.6.2 AML 8.6.2

          A Relevant Person should apply an intensified and on-going monitoring programme with respect to higher risk Transactions and customers.

          Amended on (15 April, 2019).

          • Guidance

            1. The customer identification process does not end at the time of establishing a business relationship with a customer or, where relevant, undertaking a specific transaction or business activity on behalf of a customer. Following the start of the customer relationship, a Relevant Person should ensure that all relevant evidence and information is kept up-to-date including, for example, the list of authorised signatories who can act on behalf of a corporate customer.
            2. In complying with Rule 8.6.1(d), a Relevant Person should undertake a periodic review to ensure that non-static customer identity documentation is accurate and up-to-date. A Relevant Person is expected to ensure that the information and the evidence obtained from a customer is valid and has not expired, for example when obtaining copies of identification documentation such as a passport or identification card. Examples of non-static identity documentation include passport number and residential/business address and, for a Legal Person, its share register or list of partners.
            3. A Relevant Person should undertake a review under Rule 8.6.1(d) and (e) particularly when:
            (a) the Relevant Person changes its CDD documentation requirements;
            (b) an unusual Transaction with the customer is expected to take place;
            (c) there is a material change in the business relationship with the customer; or
            (d) there is a material change in the nature or ownership of the customer.
            4. The degree of the on-going due diligence to be undertaken will depend on the customer risk assessment carried out under Rule 7.1.1.
            5. A Relevant Person's Transaction monitoring policies, procedures, systems and controls, which may be implemented by manual or automated systems, or a combination thereof, are one of the most important aspects of effective CDD. Whether a Relevant Person should undertake the monitoring by means of a manual or computerised system (or both) will depend on a number of factors, including:
            (a) the size and nature of the Relevant Person's business and customer base; and
            (b) the complexity and volume of customer Transactions.
            Amended on (15 April, 2019).

        • AML 8.6.3

          A Relevant Person must review its customers, their businesses, and Transactions, against Sanctions Lists when complying with Rule 8.6.1(d).

          Amended on (15 April, 2019).

      • AML 8.7 AML 8.7 Failure to conduct or complete Customer Due Diligence

        • AML 8.7.1 AML 8.7.1

          (1) Where, in relation to a customer, a Relevant Person is unable to conduct or complete the requisite CDD in accordance with Rule 8.1.1 it must, where appropriate:
          (a) not carry out a Transaction with or for the customer through a bank account or in cash;
          (b) not open an account or otherwise provide a service;
          (c) not otherwise establish a business relationship or carry out a Transaction;
          (d) terminate or suspend any existing business relationship with the customer;
          (e) return any monies or assets received from the customer; and
          (f) consider whether the inability to conduct or complete CDD necessitates the making of a Suspicious Activity Report under Rule 14.3.1(c).
          (2) A Relevant Person is not obliged to comply with (1)(a) to (e) if:
          (a) to do so would amount to "tipping off" the customer, in breach of Federal AML Legislation; or
          (b) the FIU directs the Relevant Person to act otherwise.
          Amended on (15 April, 2019).

          • Guidance

            1. In complying with Rule 8.7.1(1) a Relevant Person should apply one or more of the measures in (a) to (f) as appropriate in the circumstances. Where CDD cannot be completed to a significant degree, it may be appropriate not to carry out a Transaction pending completion of CDD. Where CDD cannot be conducted, including where a material part of the CDD such as identifying and verifying Beneficial Owners cannot be undertaken, a Relevant Person should not establish a business relationship with the customer.
            2. A Relevant Person should note that Rule 8.7.1 applies to both existing and prospective customers. For prospective customers it may be appropriate for a Relevant Person to terminate the business relationship before a product or service is provided. However, for existing customers, while termination of the business relationship should not be ruled out, suspension may be more appropriate depending on the circumstances, whilst further investigations are carried out. Whichever course of action is taken, the Relevant Person should be careful not to tip off the customer.
            3. A Relevant Person should adopt the RBA in order to inform the appropriate level of CDD to be undertaken for existing customers. For example, if a Relevant Person considers that any of its existing customers (which may include customers that it migrates into the ADGM) have not been subject to CDD of a standard equivalent to that required by the AML Rulebook, it should adopt the RBA and take remedial action in a manner proportionate to the risks and within a reasonable period of time whilst complying with Rule 8.7.1.
            Amended on (15 April, 2019).

      • AML 8.8

        A diagram outlining the Customer due diligence process is contained in A1.4.

    • AML 9. AML 9. ANTI-MONEY LAUNDERING COMPLIANCE AND THIRD-PARTIES

      • AML 9.1 AML 9.1 Reliance on a third party

        • AML 9.1.1

          (1) A Relevant Person may rely on the following third parties ("qualified professionals") to conduct one or more of the elements of CDD on its behalf:
          (a) an Authorised Person or Recognised Body;
          (b) a law firm, notary, or other independent legal business, accounting firm, audit firm or insolvency practitioner or an equivalent Person in another jurisdiction;
          (c) a Financial Institution;
          (d) a member of the Relevant Person's Group; or
          (e) other specialised utilities for the provision of outsourced Anti-Money Laundering services.
          (2) In (1), a Relevant Person may rely on the information previously obtained by a third party which covers one or more elements of CDD.
          (3) Where a Relevant Person seeks to rely on a Person in (1) it may only do so if and to the extent that:
          (a) it immediately obtains the necessary CDD information from the third party in (1);
          (b) it takes adequate steps to satisfy itself that certified copies of the documents used to undertake the relevant elements of CDD will be available from the third party on request without delay;
          (c) the Person in (1)(b) to (d) is subject to regulation, including AML, by a Non-ADGM Financial Services Regulator or other competent authority in a country with AML regulations which are equivalent to the standards set out in the FATF Recommendations and it is supervised for compliance with such regulations;
          (d) the Person in (1) has not relied on any exception from the requirement to conduct any relevant elements of CDD which the Relevant Person seeks to rely on; and
          (e) in relation to (2), the information is up to date.
          (4) Where a Relevant Person relies on a member of its Group to conduct one or more of the elements of CDD on its behalf, such Group member need not meet the condition in (3)(c) if:
          (a) the Group is subject to policies and requirements equivalent to FATF standards, either:
          (i) where the Group applies and implements a Group-wide policy on CDD and record keeping which is equivalent to the standards set by FATF; or
          (ii) where the effective implementation of those CDD and record keeping requirements and Anti-Money Laundering programmes are supervised at Group level by a Non-ADGM Financial Services Regulator or other competent authority in a jurisdiction with Anti-Money Laundering regulations that are equivalent to the standards set out in the FATF Recommendations;
          (b) no exception from identification obligations has been applied in the original identification process; and
          (c) a written statement is received from the introducing member of the Relevant Person's Group confirming that:
          (i) the customer has been identified in accordance with the relevant standards under (4)(a) and (b);
          (ii) any identification evidence can be accessed by the Relevant Person without delay; and
          (iii) the identification evidence will be kept for at least six years.
          (5) If a Relevant Person is not reasonably satisfied that a customer or Beneficial Owners has been identified and verified by a third party in a manner consistent with these Rules, the Relevant Person must immediately perform the CDD itself with respect to any deficiencies identified.
          (6) Notwithstanding the Relevant Person's reliance on a Person in 9.1.1(1), the Relevant Person remains responsible for compliance with, and liable for any failure to meet the CDD requirements in the AML Rulebook.
          Amended on (15 April, 2019).

        • AML 9.1.2 AML 9.1.2

          (1) When assessing under Rule 9.1.1(3) or (4) if Anti-Money Laundering regulations in another jurisdiction are equivalent to FATF standards, a Relevant Person must take into account factors including, but not limited to:
          (a) mutual evaluations, assessment reports or follow-up reports published by FATF, the IMF, the World Bank, the OECD or other International Organisations;
          (b) membership of FATF or other international or regional groups such as the MENAFATF or the Gulf Co-operation Council;
          (c) contextual factors such as political stability or the level of corruption in the jurisdiction;
          (d) evidence of recent criticism of the jurisdiction, including in:
          (i) FATF advisory notices;
          (ii) public assessments of the jurisdiction's Anti-Money Laundering regime by organisations referred to in (a); or
          (iii) reports by other relevant non-government organisations or specialist commercial organisations; and
          (e) whether adequate arrangements exist for co-operation between the Anti-Money Laundering regulator in that jurisdiction and the Regulator.
          (2) A Relevant Person making an assessment under (1) must rely only on sources of information that are reliable and up-to-date.
          (3) A Relevant Person must keep adequate records of how it made its assessment, including the sources and materials considered.
          Added on (15 April, 2019).

          • Guidance

            1. In complying with Rule 9.1.1(3)(a), "immediately obtaining the necessary CDD information" means obtaining all relevant CDD information, and not just basic information such as name and address. However, compliance can be achieved by having the information sent in an email or other appropriate means. For the avoidance of doubt, it does not necessarily require a Relevant Person to immediately obtain the underlying certified documents used by the third party to undertake its CDD because under Rule 9.1.1(3)(b), these need only be available on request without delay.
            2. The Regulator would expect a Relevant Person, in complying with Rule 9.1.1(5), to fill any gaps in the CDD process as soon as it becomes aware that a customer or Beneficial Owners has not been identified and verified by the third party in a manner consistent with these Rules.
            3. If a Relevant Person acquires another business, either in whole or in substantial part, the Regulator would permit the Relevant Person to rely on the CDD conducted by the business it is acquiring, but would expect the Relevant Person to have done the following:
            (a) as part of its due diligence for the acquisition, to have taken a reasonable sample of the prospective customers to assess the quality of the CDD undertaken; and
            (b) to have undertaken CDD on all the customers to cover any deficiencies identified in (a) as soon as possible following the acquisition, prioritising high-risk customers.
            4. Where the legislative framework of a jurisdiction (such as secrecy or data protection legislation) prevents a Relevant Person from having access to CDD information upon request without delay as referred to in Rule 9.1.1(3)(b), the Relevant Person should undertake the relevant CDD itself and should not seek to rely on the relevant third party.
            5. If a Relevant Person relies on a third party located in a foreign jurisdiction to conduct one or more elements of CDD on its behalf, the Relevant Person must ensure that the foreign jurisdiction has Anti-Money Laundering regulations which are equivalent to the standards in the FATF Recommendations (see Rule 9.1.1(3)(c)).
            Added on (15 April, 2019).

      • AML 9.2 AML 9.2 Business partner identification

        • AML 9.2.1 AML 9.2.1

          (1) Prior to establishing the business relationship, a Relevant Person must establish and verify its business partners' identities by obtaining sufficient and satisfactory evidence of the identity of any business partner it relies upon in carrying on its Regulated Activities.
          (a) A Relevant Person must maintain accurate and up-to-date information and conduct on-going due diligence on its business partners, throughout the course of the business relationship.
          (b) If at any time a Relevant Person becomes aware that it lacks sufficient information or documentation concerning a business partner's identification, or develops a concern about the accuracy of its current information or documentation, it must promptly obtain appropriate material to verify such business partner's identity.
          (2) In the context of this Rule, a 'business partner' includes:
          (a) a qualified professional as specified in Rule 9.1.1(1);
          (b) a member of the Relevant Person's Group;
          (c) a Correspondent Bank; or
          (d) any other service provider.
          (3) A Relevant Person that establishes, operates or maintains a Correspondent Account for a Correspondent Banking Client must ensure that it has arrangements to:
          (a) conduct due diligence in respect of the opening of a Correspondent Account for a Correspondent Banking Client, including measures to identify:
          (i) its ownership and management structure;
          (ii) its major business activities and customer base;
          (iii) its location; and
          (iv) the intended purpose of the Correspondent Account;
          (b) identify all third parties that will use the Correspondent Account; and
          (c) monitor Transactions processed through a Correspondent Account that has been opened by a Correspondent Banking Client, in order to detect and report any suspicion of Money Laundering.
          Amended on (15 April, 2019).

          • Guidance

            Under (2)(d), service providers include agents that facilitate directly the activities of Authorised Persons in servicing their clients, as distinct from other service providers that provide purely ancillary services, such as IT, facilities management etc. to an Authorised Person.

        • AML 9.2.2 AML 9.2.2

          A Relevant Person must not:

          (1) establish a correspondent banking relationship with a Shell Bank;
          (2) establish or keep anonymous accounts or accounts in false names; or
          (3) maintain a nominee account which is held in the name of one Person, but controlled by or held for the benefit of another Person whose identity has not been disclosed to the Relevant Person.

          • Guidance

            1. "Know your business partner" is as important as "Know Your Customer". A Relevant Person is therefore required to verify the identity of a prospective business partner and to obtain evidence of it. The same documentation that is used to identify customers should be obtained from the business partner prior to conducting any business.
            2. A Relevant Person should verify whether any secrecy or data protection law exists in the country of incorporation of the business partner that would prevent access to relevant data.
            3. The requirement to identify the business partner is meant to cover only those business partners who may pose any relevant money laundering risk to the Relevant Person. Hence, a Relevant Person would not be required to establish and verify the identity of, for example, its maintenance or cleaning service.
            4. The Regulator may take into account the identity of a Relevant Person's business partner and the nature of their relationship in considering the fitness and propriety of a Relevant Person.
            5. Before entering into a business relationship, a Relevant Person should conduct a due diligence investigation, which includes ensuring that the business partner is an existing Person authorised to conduct the kind of business in question and, if applicable, verifying that this Person is duly regulated by a Financial Services Regulator or other relevant regulatory authority or regulator. In accordance with "The Wolfsberg Anti-Money Laundering Principles for Correspondent Banking", the Relevant Person should take into account, and verify the nature of:
            (a) the business to be conducted and the major business activities of the business partner;
            (b) the jurisdiction where the business partner is located as well as that of its the parent; and
            (c) the transparency and the nature of the ownership and the management structure.
            6. A Relevant Person may also gather information about the reputation of the business partner, including whether it has been subject to investigation or regulatory action in relation to money laundering or terrorist financing.
            7. A Relevant Person should adopt a risk-based approach when verifying its business partners' identities. Depending on the money laundering risk assessment of the Relevant Person's business partner, the Relevant Person should decide the level of detail of the business partner identification and verification process.
            8. A Relevant Person should have in place specific arrangements to ensure that adequate due diligence and identification measures with regard to the business relationship are taken.
            9. The Relevant Person should conduct regular reviews of the relationship with its business partners.
            10. The Senior Management or Governing Body of a Relevant Person should give its approval before it establishes any new correspondent banking relationships.
            11. A Relevant Person should also have arrangements to guard against establishing a business relationship with business partners who permit their accounts to be used by Shell Banks; further details on the definition of Shell Banks are set out in Guidance 2 to Rule 10.2.2.
            Amended on (3 February, 2020).

      • AML 9.3 AML 9.3 Outsourcing and agents

        • AML 9.3.1 AML 9.3.1

          A Relevant Person which outsources any one or more elements of its CDD to a service provider (including those within its Group) remains responsible for compliance with, and liable for any failure to meet, such obligations.

          Amended on (15 April, 2019).

          • Guidance

            Prior to appointing an outsourced service provider to undertake CDD, a Relevant Person should undertake due diligence to assure itself of the suitability of the outsourced service provider and should ensure that the outsourced service provider's obligations are clearly documented in a binding agreement.

        • AML 9.3.2 AML 9.3.2 Authorised Persons Providing Money Services

          (1) An Authorised Person that is engaged in Providing Money Services must:
          (a) maintain a complete, current and accurate register of all agents and members of its Group it uses to conduct its operations and make that register available to the Regulator upon request;
          (b) include all agents and members of its Group identified in (a) as part of its AML compliance programme and monitor the compliance of such agents and members of its Group with the requirements of its AML programme;
          (c) comply with all AML requirements imposed in all jurisdictions within which it operates and ensure the compliance of its agents and members of its Group operating on its behalf with all AML requirements in the jurisdictions in which they are operating;
          (d) when executing a Payment Transaction, assess and consider all relevant information, including information about the Payer and the Payee, including any beneficiary as may be applicable, and require its agents and members of its Group, as appropriate, to determine whether a Suspicious Activity Report should be filed by it or its agents or a member of its Group; and
          (e) where appropriate, ensure that a Suspicious Activity Report is filed in all jurisdictions related to a suspicious Payment Transaction and make available to all authorities responsible for AML compliance all transaction information related to the Suspicious Activity Report.
          (2) An Authorised Person making an assessment under (1) must rely upon current sources of information when making such assessment and must keep adequate records concerning such assessments, including all sources and materials considered, for a period of at least six years.

          • Guidance

            Agents facilitate directly the activities of Authorised Persons in servicing their clients, as distinct from other service providers that provide purely ancillary services, such as IT, facilities management etc. to an Authorised Person.

      • AML 9.4 AML 9.4 Record Keeping and Data Protection

        • AML 9.4.1

          Where Customer identification records are kept by the Relevant Person or other Persons outside the ADGM, a Relevant Person must take reasonable steps to ensure that the records are held in a manner consistent with these Rules.

        • AML 9.4.2

          A Relevant Person must verify whether there is secrecy or data protection legislation that would restrict access without delay to such data by the Relevant Person, the Regulator or the law enforcement agencies of the U.A.E. Where such legislation exists, the Relevant Person must obtain without delay certified copies of the relevant identification evidence and keep these copies in a jurisdiction which allows access by all those Persons.

      • AML 9.5

        A diagram outlining the reliance and outsourcing of AML compliance requirements is contained in A1.5.

    • AML 10. AML 10. Correspondent Banking, Wire Transfers, Anonymous Accounts And Audit

      • AML 10.1 AML 10.1 Application

        • AML 10.1.1

          This Chapter applies to Recognised Bodies and all Authorised Persons, other than Credit Rating Agencies and Representative Offices.

          Amended on (3 February, 2020).

