Financial institutions will be assisted with understanding risks and the effective implementation of their statutory obligations
File photo
The Central Bank of the UAE (CBUAE) has issued new guidance on anti-money laundering and combatting the financing of terrorism (AML/CFT) for licensed financial institutions (LFIs) including banks, finance companies, exchange houses and insurance companies, agents and brokers.
The guidance, which comes into effect immediately, will assist financial institutions in understanding risks and effective implementation of their statutory AML/CFT obligations and takes Financial Action Task Force (FATF) standards into account.
The Guidance requires LFIs to demonstrate compliance with its requirements in line with the relevant CBUAE notice.
The guidance discusses the use of digital ID systems by LFIs to address their customer due diligence (CDD) obligations. It focuses on the Digital ID mechanisms that LFIs should employ to perform CDD on an ongoing basis in relation to natural persons.
The guidance specifically discusses identity proofing, enrollment and authentication mechanisms in relation to LFIs’ use of digital ID systems. LFIs are also required to utilise technology best practices, adequate governance and well-defined policies and procedures.
Moreover, LFIs should leverage data generated by authentication (IP addresses for example) for ongoing CDD and transaction monitoring with a view to detect suspicious customer behaviour and/or transactions in, to or from sanctioned and high-risk jurisdictions. LFIs are permitted to rely on customer identification and verification undertaken by a third party at onboarding provided:
LFIs should take adequate measures to address the inherent technology and security challenges presented by digital ID systems. LFIs should implement and enforce necessary safeguards to reduce identity proofing and enrolment risks, including cyber attacks, security breaches and the use of stolen, falsified or synthetic ID details, given the increasing complexity and severity of cyber breaches.
LFIs are expected to conduct adequate assurance level and appropriateness assessments on the digital ID systems they choose. They are also expected to implement and enforce adequate assurance protocols regarding the accuracy of digital ID systems and may perform the assurance reviews directly or obtain audit or assurance certification details from an expert body.
Khaled Mohamed Balama, Governor of the CBUAE, said, “The Central Bank is working closely with the Licensed Financial Institutions to ensure their full compliance and understanding of the guidances that we issue regularly. This guidance on the use of digital ID for Customer Due Diligence obligations, will enhance the anti-money laundering and combatting the financing of terrorism framework, and will mitigate the potential risks in order to safeguard the UAE’s financial system."
ALSO READ: