Entire Section

  • AML 7 AML 7 Customer Due Diligence

    Figure 4. CDD

    Derived from RM117/2013 [VER9/07-13]
    [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

    • AML 7.1 AML 7.1 Requirement to Undertake Customer Due Diligence

      • AML 7.1.1 AML 7.1.1

        (1) A Relevant Person must:
        (a) undertake Customer Due Diligence under AML section 7.3 for each of its customers; and
        (b) in addition to (a), undertake Enhanced Customer Due Diligence under AML Rule 7.4.1 in respect of any customer it has assigned as high risk.
        (2) A Relevant Person may undertake Simplified Customer Due Diligence in accordance with AML Rule 7.5.1 by modifying Customer Due Diligence under AML section 7.3 for any customer it has assigned as low risk.
        Derived from RM117/2013 [VER9/07-13]
        [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

        • AML 7.1.1 Guidance

          A Relevant Person should undertake CDD in a manner proportionate to the customer's money laundering risks identified under Rule 6.1.1(1). This means that all customers are subject to CDD under section 7.3. However, for high risk customers, additional Enhanced CDD measures should also be undertaken under section 7.4. For low risk customers, section 7.3 may be modified according to the risks in accordance with section 7.5.

          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

    • AML 7.2 AML 7.2 Timing of Customer Due Diligence

      • AML 7.2.1

        (1) A Relevant Person must except as otherwise provided in AML Rule 7.2.2 or in AML section 7.3:
        (a) undertake the appropriate Customer Due Diligence under AML Rule 7.3.1(1)(a) to (c) and AML section 7.3 when it is establishing a business relationship with a customer; and
        (b) undertake the appropriate Customer Due Diligence under AML Rule 7.3.1(1)(d) after establishing a business relationship with a customer.
        (2) A Relevant Person must also undertake appropriate Customer Due Diligence if, at any time:
        (a) in relation to an existing customer, it doubts the veracity or adequacy of documents, data or information obtained for the purposes of Customer Due Diligence;
        (b) it suspects money laundering in relation to a person; or
        (c) there is a change in risk-rating of the customer, or it is otherwise warranted by a change in circumstances of the customer.
        Derived from RM117/2013 [VER9/07-13]
        [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
        [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

      • Establishing a business relationship before verification

        • AML 7.2.2 AML 7.2.2

          (1) A Relevant Person may establish a business relationship with a customer before completing the verification required by AML Rule 7.3.1 if the following conditions are met:
          (a) deferral of the verification of the customer or Beneficial Owner is necessary in order not to interrupt the normal conduct of a business relationship;
          (b) there is little risk of money laundering occurring and any such risks identified can be effectively managed by the Relevant Person;
          (c) in relation to a bank account opening, there are adequate safeguards in place to ensure that the account is not closed and transactions are not carried out by or on behalf of the account holder (including any payment from the account to the account holder) before verification has been completed; and
          (d) subject to (2), the relevant verification is completed as soon as reasonably practicable and in any event no later than 30 days after the establishment of a business relationship.
          (2) Where a Relevant Person is not reasonably able to comply with the 30 day requirement in (1)(d), it must, prior to the end of the 30 day period:
          (a) document the reason for its non-compliance;
          (b) complete the verification in (1) as soon as possible; and
          (c) record the non-compliance event in its annual AML Return.
          (3) The DFSA may specify a period within which a Relevant Person must complete the verification required by (1) failing which the DFSA may direct the Relevant Person to cease any business relationship with the customer.
          (4) A Relevant Person must ensure that its AML systems and controls referred to in AML Rule 5.2.1 include risk management policies and procedures concerning the conditions under which business relationships may be established with a customer before completing verification.
          Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

          • AML 7.2.2 Guidance

            1. For the purposes of AML Rule 7.2.1(2)(a), examples of situations which might lead a Relevant Person to have doubts about the veracity or adequacy of documents, data or information previously obtained could be where there is a suspicion of money laundering in relation to that customer, where there is a material change in the way that the customer's account is operated, which is not consistent with the customer's business profile, or where it appears to the Relevant Person that a person other than the customer is the real customer.
            2. In AML Rule 7.2.2(1)(a), situations that the Relevant Person may take into account include, for example, accepting subscription monies during a short offer period or executing a time critical transaction, which if not executed immediately, would or may cause a customer to incur a financial loss due to price movement or loss of opportunity or when a customer seeks immediate insurance cover.
            3. When complying with AML Rule 7.2.1, a Relevant Person should also, where relevant, consider AML Rule 7.7.1 regarding failure to conduct or complete CDD and chapter 13 regarding SARs and tipping off.
            4. For the purposes of AML Rule 7.2.2(1)(d), the DFSA considers that in most situations as soon as reasonably practicable would be within 30 days after the establishment of a business relationship. However, it will depend on the nature of the customer business relationship.
            Derived from RM117/2013 [VER9/07-13]
            [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

    • AML 7.3 AML 7.3 Customer Due Diligence Requirements

      • AML 7.3.1 [Deleted]

        [Deleted] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

      • Undertaking customer due diligence

        • AML 7.3.1

          (1) In undertaking Customer Due Diligence required by AML Rule 7.1.1(1)(a) a Relevant Person must:
          (a) identify the customer and verify the customer's identity;
          (b) identify any Beneficial Owners of the customer and take reasonable measures to verify the identity of the Beneficial Owners, so that the Relevant Person is satisfied that it knows who the Beneficial Owners are;
          (c) if the customer is a legal person or legal arrangement, take reasonable measures to understand the nature of the customer's business and its ownership and control structure; and
          (d) undertake on-going due diligence of the customer business relationship under AML Rule 7.6.1.
          (2) If a person ("A") purports to act on behalf of the customer, the Relevant Person must, in addition to (1)(a):
          (a) verify that A is authorised to act on the customer's behalf; and
          (b) identify A and verify A's identity.
          (3) The verification under (1) and (2) must be based on reliable and independent source documents, data or information.
          Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

      • Identifying and verifying the customer

        • AML 7.3.2

          (1) For the purposes of AML Rule 7.3.1(1)(a), a Relevant Person must identify a customer and verify the customer's identity in accordance with this Rule.
          (2) If a customer is a natural person, a Relevant Person must obtain and verify information about the person's:
          (a) full name (including any alias);
          (b) date of birth;
          (c) nationality;
          (d) legal domicile; and
          (e) current residential address (other than a post office box).
          (3) If a customer is a body corporate, the Relevant Person must obtain and verify:
          (a) the full name of the body corporate and any trading name;
          (b) the address of its registered office and, if different, its principal place of business;
          (c) the date and place of incorporation or registration;
          (d) a copy of the certificate of incorporation or registration;
          (e) the articles of association or other equivalent governing documents of the body corporate; and
          (f) the full names of its senior management.
          (4) If a customer is a foundation, the Relevant Person must obtain and verify:
          (a) a certified copy of the charter and by-laws of the foundation or any other documents constituting the foundation; and
          (b) documentary evidence of the appointment of the guardian or any other person who may exercise powers in respect of the foundation.
          (5) If a customer is an express trust or other similar legal arrangement, the Relevant Person must obtain and verify:
          (a) a certified copy of the trust deed or other documents that set out the nature, purpose and terms of the trust or arrangement; and
          (b) documentary evidence of the appointment of the trustee or any other person exercising powers under the trust or arrangement.
          Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

      • Identifying and verifying beneficial owners: body corporate

        • AML 7.3.3 AML 7.3.3

          (1) If a customer is a body corporate, a Relevant Person must identify and verify the Beneficial Owners under AML Rule 7.3.1(1)(b) in accordance with this Rule.
          (2) The Relevant Person must identify:
          (a) the natural persons who ultimately have a controlling ownership interest in the body corporate, whether legal or beneficial, direct or indirect; and
          (b) if there is any doubt about whether the natural persons identified under (a) exert control through ownership interests, or if no natural person exerts control through ownership interests, the natural persons exercising control of the body corporate through other means.
          (3) A Relevant Person does not have to identify an ownership interest under (2)(a) if, having regard to a risk-based assessment of the customer, it is reasonably satisfied that the ownership interest is minor and in the circumstances poses no or negligible risk of money laundering.
          (4) If a Relevant Person has exhausted all possible means but has not been able to identify the Beneficial Owners under (2), and provided it has no grounds for suspecting money laundering, it must treat the senior management of the body corporate as the Beneficial Owners.
          (5) If (4) applies, the Relevant Person must keep a record in writing of all the actions it has taken to identify the Beneficial Owners of the body corporate.
          Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

          • AML 7.3.3 Guidance

            1. In exceptional circumstances, a Relevant Person may not be able to identify any natural person as the ultimate owner or controller of a body corporate. In such a case, provided it has exhausted all other means of identifying the owner or controller and it has no grounds for suspecting money laundering, it can treat each of the members of the senior management of the body corporate as the Beneficial Owners (see AML Rule 7.3.3(4)). However, in such a case the Relevant Person will need to keep records of all the actions it has taken to identify the Beneficial Owners (see AML Rule 7.3.3(5)).
            2. If the ownership or control arrangements of a customer are of such a nature that the Relevant Person is prevented from identifying the Beneficial Owners (for example, if Beneficial Owners hold bearer shares or other negotiable instruments and there is no effective system for recording the current holder of the shares or instruments), the Relevant Person is prohibited from establishing a business relationship with the customer under AML Rule 6.1.4.
            3. For more detailed Guidance on identifying and verifying Beneficial Owners, see the guidance on CDD at the end of AML section 7.3.
            Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

      • AML 7.3.4

        A Relevant Person is not required to comply with AML Rules 7.3.1(1)(b) and (c) if the customer is either:

        (a) a body corporate that:
        (i) has its Securities listed by the DFSA, another Financial Services Regulator or a Regulated Exchange; and
        (ii) is subject to disclosure requirements which ensure that adequate information about its business, structure and beneficial ownership is publicly available; or
        (b) a majority-owned subsidiary of a body corporate referred to in (a).
        Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

      • Identifying and verifying beneficial owners: foundations

        • AML 7.3.5

          (1) If a customer is a foundation, a Relevant Person must identify and verify the Beneficial Owners under AML Rule 7.3.1(1)(b) in accordance with this Rule.
          (2) The Relevant Person must identify the founder, guardian, contributors, qualified recipients, other persons entitled to receive any property or income from the foundation and any other natural person who exercises ultimate effective control of the foundation.
          (3) If the qualified recipients, or other persons entitled to receive property or income from a foundation, are designated by characteristics or by class, the Relevant Person must obtain sufficient information to satisfy itself that it will be able to establish the identity of the qualified recipient or other person before it makes any payment or transfer of property to the recipient or person.
          (4) The Relevant Person must verify the identity of a qualified recipient or other person referred to in (3) before it makes any payment, or transfers any property, from the foundation to that recipient or person.
          Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

      • Identifying and verifying beneficial owners: trusts and similar arrangements

        • AML 7.3.6

          (1) If a customer is a legal arrangement, a Relevant Person must identify and verify the Beneficial Owners under AML Rule 7.3.1(1)(b) in accordance with this Rule.
          (2) The Relevant Person must identify:
          (a) for a trust, the settlor, trustee, protector, enforcer, beneficiaries and any other natural person who exercises ultimate effective control over the trust; and
          (b) for other types of legal arrangements, persons in equivalent or similar positions to those persons referred to in (a).
          (3) If the beneficiaries of a trust or arrangement are designated by characteristics or by class, the Relevant Person must obtain sufficient information about the beneficiaries to satisfy itself that it will be able to establish the identity of a beneficiary:
          (a) before it makes a distribution to the beneficiary; or
          (b) when the beneficiary intends to exercise vested rights.
          (4) The Relevant Person must verify the identity of a beneficiary referred to in (3) before it makes a distribution to the beneficiary or the beneficiary exercises vested rights.
          Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

      • Identifying and verifying beneficiary of a life insurance policy

        • AML 7.3.7 AML 7.3.7

          (1) This Rule applies if a Relevant Person is providing a customer with a life insurance or other similar policy.
          (2) The Relevant Person must, in addition to complying with AML Rule 7.3.1:
          (a) if a beneficiary is specifically named in the policy, record the name of that person; and
          (b) if the beneficiaries of the policy are designated by characteristics or by class, obtain sufficient information to satisfy itself that it will be able to establish the identity of the beneficiaries when any payment is due to be made under the policy.
          (3) The Relevant Person must undertake the measures referred to in (2) as soon as the beneficiary of the policy is identified or designated.
          (4) The Relevant Person must verify the identity of beneficiaries and any Beneficial Owners of a beneficiary before it makes a payout under the policy.
          Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

          • AML 7.3.7 Guidance

            An insurance policy that is similar to a life insurance policy includes life-related protection, or a pension or investment product that pays out to the policyholder or beneficiary upon a particular event occurring or upon redemption.

            Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

      • Politically Exposed Persons: other measures

        • AML 7.3.8 AML 7.3.8

          (1) A Relevant Person must take reasonable measures to determine:
          (a) if a customer, or a Beneficial Owner of a customer, is a Politically Exposed Person (PEP); and
          (b) for a life insurance or other similar policy, if a beneficiary of the policy, or a Beneficial Owner of a beneficiary, is a PEP.
          (2) If a customer, or a Beneficial Owner of a customer, is a PEP, a Relevant Person must:
          (a) obtain the approval of senior management to commence or continue the business relationship with the customer;
          (b) take reasonable measures to establish the source of wealth and source of funds of the customer or Beneficial Owner; and
          (c) increase the degree and nature of monitoring of the business relationship, to determine whether the customer's transactions or activities appear unusual or suspicious.
          (3) If a beneficiary of a life insurance or other similar policy, or a Beneficial Owner of a beneficiary, is a PEP, a Relevant Person must:
          (a) obtain the approval of senior management to make any payout under the policy;
          (b) take reasonable measures to establish the source of wealth and source of funds of the beneficiary or Beneficial Owner of the beneficiary; and
          (c) increase the degree and nature of monitoring of its business relationship with the policyholder, to determine whether the customer's transactions or activities appear unusual or suspicious.
          (4) A Relevant Person must carry out the additional Customer Due Diligence referred to in (3) before it makes any payout under the policy.
          Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

          • AML 7.3.8 Guidance on CDD

            1. Items (a) to (c) in AML Rule 7.3.2(2) should be obtained from a current valid passport or, where a customer does not possess a passport, an official identification document which includes a photograph. The concept of domicile generally refers to the place which a person regards as his permanent home and with which he has the closest ties or which is his place of origin.
            2. Under AML Rule 7.3.1(3), a Relevant Person is required to verify the identity of a person based on reliable and independent source documents, data or information. A Relevant Person should generally have sight of original identification documents and retain a copy of the identification document. However in complying with AML Rule 7.3.1, it may not always be possible to obtain original documents. Where identification documents cannot be obtained in original form, for example, because a Relevant Person has no physical contact with the customer, the Relevant Person should obtain a copy certified as a true copy by a person of good standing such as a registered lawyer or notary, a chartered accountant, a bank manager, a police officer, an Employee of the person's embassy or consulate, or other similar person. The DFSA considers that downloading publicly-available information from an official source (such as a regulator's or other official government website) is sufficient to satisfy the requirements of AML Rule 7.3.1. The DFSA also considers that CDD information and research obtained from a reputable company or information-reporting agency may also be acceptable as a reliable and independent source as would banking references and, on a risk-sensitive basis, information obtained from researching reliable and independent public information found on the internet or on commercial databases.
            3. For higher risk situations the DFSA would expect identification information to be independently verified, using both public and non-public sources.
            Derived from RM117/2013 [VER9/07-13]
            [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
            [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

          • AML 7.3.8 Guidance on identification and verification of Beneficial Owners

            4. In determining whether an individual meets the definition of a Beneficial Owner, regard should be had to all the circumstances of the case, in particular the size of an individual's legal or beneficial ownership in a transaction. The question of what is a "minor" ownership interest for the purposes of the definition of a Beneficial Owner in AML Rule 7.3.3 will depend on the individual circumstances of the customer. The DFSA considers that the question of whether an ownership interest is minor should be considered in the context of the Relevant Person's knowledge of the customer and the customer risk assessment and the risk of money laundering.
            5. When identifying Beneficial Owners, a Relevant Person is expected to adopt a substantive (as opposed to form over substance) approach to CDD for legal persons. Adopting a substantive approach means focusing on the money laundering risks of the customer and the product/service and avoiding an approach which focusses purely on the legal form of an arrangement or sets fixed percentages at which Beneficial Owners are identified (or not). It should take all reasonable steps to establish and understand a corporate customer's legal ownership and control and to identify the Beneficial Owner. The DFSA does not set explicit ownership or control thresholds in defining the Beneficial Owner because the DFSA considers that the applicable threshold to adopt will ultimately depend on the risks associated with the customer, and so the DFSA expects a Relevant Person to adopt the RBA and justify on reasonable grounds an approach which is proportionate to the risks identified. A Relevant Person should not set fixed thresholds for identifying the Beneficial Owner without objective and documented justification as required by AML Rule 4.1.1. An overly formal approach to defining the Beneficial Owner may result in a criminal "gaming" the system by always keeping his financial interest below the relevant threshold
            6. The DFSA considers that in some circumstances no threshold should be used when identifying Beneficial Owners because it may be important to identify all underlying Beneficial Owners in order to ensure that they are not associated or connected in some way. This may be appropriate where there are a small number of investors in an account or fund, each with a significant financial holding and the customer-specific risks are higher. However, where the customer-specific risks are lower, a threshold can be appropriate. For example, for a low-risk corporate customer which, combined with a lower-risk product or service, a percentage threshold may be appropriate for identifying "control" of the legal person for the purposes of the definition of a Beneficial Owner.
            7. For a retail investment fund which is widely-held and where the investors invest via pension contributions, the DFSA would not expect the manager of the fund to look through to any underlying investors where there are none with any material control or ownership levels in the fund. However, for a closely-held fund with a small number of investors, each with a large shareholding or other interest, the DFSA would expect a Relevant Person to identify and verify each of the Beneficial Owners, depending on the risks identified as part of its risk-based assessment of the customer. For a corporate health policy with defined benefits, the DFSA would not expect a Relevant Person to identify the Beneficial Owners.
            8. Under Federal AML legislation, if the customer is a legal person, the Relevant Person must identify any person who, alone or jointly with other persons, has a controlling ownership interest of 25% or more in the legal person i.e. it applies a specified threshold. This does not affect the approach that should be taken under AML Rule 7.3.1(1)(b) and AML Rule 7.3.3 for verifying the identity of Beneficial Owners, where no threshold is specified (see Guidance items 4 to 7 above). As a result, under the Federal AML legislation a Relevant Person will need to obtain information identifying natural persons who have a controlling interest of hold more than 25%. Then, in accordance with the risk-based approach in Guidance items 4 to 7, the Relevant Person should determine whether it is necessary also to identify other persons who may be Beneficial Owners, and verify their identity
            Derived from RM117/2013 [VER9/07-13]
            [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
            [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]
            [Amended] DFSA RM258/2019 (Made 26th June 2019). [VER16/07-19]

          • AML 7.3.8 Guidance on politically exposed persons

            9. Individuals who have, or have had, a high political profile, or hold, or have held, public office, can pose a higher money laundering risk to a Relevant Person as their position may make them vulnerable to corruption. This risk also extends to members of their families and to known close associates. Politically Exposed Person ("PEP") status itself does not, of course, incriminate individuals or entities.
            10. Generally, a foreign PEP presents a higher risk of money laundering because there is a greater risk that such person, if he was committing money laundering, would attempt to place his money offshore where the customer is less likely to be recognised as a PEP and where it would be more difficult for law enforcement agencies in his home jurisdiction to confiscate or freeze his criminal property.
            11. Corruption-related money laundering risk increases when a Relevant Person deals with a PEP. Corruption may involve serious crimes and has become the subject of increasing global concern. Corruption offences are predicate crimes under the Federal AML legislation. A Relevant Person should note that customer relationships with family members or close associates of PEPs involve similar risks to those associated with PEPs themselves.
            12. The DFSA considers that after leaving office a PEP may remain a higher risk for money laundering if such person continues to exert political influence or otherwise pose a risk of corruption.
            13. The fact that an individual is a PEP does not automatically mean that the individual must be assessed to be a high risk customer. A Relevant Person will need to assess the particular circumstances relating to each PEP to determine what risk category is appropriate. If the PEP is assigned a high risk, then the Relevant Person will need to undertake the Enhanced Customer Due Diligence measures under AML Rule 7.4.1. However, even if a PEP is not assigned a high risk, the Relevant Person is required as a minimum to undertake the additional customer due diligence measures specified in AML Rule 7.3.8(2) and (3) for PEPs.
            Derived from RM117/2013 [VER9/07-13]
            [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
            [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

    • AML 7.4 AML 7.4 Enhanced Customer Due Diligence

      • AML 7.4.1 AML 7.4.1

        Where a Relevant Person is required to undertake Enhanced Customer Due Diligence under AML Rule 7.1.1(1)(b) it must, to the extent applicable to the customer:

        (a) obtain and verify additional:
        (i) identification information on the customer and any Beneficial Owner;
        (ii) information on the intended nature of the business relationship; and
        (iii) information on the reasons for a transaction;
        (b) update more regularly the Customer Due Diligence information which it holds on the customer and any Beneficial Owners;
        (c) take reasonable measures to establish:
        (i) the source of funds; and
        (ii) the source of wealth,

        of the customer or, if applicable, of the Beneficial Owner;
        (d) increase the degree and nature of monitoring of the business relationship, in order to determine whether the customer's transactions or activities appear unusual or suspicious;
        (e) obtain the approval of senior management to commence a business relationship with a customer; and
        (f) where applicable, require that any first payment made by a customer in order to open an account with a Relevant Person must be carried out through a bank account in the customer's name with:
        (i) a Bank;
        (ii) a Regulated Financial Institution whose entire operations are subject to regulation and supervision, including AML regulation and supervision, in a jurisdiction with AML regulations which are equivalent to the standards set out in the FATF recommendations; or
        (iii) a Subsidiary of a Regulated Financial Institution referred to in (ii), if the law that applies to the Parent ensures that the Subsidiary also observes the same AML standards as its Parent.
        Derived from RM117/2013 [VER9/07-13]
        [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
        [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

        • AML 7.4.1 Guidance

          1. In AML Rule 7.4.1 Enhanced CDD measures are only mandatory to the extent that they are applicable to the relevant customer or the circumstances of the business relationship and to the extent that the risks would reasonably require it. Therefore, the extent of additional measures to conduct is a matter for the Relevant Person to determine on a case by case basis.
          2. In AML RM117/2013(e), senior management approval may be given by an individual member of the Relevant Person's senior management or by a committee of senior managers appointed to consider high risk customers. It may also be outsourced within the Group.
          3. For high risk customers, a Relevant Person should, in order to mitigate the perceived and actual risks, exercise a greater degree of diligence throughout the customer relationship and should endeavour to understand the nature of the customer's business and consider whether it is consistent and reasonable.
          4. A Relevant Person should be satisfied that a customer's use of complex legal structures and/or the use of trust and private investment vehicles, has a genuine and legitimate purpose.
          5. For enhanced CDD , a Relevant Person has to take reasonable measures to establish the source of funds. That is, where the funds for a particular service or transaction will come from (e.g. a specific bank account held with a specific financial institution) and whether that funding is consistent with the source of wealth of the customer or, if applicable, of the Beneficial Owner.
          6. For enhanced CDD, where there is a Beneficial Owner, establishing the customer's source of funds and wealth may require enquiring into the Beneficial Owner's source of funds and wealth because the source of the funds would normally be the Beneficial Owner and not the customer.
          7. The DFSA considers that taking reasonable measures to establish the source of funds includes obtaining independent corroborating evidence such as proof of dividend payments connected to a shareholding, bank statements, salary/bonus certificates, loan documentation and proof of a transaction which gave rise to the payment into the account. A customer should be able to demonstrate and document how the relevant funds are connected to a particular event which gave rise to the payment into the account or to the source of the funds for a transaction.
          8. The DFSA considers that verification of source of wealth includes obtaining independent corroborating evidence such as share certificates, publicly-available registers of ownership, bank or brokerage account statements, probate documents, audited accounts and financial statements, news items from a reputable source and other similar evidence. For example:
          a. for a legal person, this might be achieved by obtaining its financial or annual reports published on its website or news articles and press releases that reflect its financial situation or the profitability of its business; and
          b. for a natural person, this might include documentary evidence which corroborates answers given to questions on the source of wealth in an application form or customer questionnaire. For example, if a natural person attributes the source of his wealth to inheritance, he may be asked to provide a copy of the relevant will or grant of probate. In other cases, a natural person may be asked to provide sufficient bank or salary statements covering a number of years to draw up a picture of his source of wealth.
          9. A Relevant Person may commission a third party vendor report to obtain further information on a customer or transaction or to investigate a customer or Beneficial Owner in very high risk cases. A third party vendor report may be particularly useful where there is little or no publicly-available information on a person or on a legal arrangement or where a Relevant Person has difficulty in obtaining and verifying information.
          10. In AML Rule 7.4.1(f), circumstances where it may be applicable to require the first payment made by a customer in order to open an account with a Relevant Person to be carried out through a bank account in the customer's name with a financial institution specified in that paragraph include:
          a. where, following the use of other Enhanced CDD measures, the Relevant Person is not satisfied with the results of due diligence; or
          b. as an alternative measure, where one of the measures in AML Rule 7.4.1 (a) to (e) cannot be carried out.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] RM196/2016 (Made 7th December 2016). [VER13/02-17]
          [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