      • AML 10.2 AML 10.2 Correspondent banking

        • AML 10.2.1

          An Authorised Person proposing to have a correspondent banking relationship with a respondent bank must:

          (a) undertake CDD on the respondent bank;
          (b) as part of (a), gather sufficient information about the respondent bank to understand fully the nature of the business, including making appropriate enquiries as to its management, its major business activities and the countries or jurisdictions in which it operates;
          (c) determine from publicly-available information the reputation of the respondent bank and the quality of supervision that it is subject to, including whether it has been the subject of a money laundering or terrorist financing investigation or relevant regulatory action;
          (d) assess the respondent bank's Anti-Money Laundering controls and ascertain if they are adequate and effective in light of the FATF Recommendations;
          (e) ensure that prior approval of the Authorised Person's Senior Management is obtained before entering into a new correspondent banking relationship;
          (f) ensure that the respective responsibilities of the parties to the correspondent banking relationship are properly documented; and
          (g) be satisfied that, in respect of any customers of the respondent bank who have direct access to accounts of the Authorised Person, the respondent bank:
          (i) has undertaken CDD (including on-going CDD) at least equivalent to that in Rule 8.3.1 in respect of each Customer; and
          (ii) is able to provide the relevant CDD information in (i) to the Authorised Person upon request; and
          (h) document the basis for its satisfaction that the requirements in (a) to (g) are met.
          Amended on (15 April, 2019).

        • AML 10.2.2 AML 10.2.2

          An Authorised Person must:

          (a) not enter into a correspondent banking relationship with a Shell Bank; and
          (b) take appropriate measures to ensure that it does not enter into, or continue a corresponding banking relationship with, a bank which is known to permit its accounts to be used by Shell Banks.

          • Guidance

            1. The rules and guidance set out in Rule 9.2 above also applies to correspondent banking business partners. This Rule provides further details on specific requirements applicable to a correspondent banking business relationship.
            2. With regard to Correspondent Banking Clients and, if applicable, other qualified professionals, specific care should be taken to assess their Anti-Money Laundering arrangements regarding Customer identification, Transaction monitoring, terrorist financing and other relevant elements, and to verify that these business partners comply with the same or equivalent Anti-Money Laundering requirements as the Relevant Person. Information on applicable laws and regulations regarding the prevention of money laundering should be obtained.
            3. A Relevant Person should ensure that a Correspondent Banking Client does not use the Relevant Person's products and services to engage in business with Shell Banks. A Shell Bank would be a bank that has no physical presence in the country in which it is incorporated and licensed, and which is unaffiliated with a regulated financial Group that is subject to effective consolidated supervision. The Regulator does not consider that the existence of a local agent or low-level staff constitutes physical presence.
            4. If applicable, information on distribution networks and delegation of duties should be obtained.
            Amended on (15 April, 2019).

      • AML 10.3 AML 10.3 Wire transfers

        • AML 10.3.1

          In this section:

          (a) "beneficiary" means the natural or Legal Person or the Legal Arrangement that is identified by the originator as the receiver of the requested wire transfer;
          (b) "originator" means the account holder who instructs the wire transfer from the relevant account, or where there is no account, the Natural or Legal Person that places the order with the ordering Financial Institution to perform the wire transfer;
          (c) "wire transfer" includes any value transfer arrangement; and
          (d) "batch transfer" means a transfer comprised of a number of individual wire transfers that are bundled for transmission, whether or not the individual wire transfers are intended ultimately for one or more beneficiaries.
          Amended on (3 February, 2020).

        • AML 10.3.2 AML 10.3.2

          (1) An Authorised Person and Recognised Body must:
          (a) when it sends or receives funds by wire transfer on behalf of a customer, ensure that the wire transfer and any related messages contain accurate originator and beneficiary information;
          (b) ensure that, while the wire transfer is under its control, the information in (a) remains with the wire transfer and any related message throughout the payment chain;
          (c) monitor wire transfers for the purpose of detecting those wire transfers that do not contain both originator and beneficiary information and take appropriate measures to identify any money laundering risks; and
          (d) not effect wire transfers without the information required under (3) and (4).
          (2) The requirement in (1) does not apply to an Authorised Person or Recognised Body which:
          (a) provides Financial Institutions with messages or other support systems for transmitting funds; or
          (b) transfers funds to another Financial Institution where both the originator and the beneficiary are Financial Institutions acting on their own behalf.
          (3) An Authorised Person and Recognised Body must ensure that information accompanying all wire transfers contains at a minimum:
          (a) the name of the originator;
          (b) the originator account number where such an account is used to process the Transaction or unique Transaction reference number if no originator account number exists;
          (c) the originator's address, or national identity number, or Customer identification number, or date and place of birth;
          (d) the name of the beneficiary; and
          (e) the beneficiary account number where such an account is used to process the Transaction or unique Transaction reference number if no beneficiary account number exists.
          (4) An Authorised Person and Recognised Body must ensure that for batch transfers:
          (a) it has verified the originator information required under (3)(a) to (c); and
          (b) the batch file contains the beneficiary information required under (3)(d) and (e) for each beneficiary and that the information is fully traceable in the beneficiaries jurisdiction.
          Amended on (15 April, 2019).

          • Guidance

            1. 'FATF Recommendation Number 16' seeks to ensure that national or international electronic payment and message systems, including fund or wire transfer systems such as SWIFT, are not misused as a means to break the money laundering audit trail. Therefore, the information about a customer as the originator of the transfer of funds should remain with the payment instruction throughout the payment chain.
            2. Relevant Persons should monitor for, and conduct enhanced scrutiny of, suspicious activities, including incoming fund transfers that do not contain complete originator information, including name, address and account number or unique reference number.
            3. The Regulator considers that concealing or removing in a wire transfer any of the information required by Rule 10.3.2(3) would be a breach of the requirement to ensure that the wire transfer contains accurate originator and beneficiary information.
            Amended on (15 April, 2019).

      • AML 10.4 AML 10.4 Audit

        • AML 10.4.1 AML 10.4.1

          An Authorised Person or a Recognised Body must ensure that its internal audit function undertakes regular reviews and assessments of the effectiveness of the Authorised Person or Recognised Body's money laundering policies, procedures, systems and controls, and its compliance with its obligations in the AML Rulebook.

          Amended on (15 April, 2019).

          • Guidance

            1. The review and assessment undertaken for the purposes of Rule 10.4.1 may be undertaken:
            (a) internally by the Authorised Person or Recognised Body's internal audit function; or
            (b) by a competent firm of independent, external auditors or compliance professionals.
            2. The review and assessment undertaken for the purposes of Rule 10.4.1 should cover at least the following:
            (a) sample testing of compliance with the Authorised Person or the Recognised Body's CDD arrangements;
            (b) an analysis of all notifications made to the MLRO to highlight any area where procedures or training may need to be enhanced; and
            (c) a review of the nature and frequency of the dialogue between Senior Management and the MLRO.
            Amended on (15 April, 2019).

      • AML 10.5 AML 10.5 Anonymous and nominee accounts

        • AML 10.5.1

          An Authorised Person or a Recognised Body must not establish or maintain:

          (a) an anonymous account or an account in a fictitious name; or
          (b) a nominee account which is held in the name of one Person, but which is controlled by or held for the benefit of another Person whose identity has not been disclosed to the Authorised Person or the Recognised Body.
          Amended on (15 April, 2019).

    • AML 11. AML 11. Sanctions And Other International Obligations

      • AML 11.1 AML 11.1 Resolutions and Sanctions

        • AML 11.1.1 AML 11.1.1

          (1) A Relevant Person must establish and maintain effective systems and controls to ensure that on an ongoing basis it is properly informed as to, and takes reasonable measures to comply with, relevant resolutions or Sanctions which it is required to comply with, under the laws of ADGM or any other jurisdiction.
          (2) A Relevant Person must immediately notify the Regulator when it becomes aware that it is, for or on behalf of a Person:
          (a) carrying on or about to carry on an activity;
          (b) holding or about to hold money or other assets; or
          (c) undertaking or about to undertake any other business whether or not arising from or in connection with (a) or (b);
          where such carrying on, holding or undertaking constitutes or may constitute a contravention of any Sanctions which the Relevant Person is required to comply with, under the laws of ADGM or any other jurisdiction.
          (3) A Relevant Person must ensure that the notification stipulated in (2) above includes the following information:
          (a) a description of the relevant activity in (2)(a), (b) or (c); and
          (b) the action proposed to be taken or that has been taken by the Relevant Person with regard to the matters specified in the notification.
          Amended on (15 April, 2019).

