Entire Section
AML 7 AML 7 Customer Due Diligence
Figure 4. CDD
AML 7.1 AML 7.1 Requirement to Undertake Customer Due Diligence
AML 7.1.1 AML 7.1.1
(1) ARelevant Person must:(a) undertakeCustomer Due Diligence under AML section 7.3 for each of its customers; and(b) in addition to (a), undertakeEnhanced Customer Due Diligence under AML Rule 7.4.1 in respect of any customer it has assigned as high risk.(2) ARelevant Person may undertakeSimplified Customer Due Diligence in accordance with AML Rule 7.5.1 by modifyingCustomer Due Diligence under AML section 7.3 for any customer it has assigned as low risk.AML 7.1.1 Guidance
A
Relevant Person should undertakeCDD in a manner proportionate to the customer's money laundering risks identified under Rule 6.1.1(1). This means that all customers are subject toCDD under section 7.3. However, for high risk customers, additional EnhancedCDD measures should also be undertaken under section 7.4. For low risk customers, section 7.3 may be modified according to the risks in accordance with section 7.5.AML 7.2 AML 7.2 Timing of Customer Due Diligence
AML 7.2.1
(1)A Relevant Person must except as otherwise provided in AML Rule 7.2.2 or in AML section 7.3:(a) undertake the appropriateCustomer Due Diligence under AML Rule 7.3.1(1)(a) to (c) and AML section 7.3 when it is establishing a business relationship with a customer; and(b) undertake the appropriateCustomer Due Diligence under AML Rule 7.3.1(1)(d) after establishing a business relationship with a customer.(2) ARelevant Person must also undertake appropriateCustomer Due Diligence if, at any time:(a) in relation to an existing customer, it doubts the veracity or adequacy of documents, data or information obtained for the purposes ofCustomer Due Diligence ;(b) it suspects money laundering in relation to a person; or(c) there is a change in risk-rating of the customer, or it is otherwise warranted by a change in circumstances of the customer.Derived from RM117/2013 [VER9/07-13]
[Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
[Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]Establishing a business relationship before verification
AML 7.2.2 AML 7.2.2
(1) ARelevant Person may establish a business relationship with a customer before completing the verification required by AML Rule 7.3.1 if the following conditions are met:(a) deferral of the verification of the customer orBeneficial Owner is necessary in order not to interrupt the normal conduct of a business relationship;(b) there is little risk of money laundering occurring and any such risks identified can be effectively managed by theRelevant Person ;(c) in relation to a bank account opening, there are adequate safeguards in place to ensure that the account is not closed and transactions are not carried out by or on behalf of the account holder (including any payment from the account to the account holder) before verification has been completed; and(d) subject to (2), the relevant verification is completed as soon as reasonably practicable and in any event no later than 30 days after the establishment of a business relationship.(2) Where aRelevant Person is not reasonably able to comply with the 30 day requirement in (1)(d), it must, prior to the end of the 30 day period:(a) document the reason for its non-compliance;(b) complete the verification in (1) as soon as possible; and(c) record the non-compliance event in its annual AML Return.(3) TheDFSA may specify a period within which aRelevant Person must complete the verification required by (1) failing which theDFSA may direct theRelevant Person to cease any business relationship with the customer.(4) ARelevant Person must ensure that its AML systems and controls referred to in AML Rule 5.2.1 include risk management policies and procedures concerning the conditions under which business relationships may be established with a customer before completing verification.Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]AML 7.2.2 Guidance
1. For the purposes of AML Rule 7.2.1(2)(a), examples of situations which might lead aRelevant Person to have doubts about the veracity or adequacy of documents, data or information previously obtained could be where there is a suspicion of money laundering in relation to that customer, where there is a material change in the way that the customer's account is operated, which is not consistent with the customer's business profile, or where it appears to theRelevant Person that a person other than the customer is the real customer.2. In AML Rule 7.2.2(1)(a), situations that theRelevant Person may take into account include, for example, accepting subscription monies during a short offer period or executing a time critical transaction, which if not executed immediately, would or may cause a customer to incur a financial loss due to price movement or loss of opportunity or when a customer seeks immediate insurance cover.3. When complying with AML Rule 7.2.1, aRelevant Person should also, where relevant, consider AML Rule 7.7.1 regarding failure to conduct or completeCDD and chapter 13 regarding SARs and tipping off.4. For the purposes of AML Rule 7.2.2(1)(d), theDFSA considers that in most situations as soon as reasonably practicable would be within 30 days after the establishment of a business relationship. However, it will depend on the nature of the customer business relationship.AML 7.3 AML 7.3 Customer Due Diligence Requirements