    • AML 7.5 AML 7.5 Simplified customer due diligence

      • AML 7.5.1 AML 7.5.1

        (1) Where a Relevant Person is permitted to undertake Simplified Customer Due Diligence under AML Rule 7.1.1(2), modification of AML Rule 7.3.1 may include:
        (a) verifying the identity of the customer and any Beneficial Owners after the establishment of the business relationship under AML Rule 7.2.1(3);
        (b) deciding to reduce the frequency of, or as appropriate not undertake, customer identification updates;
        (c) deciding not to verify an identification document other than by requesting a copy;
        (d) reducing the degree of on-going monitoring of transactions, based on a reasonable monetary threshold or on the nature of the transaction; or
        (e) not collecting specific information or carrying out specific measures to understand the purpose and intended nature of the business relationship, but infering such purpose and nature from the type of transactions or business relationship established.
        (2) The modification in (1) must be proportionate to the customer's money laundering risks.
        Derived from RM117/2013 [VER9/07-13]
        [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
        [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

        • AML 7.5.1 Guidance

          1. AML Rule 7.5.1(1) provides examples of Simplified CDD measures. Other measures may also be used by a Relevant Person to modify CDD in accordance with the customer risks.
          2. A Relevant Person should not use a "one size fits all" approach for all its low risk customers. Notwithstanding that the risks may be low for all such customers, the degree of CDD undertaken needs to be proportionate to the specific risks identified on a case by case basis.
          3. A Relevant Person is not required to identify or verify Beneficial Owners for retail investment funds which are widely held and for investment funds where the investor invests via pension contributions.
          4. An example of circumstances where a Relevant Person might reasonably reduce the frequency of or, as appropriate, eliminate customer identification updates would be where the money laundering risks are low and the service provided does not offer a realistic opportunity for money laundering.
          5. An example of where a Relevant Person might reasonably reduce the degree of on-going monitoring and scrutinising of transactions, based on a reasonable monetary threshold or on the nature of the transaction, would be where the transaction is a recurring, fixed contribution to a savings scheme, investment portfolio or fund or where the monetary value of the transaction is not material for money laundering purposes given the nature of the customer and the transaction type.
          6. For the avoidance of doubt, a Relevant Person should not conduct Simplified CDD where there is any suspicion of money laundering.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
          [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

    • AML 7.6 AML 7.6 Ongoing Customer Due Diligence

      • AML 7.6.1 AML 7.6.1

        (1) When undertaking ongoing Customer Due Diligence under Rule 7.3.1(1)(d), a Relevant Person must, using the risk-based approach:

        (a) monitor transactions undertaken during the course of its customer relationship to ensure that the transactions are consistent with the Relevant Person's knowledge of the customer, his business and risk rating;
        (b) pay particular attention to any complex or unusually large transactions or unusual patterns of transactions that have no apparent or visible economic or legitimate purpose;
        (c) enquire into the background and purpose of the transactions in (b);
        (d) review the adequacy of the Customer Due Diligence information it holds on customers and Beneficial Owners to ensure that the information is kept up to date, particularly for customers with a high risk rating; and
        (e) review each customer to ensure that the risk rating assigned to a customer under Rule 6.1.1(1)(b) remains appropriate for the customer in light of the money laundering risks.

        (2) A Relevant Person must carry out a review under (1)(d) and (e) periodically and at other appropriate times when a material change or event occurs relating to a customer.