          • Guidance

            1. In Rule 11.1.1(1), taking reasonable measures to comply with resolutions or Sanctions may include, for example, a Relevant Person not undertaking a transaction for or on behalf of a Person undertaking further due diligence in respect of a Person.
            2. Relevant resolutions or Sanctions mentioned in Rule 11.1.1 may, among other things, relate to money laundering, terrorist financing or the financing of weapons of mass destruction, or otherwise be relevant to the activities carried on by the Relevant Person. For example:
            (a) a Relevant Person should exercise due care to ensure that it does not provide services to, or otherwise conduct business with, a Person engaged in money laundering, terrorist financing or the financing of weapons of mass destruction; and
            (b) a Recognised Investment Exchange or Recognised Clearing House, as a Recognised Body, should additionally exercise due care to ensure that it does not facilitate fund raising activities or listings by Persons engaged in money laundering or terrorist financing or financing of weapons of mass destruction.
            3. A Relevant Person should be proactive in checking for, and taking measures to comply with, relevant resolutions or sanctions which the Relevant Person is required to comply with, under the laws of ADGM or any other jurisdiction. The Regulator expects Relevant Persons to perform checks on an ongoing basis against their customer databases and records for any names appearing in resolutions or sanctions which the Relevant Person is required to comply with as well as to monitor transactions accordingly.
            4. A Relevant Person may use a database maintained elsewhere for an up-to-date list of resolutions and sanctions, or to perform checks of customers or transactions against that list. For example, it may wish to use a database maintained by its head office or a Group member. However, the Relevant Person retains responsibility for ensuring that its systems and controls are effective to ensure compliance with this Rulebook.
            Amended on (3 February, 2020).

      • AML 11.2 AML 11.2 Government, regulatory and international findings

        • AML 11.2.1 AML 11.2.1

          (1) A Relevant Person must establish and maintain systems and controls to ensure that on an ongoing basis it is properly informed as to, and takes reasonable measures to comply with, any findings, recommendations, guidance, directives, resolutions, Sanctions, notices or other conclusions issued by:
          (a) the government of the U.A.E. or any government departments in the U.A.E.;
          (b) the Central Bank of the U.A.E. or the FIU;
          (c) U.A.E. enforcement agencies;
          (d) FATF;
          (e) the Basel Committee on Banking Supervision;
          (f) the Regulator; and
          (g) any other jurisdiction which promulgates Sanctions to which it is subject,
          concerning the matters in (2).
          (2) For the purposes of (1), the relevant matters are:
          (a) arrangements for preventing money laundering, terrorist financing or the financing of weapons of mass destruction in a particular country or jurisdiction, including any assessment of material deficiency against relevant countries in adopting international standards; and
          (b) the names of Persons, Groups, organisations or entities or any other body where suspicion of money laundering or terrorist financing or the financing of weapons of mass destruction exists.
          (3) For the purposes of (1), measures that a Relevant Person must undertake when taking reasonable measures to comply with findings, recommendations, guidance, directives, resolutions, Sanctions, notices or other conclusions, include, but are not limited to, measures:
          (a) requiring specific elements of enhanced CDD;
          (b) requiring enhanced reporting mechanisms or systematic reporting of financial transactions;
          (c) limiting business relationships or financial transactions with specified persons or persons in a specified jurisdiction;
          (d) prohibiting Relevant Persons from relying on third parties located in a specified jurisdiction to conduct CDD;
          (e) requiring the review and amendment, or if necessary termination, of correspondent relationships with banks in a specified jurisdiction;
          (f) prohibiting the execution of specified electronic fund transfers; or
          (g) requiring increased external audit requirements for financial groups with respect to any of their branches and subsidiaries located in a specified jurisdiction.
          (4) A Relevant Person must immediately notify the Regulator in writing if it becomes aware of non-compliance by a Person with a finding, recommendation, guidance, directive, resolution, Sanction, notice or other conclusion and provide the Regulator with sufficient details of the person concerned and the nature of the non-compliance.
          Amended on (15 April, 2019).

          • Guidance

            1. The purpose of this Rule is to ensure that a Relevant Person takes into consideration the broad range of tools used by competent authorities and international organisations to communicate Anti-Money Laundering risks to stakeholders.
            2. The Rule also permits the Regulator to require enhanced CDD or other specific countermeasures to address risks identified in a specific country or jurisdiction. The Regulator may impose such countermeasures either when called upon to do so by FATF or independently of any FATF request.
            3. Relevant Persons considering Transactions or business relationships with Persons located in countries or jurisdictions that have been identified as deficient, or against which the U.A.E. or the Regulator have outstanding advisories, should be aware of the background against which the assessments, or the specific recommendations have been made. These circumstances should be taken into account in respect of business introduced from such jurisdictions, and when receiving inward payments for existing customers or in respect of inter-bank Transactions.
            4. The Relevant Person's MLRO is not obliged to report all Transactions from these countries or jurisdictions to the FIU if they do not qualify as suspicious under Federal AML Legislation (see Chapter 14 on Suspicious Activity Reports).
            5. Transactions with counterparties located in countries or jurisdictions which are no longer identified as deficient or have been relieved from special scrutiny (for example, taken off sources mentioned in this Guidance) may nevertheless require attention which is higher than normal.
            6. In order to assist Relevant Persons, the Regulator may, from time to time, publish findings, guidance, directives or Sanctions from U.A.E. authorities, the FATF or other relevant bodies. However, the Regulator expects a Relevant Person to take its own steps in acquiring relevant information from various available sources. For example, a Relevant Person may obtain relevant information from consolidated lists of financial Sanctions published by the European Union, HM Treasury, and OFAC.
            7. In addition, the systems and controls mentioned in Rule 11.2.1 should be established and maintained by a Relevant Person taking into account its risk assessment under Chapters 6 and 7. In relation to the term "make appropriate use" in Rule 11.2.1, this may mean that a Relevant Person cannot undertake a Transaction for or on behalf of a Person or that it may need to undertake further due diligence in respect of such a Person.
            8. A Relevant Person should be proactive in obtaining and appropriately using available national and international information, for example, suspect lists or databases from credible public or private sources with regard to money laundering, including obtaining relevant information from sources mentioned in Guidance 6 above. The Regulator encourages Relevant Persons to perform checks against their customer databases and records for any names appearing on such lists and databases as well as to monitor Transactions accordingly.
            9. The risk of terrorists entering the financial system can be reduced if Relevant Persons apply effective Anti-Money Laundering strategies, particularly in respect of CDD. Relevant Persons should assess which countries carry the highest risks and should conduct an analysis of Transactions from countries or jurisdictions known to be a source of terrorist financing.
            10. The Regulator may require Relevant Persons to take any special measures it may prescribe with respect to certain types of Transactions or accounts where the Regulator reasonably believes that any of the above may pose a money laundering risk to the ADGM.
            Amended on (15 April, 2019).

    • AML 12. AML 12. Money Laundering Reporting Officer

      • AML 12.1 AML 12.1 Appointment of a MLRO

        • AML 12.1.1

          (1) A Relevant Person must appoint an individual as the MLRO who has an appropriate level of seniority, experience and independence to act in the role, with responsibility for implementation and oversight of its compliance with the Rules in the AML Rulebook. It must do so by completing and filing with the Regulator the appropriate form specified by the Regulator.
          (2) The MLRO in (1) and Rule 12.1.7 must be resident in the U.A.E.
          Amended on (15 April, 2019).

        • AML 12.1.2

          The individual appointed as the MLRO of a DNFBP that comprises as one officer, partner or principal can, with the prior approval of the Regulator be the same person as the officer, partner or principle of the DNFBP.

          Added on (15 April, 2019).

        • AML 12.1.3 AML 12.1.3

          The individual appointed as the MLRO of a Representative Office must be the same individual who holds the position of Principal Representative of that Representative Office.

          Amended on (15 April, 2019).

          • Guidance

            1. Authorised Persons are reminded that under GEN Rule 5.5.1 the MLRO function is a mandatory appointment. For the avoidance of doubt, the individual appointed as the MLRO of an Authorised Person, other than a Representative Office, is the same individual who holds the Recognised Function of MLRO of that Authorised Person. Authorised Persons are also reminded that the guidance under GEN Rule 5.5.2 sets out the grounds under which the Regulator will determine whether to grant a waiver from the residence requirements for an MLRO. The same guidance would apply by analogy to other Relevant Persons seeking a waiver from the MLRO residence requirements.
            2. The individual appointed as the MLRO of a Recognised Investment Exchange or Recognised Clearing House is the same individual who holds the position of MLRO of that Recognised Investment Exchange or Recognised Clearing House under the relevant MIR Rule.
            Amended on (15 April, 2019).

        • AML 12.1.4

          If the MLRO leaves the employment of the Relevant Person, the Relevant Person must immediately appoint a new MLRO or arrange temporary cover for the MLRO appointment.

          Amended on (15 April, 2019).

        • AML 12.1.5

          A Relevant Person, other than a Representative Office, must appoint an individual to act as a deputy MLRO of the Relevant Person to fulfil the role of the MLRO in his absence.

          Added on (15 April, 2019).

        • AML 12.1.6 AML 12.1.6

          A Relevant Person's MLRO and deputy MLRO must deal with the Regulator in an open and co-operative manner and must disclose appropriately any information of which the Regulator would reasonably be expected to be notified.

          Amended on (15 April, 2019).

