Entire Section

  • AML 6.1 AML 6.1 Assessing Customer AML Risks

    • AML 6.1.1

      (1) A Relevant Person must:
      (a) undertake a risk-based assessment of every customer; and
      (b) assign the customer a risk rating proportionate to the customer's money laundering risks.
      (2) The customer risk assessment in (1) must be completed prior to undertaking Customer Due Diligence for new customers, and whenever it is otherwise appropriate for existing customers.
      (3) When undertaking a risk-based assessment of a customer under (1)(a) a Relevant Person must:
      (a) identify the customer and any Beneficial Owner;
      (b) obtain information on the purpose and intended nature of the business relationship;
      (c) obtain information on, and take into consideration, the nature of the customer's business;
      (ca) take into consideration the nature of the customer, its ownership and control structure, and its Beneficial Owner (if any);
      (d) take into consideration the nature of the customer business relationship with the Relevant Person;
      (e) take into consideration the customer's country of origin, residence, nationality, place of incorporation or place of business;
      (f) take into consideration the relevant product, service or transaction;
      (fa) if it is providing a customer with a life insurance or other similar policy, take into consideration the beneficiary of the policy and any Beneficial Owner of the beneficiary; and
      (g) take into consideration the outcomes of business risk assessment under chapter 5.
      Derived from RM117/2013 [VER9/07-13]
      [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
      [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

    • Factors that may indicate higher money laundering risk

      • AML 6.1.2

        (1) When assessing if there is a high risk of money laundering in a particular situation, a Relevant Person must take into account, among other things:
        (a) customer risk factors, including whether:
        (i) the business relationship is conducted in unusual circumstances;
        (ii) the customer is resident, established or registered in a geographical area of high risk (as set out in paragraph (c));
        (iii) the customer is a legal person or legal arrangement that is a vehicle for holding personal assets;
        (iv) the customer is a company that has nominee shareholders or shares in bearer form;
        (v) the customer is a business that is cash intensive, such as a business that receives a majority of its revenue in cash; and
        (vi) the corporate structure of the customer is unusual or excessively complex given the nature of the business;
        (b) product, service, transaction or delivery channel risk factors, including whether:
        (i) the service involves private banking;
        (ii) the product, service or transaction is one that might favour anonymity;
        (iii) the situation involves non face-to-face business relationships or transactions, without certain safeguards, such as electronic signatures;
        (iv) payments will be received from unknown or unassociated third parties;
        (v) new products and new business practices are involved, including new delivery mechanisms or the use of new or developing technologies for both new and pre-existing products; and
        (vi) the service involves the provision of nominee directors, nominee shareholders or shadow directors, or the formation of companies in another country; and
        (c) geographical risk factors, including:
        (i) countries identified in reports by credible sources, such as mutual evaluations, detailed assessment reports or follow-up reports, as:
        (A) not having effective systems to counter money laundering; or
        (B) not implementing requirements to counter money laundering that are consistent with FATF Recommendations;
        (ii) countries identified by credible sources as having significant levels of corruption or other criminal activity, such as terrorism, money laundering or the production and supply of illicit drugs;
        (iii) countries subject to sanctions, embargos or similar measures issued by, for example, the United Nations or the State;
        (iv) countries providing funding or support for terrorism; and
        (v) countries that have organisations operating within their territory that have been designated by the State, other countries or International Organisations as terrorist organisations.
        (2) For the purposes of (1)(c), a credible source includes, but is not limited to, FATF, the IMF, the World Bank, the OECD and other International Organisations.
        (3) When assessing the risk factors referred to in (1), Relevant Persons must bear in mind that the presence of one or more risk factors may not always indicate a high risk of money laundering in a particular situation.
        Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