        Derived from RM117/2013 [VER9/07-13]
        [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

        • AML 7.6.1 Guidance

          1. In complying with Rule 7.6.1(1)(d), a Relevant Person should undertake a periodic review to ensure that non-static customer identity documentation is accurate and up-to-date. Examples of non-static identity documentation include passport number and residential/business address and, for a legal person, its share register or list of partners.
          2. A Relevant Person should undertake a review under Rule 7.6.1(1)(d) and (e), both periodically and at other appropriate times such as when:
          a. the Relevant Person changes its CDD documentation requirements;
          b. an unusual transaction with the customer is expected to take place;
          c. there is a material change in the business relationship with the customer; or
          d. there is a material change in the nature or ownership of the customer.
          3. The degree of the on-going due diligence to be undertaken will depend on the customer risk assessment carried out under Rule 6.1.1.
          4. A Relevant Person's transaction monitoring policies, procedures, systems and controls, which may be implemented by manual or automated systems, or a combination thereof, are one of the most important aspects of effective CDD. Whether a Relevant Person should undertake the monitoring by means of a manual or computerised system (or both) will depend on a number of factors, including:
          a. the size and nature of the Relevant Person's business and customer base; and
          b. the complexity and volume of customer transactions.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

      • AML 7.6.2 AML 7.6.2 Ongoing sanctions screening

        A Relevant Person must review its customers, their business and transactions against United Nations Security Council sanctions lists and against any other relevant sanctions list when complying with Rule 7.6.1(1)(d).

        Derived from RM117/2013 [VER9/07-13]
        [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

        • AML 7.6.2 Guidance

          In AMLRule 7.6.2, a "relevant sanctions list" may include U.A.E EU, U.K. HM Treasury, U.S. OFAC lists and any other list which may apply to a Relevant Person.

          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

    • AML 7.7 AML 7.7 Failure to conduct or complete customer due diligence

      • AML 7.7.1 AML 7.7.1

        (1) Where, in relation to any customer, a Relevant Person is unable to conduct or complete the requisite Customer Due Diligence in accordance with AML Rule 7.1.1 it must, to the extent relevant:
        (a) not carry out a transaction with or for the customer through a bank account or in cash;
        (b) not open an account or otherwise provide a service;
        (c) not otherwise establish a business relationship or carry out a transaction;
        (d) terminate or suspend any existing business relationship with the customer;
        (e) return any monies or assets received from the customer; and
        (f) consider whether the inability to conduct or complete Customer Due Diligence necessitates the making of a Suspicious Activity Report under AML Rule 13.3.1(c).
        (2) A Relevant Person is not obliged to comply with (1) (a) to (e) if:
        (a) to do so would amount to "tipping off" the customer, in breach of Federal AML legislation; or
        (b) the FIU directs the Relevant Person to act otherwise.
        Derived from RM117/2013 [VER9/07-13]
        [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
        [Amended] DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]]
        [Amended] DFSA RM258/2019 (Made 26th June 2019). [VER16/07-19]

        • AML 7.7.1 Guidance

          1. In complying with Rule 7.7.1(1) a Relevant Person should apply one or more of the measures in (a) to (f) as appropriate in the circumstances. Where CDD cannot be completed, it may be appropriate not to carry out a transaction pending completion of CDD. Where CDD cannot be conducted, including where a material part of the CDD, such as identifying and verifying a Beneficial Owner cannot be conducted, a Relevant Person should not establish a business relationship with the customer.
          2. A Relevant Person should note that Rule 7.7.1 applies to both existing and prospective customers. For new customers it may be appropriate for a Relevant Person to terminate the business relationship before a product or service is provided. However, for existing customers, while termination of the business relationship should not be ruled out, suspension may be more appropriate depending on the circumstances. Whichever route is taken, the Relevant Person should be careful not to tip off the customer.
          3. A Relevant Person should adopt the RBA for CDD of existing customers. For example, if a Relevant Person considers that any of its existing customers (which may include customers which it migrates into the DIFC) have not been subject to CDD at an equivalent standard to that required by this module, it should adopt the RBA and take remedial action in a manner proportionate to the risks and within a reasonable period of time whilst complying with Rule 7.7.1.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]