          • Guidance

            1. The individual appointed as the deputy MLRO need not apply for the Regulator's approval.
            2. A Relevant Person should make adequate arrangements to ensure that it remains in compliance with the AML Rulebook in the event that its MLRO is absent. Adequate arrangements would include appointing a temporary MLRO for the period of the MLRO's absence or making sure that the Relevant Person's AML systems and controls allow it to continue to comply with these Rules when the MLRO is absent.
            Amended on (15 April, 2019).

        • AML 12.1.7 AML 12.1.7

          A Relevant Person may outsource the role of MLRO to an individual outside the Relevant Person provided that the individual under the outsourcing agreement is and remains suitable to perform the MLRO role.

          Amended on (15 April, 2019).

          • Guidance

            Where a Relevant Person outsources specific AML tasks of its MLRO to another individual or a third party provider, including the case where they are within it's corporate Group, the Relevant Person remains responsible for ensuring that the duties undertaken by the MLRO ensure its compliance with the requirements in the AML Rulebook. The Relevant Person should satisfy itself of the suitability of anyone who acts for it in the role of MLRO.

            Amended on (15 April, 2019).

      • AML 12.2 AML 12.2 Qualities of a MLRO

        • AML 12.2.1 AML 12.2.1

          A Relevant Person must ensure that its MLRO has:

          (a) direct access to the Governing Body and its Senior Management;
          (b) sufficient and up-to-date qualifications and experience to fulfil the role;
          (c) sufficient resources including, if necessary, an appropriate number of appropriately trained Employees to assist in the performance of his duties in an effective, objective and independent manner;
          (d) a level of seniority and independence within the Relevant Person to enable him to act on his own authority;
          (e) timely and unrestricted access to information the Relevant Person has about the financial and business circumstances of a customer or any Person on whose behalf the customer is or has been acting sufficient to enable him to carry out his responsibilities in accordance with Rule 12.3.1; and
          (f) unrestricted access to relevant information about the features of the Transaction which the Relevant Person has entered into or may have contemplated entering into with or for the customer or a Person on whose behalf a customer is or has been acting.
          Amended on (15 April, 2019).

          • Guidance

            The Regulator considers that a Relevant Person will need to consider this Rule most especially when appointing an outsourced MLRO. Any external MLRO that is appointed will need to have the actual or effective level of seniority that the role requires.

            Amended on (15 April, 2019).

      • AML 12.3 AML 12.3 Responsibilities of a MLRO

        • AML 12.3.1

          A Relevant Person must ensure that its MLRO implements and has oversight of and is responsible for the following matters:

          (a) the day-to-day operations for compliance by the Relevant Person with its Anti-Money Laundering policies, procedures, systems and controls;
          (b) acting as the point of contact to receive notifications from the Relevant Person's Employees under Rule 14.2.2;
          (c) taking appropriate action under Rule 14.3.1 following receipt of a notification from an Employee;
          (d) making, in accordance with Federal AML Legislation, Suspicious Activity Reports;
          (e) acting as the point of contact within the Relevant Person for competent U.A.E. authorities and the Regulator regarding money laundering issues;
          (f) responding promptly to any request for information made by competent U.A.E. authorities or the Regulator;
          (g) receiving and acting upon any relevant findings, recommendations, guidance, directives, resolutions, Sanctions, notices or other conclusions described in Chapter 11; and
          (h) establishing and maintaining an appropriate money laundering training programme and adequate awareness arrangements under Chapter 13.
          Amended on (15 April, 2019).

      • AML 12.4 AML 12.4 Reporting

        • AML 12.4.1

          The MLRO must report semi-annually to the Governing Body or Senior Management of the Relevant Person on the following matters:

          (a) the results of the review under Rule 4.1.1(4);
          (b) the Relevant Person's compliance with applicable Anti-Money Laundering laws including these Rules;
          (c) any relevant findings, recommendations, guidance, directives, resolutions, Sanctions, notices or other conclusions and how the Relevant Person has taken them into account; 
          (d) any internal Suspicious Activity Reports made by the Relevant Person's Employees, or its agents or members of its Group where acting on its behalf, and action taken in respect of those reports, including the grounds for all decisions;
          (e) any external Suspicious Activity Reports made by the Relevant Person, or its agents or members of its Group where acting on its behalf, and action taken in respect of those reports including the grounds for all decisions; and
          (f) any other relevant matters related to Anti-Money Laundering as it concerns the Relevant Person's business.
          Amended on (9 November, 2020)
          Amended on (3 February, 2020)

        • AML 12.4.2

          A Relevant Person must ensure that its Governing Body or Senior Management promptly:

          (a) assess the report provided under Rule 12.4.1;
          (b) take action, as required, subsequent to consideration of the findings of the report, in order to resolve any identified deficiencies; and
          (c) make a record of their assessment pursuant to paragraph (a) and the action taken pursuant to paragraph (b).
          Amended on (15 April, 2019).

        • AML 12.4.3

          The Relevant Person must provide to the Regulator a copy of:

          (a) The report provided under Rule 12.4.1; and
          (b) the record made under Rule 12.4.2(c).
          Amended on (3 February, 2020).

    • AML 13. AML 13. Anti-Money Laundering Training And Awareness

      • AML 13.1 AML 13.1 Training and awareness

        • AML 13.1.1

          A Relevant Person must:

          (a) provide Anti-Money Laundering training to all relevant Employees at appropriate and regular intervals;
          (b) ensure that its Anti-Money Laundering training enables its Employees to:
          (i) know the identity, and understand the responsibilities, of the Relevant Person's MLRO and his deputy;
          (ii) understand the relevant legislation relating to money laundering, including Federal AML Legislation;
          (iii) understand its policies, procedures, systems and controls related to money laundering and any changes to these;
          (iv) recognise and deal with Transactions, risks, trends, techniques and other activities which may be related to money laundering;
          (v) understand the types of activity that may constitute suspicious activity in the context of the business in which an Employee is engaged and that may warrant a notification to the MLRO under Rule 14.2.2;
          (vi) understand its arrangements regarding the making of a notification to the MLRO under Rule 14.2.2;
          (vii) be aware of the prevailing techniques, methods and trends in money laundering relevant to the business of the Relevant Person;
          (viii) understand the roles and responsibilities of Employees in combating money laundering; and
          (ix) understand the relevant findings, recommendations, guidance, directives, resolutions, Sanctions, notices or other conclusions described in Chapter 11;
          (c) ensure that its Anti-Money Laundering training:
          (i) is appropriately tailored to the Relevant Person's activities, including its products, services, customers, distribution channels, business partners and the level and complexity of its Transactions; and
          (ii) indicates the different levels of money laundering risk and vulnerabilities associated with the matters in (c)(i); and
          (d) ensure that its Anti-Money Laundering training is up-to-date with money laundering trends and techniques.
          Amended on (15 April, 2019).

      • AML 13.2 AML 13.2 Frequency

        • AML 13.2.1

          A Relevant Person must provide Anti-Money Laundering training for all Employees in accordance with Rule 13.1.1 at least annually.

          Amended on (15 April, 2019).

      • AML 13.3 AML 13.3 Record-keeping

        • AML 13.3.1

          All relevant details of the Relevant Person's Anti-Money Laundering training must be recorded, including:

          (a) dates when the training was given;
          (b) the nature of the training; and
          (c) the names of the Employees who received the training.
          Amended on (15 April, 2019).

        • AML 13.3.2 AML 13.3.2

          These records must be kept for at least six years from the date on which the training was given.

          Amended on (15 April, 2019).

          • Guidance

            1. The Regulator considers it appropriate that all new relevant Employees of a Relevant Person be given appropriate Anti-Money Laundering training as soon as reasonably practicable after commencing employment with the Relevant Person, and thereafter on a periodic basis.
            2. A relevant Employee would include a member of the Senior Management or operational staff, any Employee with customer contact or which handles or may handle customer monies or assets, and any other Employee who might otherwise encounter money laundering in the business.
            3. Relevant Persons should take an RBA to Anti-Money Laundering training. The Regulator considers that Anti-Money Laundering training should be provided by a Relevant Person to each of its relevant Employees at intervals appropriate to the role and responsibilities of the Employee. In the case of an Authorised Person the Regulator expects that training should be provided to each relevant Employee at least annually.
            4. The manner in which Anti‐Money Laundering training is provided by a Relevant Person need not be in a formal classroom setting, rather it may be via an online course or any other similarly appropriate manner.
            Amended on (3 February, 2020).

    • AML 14. AML 14. Suspicious Activity Reports

      • AML 14.1 AML 14.1 Application and definitions

        • AML 14.1.1

          In this Chapter "money laundering" and "terrorist financing" means the criminal offences defined in Federal AML Legislation.

          Amended on (15 April, 2019).

      • AML 14.2 AML 14.2 Internal reporting requirements

        • AML 14.2.1

          A Relevant Person must establish and maintain policies, procedures, systems and controls in order to monitor and detect suspicious activity or Transactions in relation to potential money laundering or terrorist financing.