    • Factors that may indicate lower money laundering risk

      • AML 6.1.3

        (1) When assessing if there is a low risk of money laundering in a particular situation, a Relevant Person must take into account, among other things:
        (a) customer risk factors, including whether the customer is:
        (i) a public body or a publicly owned enterprise;
        (ii) resident, established or registered in a geographical area of lower risk (as set out in paragraph (c));
        (iii) an Authorised Person;
        (iv) a Regulated Financial Institution that is subject to regulation and supervision, including AML regulation and supervision, in a jurisdiction with AML regulations that are equivalent to the standards set out in the FATF Recommendations;
        (v) a Subsidiary of a Regulated Financial Institution referred to in (iv), if the law that applies to the Parent ensures that the Subsidiary also observes the same AML standards as its Parent;
        (vi) a company whose Securities are listed by the DFSA, another Financial Services Regulator or a Regulated Exchange and which is subject to disclosure obligations broadly equivalent to those set out in the Markets Rules;
        (vii) a law firm, notary firm or other legal business that carries on its business in or from the DIFC; and
        (viii) an accounting firm, insolvency firm, Registered Auditor or other audit firm that carries on its business in or from the DIFC;
        (b) product, service, transaction or delivery channel risk factors, including whether the product or service is:
        (i) a Contract of Insurance that is non-life insurance;
        (ii) a Contract of Insurance that is a life insurance product with no investment return or redemption or surrender value;
        (iii) an insurance policy for a pension scheme that does not provide for an early surrender option and cannot be used as collateral;
        (iv) a Contract of Insurance which is a reinsurance contract that is ceded by an insurer who is a Regulated Financial Institution;
        (v) a pension, superannuation or similar scheme that satisfies the following conditions:
        (A) the scheme provides retirement benefits to employees;
        (B) contributions to the scheme are made by way of deductions from wages; and
        (C) the scheme rules do not permit the assignment of a member's interest under the scheme; and
        (vi) a product where the risks of money laundering are adequately managed by other factors such as transaction limits or transparency of ownership; and
        (c) geographical risk factors, including whether:
        (i) a country has been identified by credible sources as having effective systems to counter money laundering;
        (ii) a country is identified by credible sources as having a low level of corruption or other criminal activity, such as terrorism, money laundering, or the production and supply of illicit drugs; and
        (iii) on the basis of reports by credible sources, such as mutual evaluations, detailed assessment reports or follow-up reports, a country:
        (A) has requirements to counter money laundering that are consistent with the FATF Recommendations; and
        (B) effectively implements those Recommendations.
        (2) For the purposes of (1)(c), a credible source includes, but is not limited to, FATF, the IMF, the World Bank, the OECD and other International Organisations.
        (3) When assessing the risk factors referred to in (1), Relevant Persons must bear in mind that the presence of one or more risk factors may not always indicate a low risk of money laundering in a particular situation.
        Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

    • Business relationship not to be established if ownership arrangements prevent identification of beneficial owners

      • AML 6.1.4 AML 6.1.4

        A Relevant Person must not establish a business relationship with the customer which is a legal person or legal arrangement if the ownership or control arrangements of the customer prevent the Relevant Person from identifying one or more of the customer's Beneficial Owners.

        Derived from RM117/2013 [VER9/07-13]
        [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

        • AML 6.1.2 Guidance [Deleted]

          [Deleted] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

        • AML 6.1.2 Guidance [Deleted]

          [Deleted] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

        • AML 6.1.2 [Deleted]

          [Deleted] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

    • Shell Banks

      • AML 6.1.5

        A Relevant Person must not establish or maintain a business relationship with a Shell Bank.

        Derived from RM196/2016 (Made 7th December 2016). [VER13/02-17]
        [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

    • Anonymous or fictitious accounts

      • AML 6.1.6

        A Relevant Person must not establish or maintain an anonymous account, an account in a fictitious name, or a nominee account which is held in the name of one person but which is controlled by or held for the benefit of another person whose identity has not been disclosed to the Relevant Person.

        Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
        [Amended] by DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

    • Use of numbered or abbreviated accounts for internal purposes

      • AML 6.1.7 AML 6.1.7

        If a Relevant Person uses a numbered account or an account with an abbreviated name, it must ensure that:

        (a) such an account is used only for internal purposes;
        (b) it has undertaken the same Customer Due Diligence procedures in relation to the account holder as are required for other account holders;
        (c) it maintains the same information in relation to the account and account holder as is required for other accounts and account holders; and
        (d) staff performing AML functions, including staff responsible for identifying and monitoring transactions for suspicious activity, and staff performing compliance and audit functions, have full access to information about the account and the account holder.
        Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

        • Guidance on the customer risk assessment

          1. The risk assessment of a customer, which is illustrated in figure 3 above, requires a Relevant Person to allocate an appropriate risk rating to every customer. The DFSA would expect risk ratings to be either descriptive, such as "low", "medium" or "high", or a sliding numeric scale such as 1 for the lowest risk to 10 for the highest. Depending on the outcome of a Relevant Person's assessment of its customer's money laundering risk, a Relevant Person should decide to what degree CDD will need to be performed. For a high risk customer, the Relevant Person will need to undertake Enhanced CDD under AML section 7.4 as well as the normal CDD set out in AML section 7.3. For a low risk customer, the Relevant Person may be able to undertake Simplified CDD in accordance with AML section 7.5. For any other customer, the Relevant Person will be required to undertake the normal CDD set out in AML section 7.3.
          2. Using the RBA, a Relevant Person could, when assessing two customers with near identical risk profiles, consider that one is high risk and the other low risk. This may occur, for example, where both customers may be from the same high risk country, but one customer may be a customer in relation to a low risk product or may be a long-standing customer of a Group company who has been introduced to the Relevant Person.
          3. In AML Rule 6.1.4, ownership arrangements which may prevent the Relevant Person from identifying one or more Beneficial Owners include bearer shares and other negotiable instruments in which ownership is determined by possession.
          Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
          [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

        • Guidance on the term "customer"

          4. The point at which a person becomes a customer will vary from business to business. However, the DFSA considers that it would usually occur at or prior to the business relationship being formalised, for example, by the signing of a customer agreement or the acceptance of terms of business.
          5. The DFSA does not consider that a person would be a customer of a Relevant Person merely because such person receives marketing information from a Relevant Person or where a Relevant Person refers a person who is not a customer to a third party (including a Group member).
          6. The DFSA considers that a counterparty would generally be a "customer" for the purposes of this module and would therefore require a Relevant Person to undertake CDD on such a person. However, this would not include a counterparty in a transaction undertaken on a Regulated Exchange. Nor would it include suppliers of ordinary business services, for consumption by the Relevant Person such as cleaning, catering, stationery, IT or other similar services.
          7. A Representative Office should not have any customers in relation to its DIFC operations.
          Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
          [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

        • Guidance on high risk customers [Deleted]

          [Deleted] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

        • Guidance on low risk customers [Deleted]

          [Deleted] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

        • Guidance on Shell Banks

          8. AML Rule 6.1.5 prohibits a Relevant Person from establishing or maintaining a business relationship with a Shell Bank. A Shell Bank is a bank that has no physical presence in the country in which it is incorporated or licensed, and is not affiliated with a regulated financial Group that is subject to effective consolidated supervision. The DFSA does not consider that the existence of a local agent or low level staff constitutes physical presence.
          Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
          [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

        • Guidance on fictitious and anonymous accounts

          9. A Relevant Person should note that, in addition to the prohibition in AML Rule 6.1.6 against establishing anonymous or fictitious accounts or accounts for unknown persons, the Federal AML legislation also prohibits the creation or keeping of records of bank accounts using pseudonyms, fictitious names or numbered accounts, without the account holder's name.
          Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
          [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]
          [Amended] DFSA RM258/2019 (Made 26th June 2019). [VER16/07-19]

        • Guidance on Tax Issues

          10. A Relevant Person should, when carrying out a customer risk assessment, consider and assess the tax crime risk associated with the customer and factor such risks into the overall risk assigned to that customer. Many of the factors described in AML Rule 6.1.2 on higher risk customers could also be an indicator of potential tax crimes. For example, the use of complex or unusual corporate structures, the customer's business not being located where the customer lives (without adequate explanation), unusual customer interface, or reluctance by the customer to communicate directly with the Relevant Person.
          11. If it is justified based on the risk assessment and where concerns arise, a Relevant Person may wish to seek comfort from its customers by obtaining disclosures or declarations to ascertain if a legitimate explanation exists for the concerns and therefore to allay those concerns.
          Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
          [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]