        • AML 14.2.2

          A Relevant Person must have policies, procedures, systems and controls to ensure that whenever any Employee, acting in the ordinary course of his employment, either:

          (a) knows;
          (b) suspects; or
          (c) has reasonable grounds for knowing or suspecting,

          that a Person is engaged in or attempting money laundering or terrorist financing, that Employee promptly notifies the Relevant Person's MLRO and provides the MLRO with all relevant details ("Internal Suspicious Activity Report").

        • AML 14.2.3 AML 14.2.3

          A Relevant Person must have policies and procedures to ensure that disciplinary action can be taken against any Employee who fails to make such a report.

          • Guidance

            1. Circumstances that might give rise to suspicion or reasonable grounds for suspicion include:
            a. Transactions which have no apparent purpose, which make no obvious economic sense, or which are designed or structured to avoid detection;
            b. Transactions requested by a Person without reasonable explanation, which are out of the ordinary range of services normally requested or are outside the experience of a Relevant Person in relation to a particular Customer;
            c. where the size or pattern of Transactions, without reasonable explanation, is out of line with any pattern that has previously emerged or are deliberately structured to avoid detection;
            d. a Customer's refusal to provide the information requested without reasonable explanation;
            e. where a Customer who has just entered into a business relationship uses the relationship for a single Transaction or for only a very short period of time;
            f. an extensive use of offshore accounts, companies or structures in circumstances where the Customer's economic needs do not support such requirements;
            g. unnecessary routing of funds through third party accounts; or
            h. unusual Transactions without an apparently profitable motive.
            2. The requirement for Employees to notify the Relevant Person's MLRO should include situations when no business relationship was developed because the circumstances were suspicious.
            3. A Relevant Person may allow its Employees to consult with their line managers before sending a report to the MLRO. The Regulator would expect that such consultation does not prevent making a report whenever an Employee has stated that he has knowledge, suspicion or reasonable grounds for knowing or suspecting that a Person may be involved in money laundering. Whether or not an Employee consults with his line manager or other Employees, the responsibility remains with the Employee to decide for himself whether a notification to the MLRO should be made.
            4. An Employee, including the MLRO, who considers that a Person is engaged in or engaging in activity that he knows or suspects to be suspicious would not be expected to know the exact nature of the criminal offence or that the particular funds were definitely those arising from the crime of money laundering or terrorist financing.
            5. CDD measures form the basis for recognising suspicious activity. Sufficient guidance must therefore be given to the Relevant Person's Employees to enable them to form a suspicion or to recognise when they have reasonable grounds to suspect that money laundering or terrorist financing is taking place. This should involve training that will enable relevant Employees to seek and assess the information that is required for them to judge whether a Person is involved in suspicious activity related to money laundering or terrorist financing.
            6. A Transaction that appears unusual is not necessarily suspicious. Even Customers with a stable and predictable Transaction profile will have periodic Transactions that are unusual for them. Many Customers will, for perfectly good reasons, have an erratic pattern of Transactions or account activity. So the unusual is, in the first instance, only a basis for further inquiry, which may in turn require judgement as to whether it is suspicious. A Transaction or activity may not be suspicious at the time, but if suspicions are raised later, an obligation to report then arises.
            7. Effective CDD measures may provide the basis for recognising unusual and suspicious activity. Where there is a Customer relationship, suspicious activity will often be one that is inconsistent with a Customer's known legitimate activity, or with the normal business activities for that type of account or Customer. Therefore, the key to recognising "suspicious activity" is knowing enough about the Customer and the Customer's normal expected activities to recognise when their activity is abnormal.
            8. A Relevant Person may consider implementing policies and procedures whereby disciplinary action is taken against an Employee who fails to notify the Relevant Person's MLRO.

      • AML 14.3 AML 14.3 External Suspicious Activity Report

        • AML 14.3.1

          A Relevant Person must ensure that where the Relevant Person's MLRO receives a notification under Rule 14.2.2, the MLRO, without delay:

          (a) investigates and documents the circumstances in relation to which the notification made under Rule 14.2.2 was made;
          (b) determines whether in accordance with Federal Law No. 4 of 2002 an external Suspicious Activity Report must be made to the AMLSCU and documents such determination;
          (c) if required, makes an external Suspicious Activity Report to the AMLSCU as soon as practicable; and
          (d) notifies the Regulator of the making of such Suspicious Activity Report immediately following its submission to the AMLSCU.

        • AML 14.3.2

          The MLRO must document:

          (a) the steps taken to investigate the circumstances in relation to which an Internal Suspicious Activity Report is made; and
          (b) where no external Suspicious Activity Report is made to the AMLSCU, the reasons why no such report was made.

        • AML 14.3.3

          Where, following a notification to the MLRO under 14.2.2, no external Suspicious Activity Report is made, a Relevant Person must record the reasons for not making an external Suspicious Activity Report.

        • AML 14.3.4 AML 14.3.4

          A Relevant Person must ensure that if the MLRO decides to make an external Suspicious Activity Report, his decision is made independently and is not subject to the consent or approval of any other Person.

          • Guidance

            1. Relevant Persons are reminded that the failure to report suspicions of money laundering or terrorist financing may constitute a criminal offence that is punishable under the laws of the U.A.E.
            2. Suspicious Activity Reports under Federal Law No. 4 of 2002 should be emailed to the AMLSCU. The dedicated email address and the template for making a Suspicious Activity Report are available on the Regulator's website.
            3. In the preparation of a Suspicious Activity Report, if a Relevant Person knows or assumes that the funds which form the subject of the report do not belong to a Customer but to a third party, this fact and the details of the Relevant Person's proposed course of further action in relation to the case should be included in the report.
            4. If a Relevant Person has reported a suspicion to the AMLSCU, the AMLSCU may instruct the Relevant Person on how to continue its business relationship, including effecting any Transaction with a Person. If the Customer in question expresses his wish to move the funds before the Relevant Person receives instruction from the AMLSCU on how to proceed, the Relevant Person should immediately contact the AMLSCU for further instructions.

      • AML 14.4 AML 14.4 Suspension of Transaction and No Tipping-off Requirement

        • AML 14.4.1 AML 14.4.1

          A Relevant Person must not carry out Transactions which it knows or suspects or has reasonable grounds for knowing or suspecting to be related to Money Laundering until it has informed the AMLSCU and the Regulator pursuant to Rule 14.3.

          • Guidance

            1. Relevant Persons are reminded that in accordance with Article 16 of Federal Law No. 4 of 2002, Relevant Persons or any of their Employees must not tip-off any Person, that is, inform any Person that he is being scrutinised for possible involvement in suspicious activity related to money laundering, or that any other competent authority is investigating his possible involvement in suspicious activity relating to money laundering.
            2. If a Relevant Person reasonably believes that performing CDD measures will tip-off a Customer or potential Customer, it may choose not to pursue that process and should file a Suspicious Activity Report. Relevant Persons should ensure that their Employees are aware of and sensitive to these issues when considering the CDD measures.

      • AML 14.5 AML 14.5 Record-keeping

        • AML 14.5.1

          All relevant details of any internal or external Suspicious Activity Report pursuant to Rules 14.2 and 14.3 must be kept for at least 10 years from the date on which the report was made.

      • AML 14.6 AML 14.6 Freezing of assets

        • Guidance

          It may also apply to ADGM Courts for an order restraining a Person from transferring or disposing of any assets suspected of relating to money laundering. In cases involving suspected money laundering, the FSRA will usually take such action in co-ordination with the FIU.

          Added on (15 April, 2019).

    • AML 15. AML 15. General Obligations

      • AML 15.1 AML 15.1 Groups, Branches and subsidiaries

        • AML 15.1.1 AML 15.1.1

          (1) A Relevant Person which is an ADGM Entity must ensure that its policies, procedures, systems and controls required by Rule 6.2.1 apply to:
          (a) any of its Branches or Subsidiaries; and
          (b) any of its Group entities in the ADGM.
          (2) Where the regulator of another jurisdiction does not permit the implementation of policies, procedures, systems and controls consistent with those of the Relevant Person, the Relevant Person must:
          (a) inform the Regulator in writing; and
          (b) apply appropriate additional measures to manage the money laundering risks posed by the relevant Branch or Subsidiary.

          • Guidance

            A Relevant Person which is an ADGM Entity should conduct a periodic review to verify that any Branch or Subsidiary operating in another jurisdiction is in compliance with the obligations imposed under these Rules.

        • AML 15.1.2 AML 15.1.2

          A Relevant Person must:

          (a) communicate the policies and procedures which it establishes and maintains in accordance with these Rules to its Group entities, Branches and Subsidiaries; and
          (b) document the basis for its satisfaction that the requirement in Rule 15.1.1(2)(b) is met.

          • Guidance

            In relation to an Authorised Person, if the Regulator is not satisfied in respect of AML compliance of its Branches and Subsidiaries in a particular jurisdiction, it may take action, including making it a condition of the Authorised Person's Financial Services Permission that it must not operate a Branch or Subsidiary in that jurisdiction.

      • AML 15.2 AML 15.2 Group policies

        • AML 15.2.1

          A Relevant Person which is part of a Group must ensure that it:

          (a) understands the policies and procedures covering the sharing of information between Group entities, particularly when sharing CDD information;
          (b) has in place adequate safeguards on the confidentiality and use of information exchanged between Group entities, including consideration of relevant data protection legislation;
          (c) remains aware of the money laundering risks of the Group as a whole and of its exposure to the Group and takes active steps to mitigate such risks;
          (d) contributes to a Group-wide risk assessment to identify and assess money laundering risks for the Group; and
          (e) provides its Group-wide compliance, audit and AML functions with Customer account and Transaction information from Branches and Subsidiaries when necessary for AML purposes.

      • AML 15.3 AML 15.3 Notifications

        • AML 15.3.1

          A Relevant Person must inform the Regulator in writing as soon as possible if, in the course of its activities carried on in or from the ADGM or in relation to any of its Branches or Subsidiaries, it:

          (a) receives a request for information from a regulator or agency responsible for AML or Sanctions regarding enquiries into potential money laundering or terrorist financing or Sanctions breaches;
          (b) becomes aware, or has reasonable grounds to believe, that the following has or may have occurred in or through its business:
          (a) money laundering, contrary to Federal Law No. 4 of 2002 regarding 'Criminalisation of Money Laundering', Federal Decree Law No. 1 of 2004 regarding 'Combating Terrorism Offences', or Federal Law No. 4 of 2014 regarding 'Combating Terrorist Crimes';
          (b) a breach of Sanctions; or
          (c) acts amounting to bribery under the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions;
          (c) becomes aware of any money laundering or Sanctions matter in relation to the Relevant Person or a member of its Group which could result in adverse reputational consequences to the Relevant Person; or
          (d) becomes aware of any a significant breach of a Rule in the AML Rulebook or breach of Federal Law No. 4 of 2002 or Federal Law No. 1 of 2004 by the Relevant Person or any of its Employees.

        • AML 15.3.2

          A Relevant Person must inform the Regulator in writing as soon as possible if, in the course of its activities carried on in or from the ADGM, it suspects or becomes aware that another Person outside of its business is engaged in:

          (a) money laundering, contrary to Federal Law No. 4 of 2002 regarding 'Criminalisation of Money Laundering', Federal Decree Law No. 1 of 2004 regarding 'Combating Terrorism Offences', or Federal Law No. 4 of 2014 regarding 'Combating Terrorist Crimes';
          (b) a breach of Sanctions; or
          (c) acts amounting to bribery under the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions.

          This requirement does not apply to information or documents that are legally privileged or in the public domain.

      • AML 15.4 AML 15.4 Record keeping

        • AML 15.4.1

          A Relevant Person must, where relevant, maintain the following records:

          (a) a copy of all documents and information obtained in undertaking initial and on-going CDD or business partners due diligence;
          (b) the supporting records (consisting of the original documents or certified copies) in respect of the Customer business relationship, including Transactions;
          (c) notifications made under Rule 14.2.2;
          (d) Suspicious Activity Reports and any relevant supporting documents and information, including internal findings and analysis;
          (e) any relevant communications with the AMLSCU;
          (f) the documents in Rule 15.4.2; and
          (g) the relevant details of any Transaction carried out by the Relevant Person with or for a Customer,

          for at least 10 years from the date on which the notification or report was made, the business relationship ends or the Transaction is completed, whichever occurs last.

        • AML 15.4.2

          A Relevant Person must document, and provide to the Regulator on request, any of the following:

          (a) the risk assessment of its business undertaken under Rule 6.1.1;
          (b) how the assessment in (a) was used for the purposes of complying with Rule 7.2.1(1);
          (c) the risk assessment of the Customer undertaken under Rule 7.2.1(1)(a); and
          (d) the determination made under Rule 7.2.1(1)(b).

        • AML 15.4.3 AML 15.4.3

          The records maintained by a Relevant Person must be kept in such a manner that:

          (a) the Regulator or another competent third party is able to assess the Relevant Person's compliance with legislation applicable in the ADGM;
          (b) any Transaction which was processed by or through the Relevant Person on behalf of a Customer or other third party can be reconstructed;
          (c) any Customer or third party can be identified;
          (d) all Internal and external Suspicious Activity Reports can be identified; and
          (e) the Relevant Person can satisfy, within an appropriate time, any regulatory enquiry or court order to disclose information.

          • Guidance

            1. The records required to be kept under Rule 15.4.1 may be kept in electronic format, provided that such records are readily accessible and available to respond promptly to any Regulator requests for information.
            2. If the date on which the business relationship with a Customer has ended remains unclear, it may be taken to have ended on the date of the completion of the last Transaction.
            3. The records maintained by a Relevant Person should be kept in such a manner that:
            a. the Regulator or another competent authority is able to assess the Relevant Person's compliance with legislation applicable in the ADGM;
            b. any Transaction which was processed by or through the Relevant Person on behalf of a Customer or other third party can be reconstructed;
            c. any Customer or third party can be identified; and
            d. the Relevant Person can satisfy, within an appropriate time, any regulatory enquiry or court order to disclose information.

        • AML 15.4.4

          Where the records referred to in Rule 15.4.1 are kept by the Relevant Person outside the ADGM, a Relevant Person must:

          (a) take reasonable steps to ensure that the records are held in a manner consistent with these Rules;
          (b) ensure that the records are easily accessible to the Relevant Person; and
          (c) upon request by the Regulator, ensure that the records are available for inspection within a reasonable period of time.

        • AML 15.4.5

          A Relevant Person must:

          (a) verify if there is secrecy or data protection legislation that would restrict access without delay to the records referred to in Rule 15.4.1 by the Relevant Person, the Regulator or the law enforcement agencies of the U.A.E.; and
          (b) where such legislation exists, obtain without delay certified copies of the relevant records and keep such copies in a jurisdiction which allows access by those Persons in (a).

        • AML 15.4.6 AML 15.4.6

          A Relevant Person must be able to demonstrate that it has complied with the training and awareness requirements in Chapter 13 through appropriate measures, including the maintenance of relevant training records.

          • Guidance

            The Regulator considers that "appropriate measures" in Rule 15.4.6 may include the maintenance of a training log setting out details of:

            a. the dates when the training was given;
            b. the nature of the training; and
            c. the names of Employees who received the training.

      • AML 15.5 AML 15.5 Annual AML Return

        • AML 15.5.1

          A Relevant Person which is:

          (a) an Authorised Person or Recognised Body; or
          (b) an auditor,

          must complete the AML Return form on an annual basis and retain the AML Return for inspection by the Regulator upon the Regulator's request.

      • AML 15.6 AML 15.6 Communication with the Regulator

        • AML 15.6.1

          A Relevant Person must:

          (a) be open and cooperative in all its dealings with the Regulator; and
          (b) ensure that any communication with the Regulator is conducted in the English language.

      • AML 15.7 AML 15.7 Employee disclosures

        • AML 15.7.1 AML 15.7.1

          A Relevant Person must ensure that it does not prejudice an Employee who discloses any information regarding money laundering to the Regulator or to any other relevant body involved in the prevention of money laundering.

          • Guidance

            The Regulator considers that "relevant body" in Rule 15.7.1 would include the AMLSCU or another financial intelligence unit, the police, or an Abu Dhabi or Federal ministry.

    • AML 15. AML 15. DNFBP Registration And Supervision

      Chapter 15 in this version of AML is new material with Chapter 15 (General Obligations) from the previous version being incorporated into Chapter 4 in this version of AML.

      • Guidance

        1. FSMR gives the Regulator a power to supervise DNFBPs' compliance with relevant Anti-Money Laundering laws in the State. FSMR also gives the Regulator a number of other powers in relation to DNFBPs, including powers of enforcement. This includes a power to obtain information and to conduct investigations into possible breaches of the FSMR. The Regulator may also impose fines for breaches of FSMR or the Rules. It may also suspend or withdraw the registration of a DNFBP in various circumstances.
        2. The Regulator takes a risk-based approach to regulation of persons which it supervises. Generally, the Regulator will work with DNFBPs to identify, assess, mitigate and control relevant risks where appropriate. The Guidance & Policies Manual ("GPM") describes the Regulator's enforcement powers under FSMR and outlines its policy for using these powers.
        3. Rule 15.1.1 requires a DNFBP to be registered by the Regulator to conduct its activities in the ADGM. Rule 15.2.1 sets out the criteria a DNFBP must meet to be registered.
        4. A DNFBPs is defined in Rule 3.2.1 and includes the following class of persons whose business is carried out in the ADGM:
        a. a real estate agency which carries out transactions with other Persons that involve the acquiring or disposing of real property;
        b. a dealer in precious metals or precious stones;
        c. a dealer in any saleable item of a price equal to or greater than USD15,000;
        d. an accounting firm, audit firm, insolvency firm or taxation consulting firm;
        e. a law firm, notary firm or other independent legal business; or
        f. a Company Service Provider.
        5. In determining if a Person is a DNFPB the Regulator will adopt a 'substance over form' approach. That is, it will consider what business or profession is in fact being carried on, and its main characteristics, and not just what business or profession the person purports, or is licensed, to carry on in the ADGM.
        6. The Regulator considers that a "law firm, notary firm or other independent legal business, includes any business or profession that involves a legal service, including advice or services related to laws in the U.A.E. The Regulator does not consider it necessary for the purposes of the definition that the:
        a. Person is licensed to provide legal services in the U.A.E; or
        b. the individuals or employees providing the legal service are qualified or authorised to do so.
        7. The Regulator considers that that "accounting firm, audit firm, insolvency firm or taxation consulting firm", includes forensic accounting services that use accounting skills, principles and techniques to investigate suspected illegal activity or to analyse financial information for use in legal proceedings.
        Added on (15 April, 2019).

      • AML 15.1 AML 15.1 DNFBP Prohibition

        • AML 15.1.1

          A person who is a DNFBP must not carry on any activities in or from the ADGM unless that person is registered under AML 15.4 by the Regulator as a DNFBP.

           

        • AML 15.1.2

          The Regulator may delegate its powers for the registration, suspension and cancellation of the a DNFBP's registration of a DNFBP to the Registrar of Companies.

           

      • AML 15.2 AML 15.2 Criteria for Registration as a DNFBP

        • AML 15.2.1

          (1) To be registered as a DNFBP, an applicant must demonstrate to the Regulator's satisfaction that:
          (a) it is fit and proper to perform anti-money laundering functions; and
          (b) it has adequate resources, systems and controls, including policies and procedures, to comply with all applicable anti-money laundering requirements under Federal AML legislation, FSMR and these Rules;
          (2) In assessing if an applicant is fit and proper under (1)(a), the Regulator may, without limiting the matters it may take into account under that paragraph, consider the applicant, its senior management, its Beneficial Owners, other entities in its Group and any other Person with whom it has a relationship.
          (3) The Regulator will in assessing if an applicant is fit and proper, consider the cumulative effect of matters that, if considered individually, may be regarded as insufficient to give reasonable cause to doubt the fitness and propriety of the applicant.

           

      • AML 15.3 AML 15.3 Application for Registration as a DNFBP

        • AML 15.3.1

          A person may apply to the Regulator to be registered as a DNFBP by completing and submitting the appropriate form.

           

        • AML 15.3.2

          The Regulator may require an applicant to provide additional information or documents reasonably required by the Regulator for it to be able to consider an application for registration including, but not limited to, information or documents relating to the activities, ownership, group structure, financial and other resources of the applicant.

           

        • AML 15.3.3

          Where, at any time between filing an application and the grant or refusal of registration as a DNFBP, an applicant becomes aware of a material change in its circumstances that is reasonably likely to be relevant to its application it shall inform the Regulator in writing of the change without delay.

           

        • AML 15.3.4

          Any person who is a DNFBP upon the making of this Chapter and was previously a Relevant Person prior to the making of this Chapter:

          (a) is deemed to be registered as a DNFBP at the time of the making of this Chapter; and
          (b) must apply for registration under Rule 15.3:
          (i) within 12 months of the making of this Chapter; or
          (ii) at the date of the renewal of its Commercial Licence under the Commercial Licensing Regulations 2015;

          whichever comes first.

           

      • AML 15.4 AML 15.4 Grant of an Application

        • AML 15.4.1

          The Regulator may grant an application for DNFBP registration as a DNFBP if it is wholly satisfied that the applicant meets the criteria for registration under Rule 15.3.1.

           

        • AML 15.4.2

          Where the Regulator decides to register a DNFBP, it shall as soon as is practicable inform the applicant in writing of that decision and of the date on which registration is to take effect.

           

      • AML 15.5 AML 15.5 Refusal of an Application

        • AML 15.5.1

          The Regulator may refuse to grant an application for DNFBP registration where it is not wholly satisfied that the applicant meets the criteria for registration under Rule 15.3.1.

           

      • AML 15.6 AML 15.6 DNFBP Notifications

        • AML 15.6.1

          A DNFBP must promptly notify the Regulator of any change in its:

          (a) name;
          (b) legal status;
          (c) address;
          (d) MLRO;
          (e) senior management; or
          (f) Beneficial ownership.

           

        • AML 15.6.2

          (1) A DNFBP must notify the Regulator in writing at least fourteen days in advance of it ceasing to carry on the business activities that establishes it as a DNFBP.
          (2) The notice must include a request to cancel its registration, an explanation of the reason for the DNFBP ceasing business, the planned date of the cessation of its activities, and copies of any relevant documents must be submitted with the notice.

           

      • AML 15.7 AML 15.7 Suspension and withdrawal of DNFBP Registration

        • AML 15.7.1

          (1) The Regulator may suspend the registration of a DNFBP at the request of the DNFBP or on its own initiative.
          (2) The Regulator may withdraw the registration of a DNFBP:
          (a) at the request of the DNFBP;
          (b) if the Registrar of Companies notifies it that the DNFBP no longer holds the relevant commercial licence to operate in the ADGM; or
          (c) on its own initiative.

           

        • AML 15.7.2

          (1) The Regulator may exercise its power on its own initiative under Rule 15.7.1 (1) or (2)(c) where:

          (a) the DNFBP no longer meets the criteria for DNFBP registration;
          (b) the DNFBP is in breach of, or has been in breach of, the Law or Rules or other Anti-Money Laundering Legislation;
          (c) the DNFBP is insolvent or entering into administration;
          (d) the DNFBP is no longer carrying on business in the ADGM; or
          (e) the Regulator considers that exercising the power is necessary or desirable in the pursuit of its objectives in section 1.(3).

           

      • AML 15.8 AML 15.8 Disclosure of regulatory status

        • AML 15.8.1

          A DNFBP must not:

          (a) misrepresent its regulatory status with respect to the Regulator expressly or by implication; or
          (b) use or reproduce the logo of the Regulator without express written permission from the Regulator and in accordance with any conditions for use imposed by the Regulator.

           

      • AML 15.9 AML 15.9 Co-ordination between the Regulator and the Registrar of Companies

        • AML 15.9.1

          (1) The Registrar of Companies shall not grant a person who is a DNFBP a commercial licence to operate in the ADGM until the Regulator has confirmed to the Registrar of Companies that it intends to register the person as a DNFBP.
          (2) The Regulator shall as soon as is practicable notify the Registrar of Companies where it suspends or withdraws the registration of a DNFBP.
          (3) The Registrar of Companies shall as soon as is practicable suspend or withdraw (as the case may be) the commercial licence of the DNFBP where it receives a notification under (2).

           

    • AML 16. AML 16. Non-Profit Organisations ("NPOs")

      • AML 16.1 AML 16.1 Responsibility for NPO compliance

        • AML 16.1.1

          An NPO's Governing Body is responsible for establishing, maintaining and monitoring the NPO's obligations under this chapter.

           

        • AML 16.1.2

          An NPO must maintain information on the following:

          (a) the purpose and objectives of its stated activities;
          (b) the identity of the persons who own, control or direct its activities, including the Governing Body and senior management;
          (c) the relevant controls that have been put in place to ensure that all funds are fully accounted for, and are spent in a manner that is consistent with the purpose and objectives of its stated activities; and
          (d) the relevant measures that it has taken to confirm the identity, credentials and good standing of beneficiaries and associated NPOs to ensure that they are not involved with terrorists or terrorist organisations or use its charitable funds to support.

           

      • AML 16.2 AML 16.2 Record Keeping

        • AML 16.2.1

          An NPO must maintain for a period of at least six years records of its obligations required under Rule 16.1.2, covering both domestic and international transactions, which are sufficiently detailed to verify that funds have been received and spent in a manner consistent with the purpose and objectives of the NPO.

           

      • AML 16.3 AML 16.3 Cooperation

        • AML 16.3.1

          An NPO must deal with the Regulator in an open and co-operative manner and keep the Regulator informed of significant events or anything else relating to the NPO of which the Regulator would be reasonable expect to be notified.

           

        • AML 16.3.2

          An NPO must, at the request of the Regulator:

          (a) give or procure the giving of specified information, Documents, files, tapes, computer data or other material in the NPO's possession or control to the Regulator;
          (b) make its Employees readily available for meetings with the Regulator;
          (c) give the Regulator access to any information, Documents, records, files, tapes, computer data or systems, which are within the NPO's possession or control and provide any facilities to the Regulator;
          (d) permit the Regulator to copy Documents or other material on the premises of the NPO at the NPO's expense;
          (e) provide any copies of those Documents or other material as requested by the Regulator; and
          (f) answer truthfully, fully and promptly, all questions which are put to it by the Regulator.

           

    • AML APP 1 AML APP 1 [DELETED]

      • AML A1.1 [Deleted]

        Deleted on (15 April, 2019).

      • AML A1.2 [Deleted]

        Deleted on (15 April, 2019).

      • AML A1.3 [Deleted]

        Deleted on (15 April, 2019).

      • AML A1.4 [Deleted]

        Deleted on (15 April, 2019).

      • AML A1.5 [Deleted]

        Deleted on (15 April, 2019).