AML 7.3.1 [Deleted]
[Deleted] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]Undertaking customer due diligence
AML 7.3.1
(1) In undertakingCustomer Due Diligence required by AML Rule 7.1.1(1)(a) aRelevant Person must:(a) identify the customer and verify the customer's identity;(b) identify anyBeneficial Owners of the customer and take reasonable measures to verify the identity of theBeneficial Owners , so that theRelevant Person is satisfied that it knows who theBeneficial Owners are;(c) if the customer is a legal person or legal arrangement, take reasonable measures to understand the nature of the customer's business and its ownership and control structure; and(d) undertake on-going due diligence of the customer business relationship under AML Rule 7.6.1.(2) If a person ("A") purports to act on behalf of the customer, theRelevant Person must, in addition to (1)(a):(a) verify that A is authorised to act on the customer's behalf; and(b) identify A and verify A's identity.(3) The verification under (1) and (2) must be based on reliable and independent source documents, data or information.Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]Identifying and verifying the customer
AML 7.3.2
(1) For the purposes of AML Rule 7.3.1(1)(a), aRelevant Person must identify a customer and verify the customer's identity in accordance with this Rule.(2) If a customer is a natural person, aRelevant Person must obtain and verify information about the person's:(a) full name (including any alias);(b) date of birth;(c) nationality;(d) legal domicile; and(e) current residential address (other than a post office box).(3) If a customer is a body corporate, theRelevant Person must obtain and verify:(a) the full name of the body corporate and any trading name;(b) the address of its registered office and, if different, its principal place of business;(c) the date and place of incorporation or registration;(d) a copy of the certificate of incorporation or registration;(e) the articles of association or other equivalent governing documents of the body corporate; and(f) the full names of its senior management.(4) If a customer is a foundation, theRelevant Person must obtain and verify:(a) a certified copy of the charter and by-laws of the foundation or any other documents constituting the foundation; and(b) documentary evidence of the appointment of the guardian or any other person who may exercise powers in respect of the foundation.(5) If a customer is an express trust or other similar legal arrangement, theRelevant Person must obtain and verify:(a) a certified copy of the trust deed or other documents that set out the nature, purpose and terms of the trust or arrangement; and(b) documentary evidence of the appointment of the trustee or any other person exercising powers under the trust or arrangement.Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]Identifying and verifying beneficial owners: body corporate
AML 7.3.3 AML 7.3.3
(1) If a customer is a body corporate, aRelevant Person must identify and verify theBeneficial Owners under AML Rule 7.3.1(1)(b) in accordance with this Rule.(2) TheRelevant Person must identify:(a) the natural persons who ultimately have a controlling ownership interest in the body corporate, whether legal or beneficial, direct or indirect; and(b) if there is any doubt about whether the natural persons identified under (a) exert control through ownership interests, or if no natural person exerts control through ownership interests, the natural persons exercising control of the body corporate through other means.(3) ARelevant Person does not have to identify an ownership interest under (2)(a) if, having regard to a risk-based assessment of the customer, it is reasonably satisfied that the ownership interest is minor and in the circumstances poses no or negligible risk of money laundering.(4) If aRelevant Person has exhausted all possible means but has not been able to identify theBeneficial Owners under (2), and provided it has no grounds for suspecting money laundering, it must treat the senior management of the body corporate as theBeneficial Owners .(5) If (4) applies, theRelevant Person must keep a record in writing of all the actions it has taken to identify theBeneficial Owners of the body corporate.Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]AML 7.3.3 Guidance
1. In exceptional circumstances, aRelevant Person may not be able to identify any natural person as the ultimate owner or controller of a body corporate. In such a case, provided it has exhausted all other means of identifying the owner or controller and it has no grounds for suspecting money laundering, it can treat each of the members of the senior management of the body corporate as theBeneficial Owners (see AML Rule 7.3.3(4)). However, in such a case theRelevant Person will need to keep records of all the actions it has taken to identify theBeneficial Owners (see AML Rule 7.3.3(5)).2. If the ownership or control arrangements of a customer are of such a nature that theRelevant Person is prevented from identifying theBeneficial Owners (for example, ifBeneficial Owners hold bearer shares or other negotiable instruments and there is no effective system for recording the current holder of the shares or instruments), theRelevant Person is prohibited from establishing a business relationship with the customer under AML Rule 6.1.4.3. For more detailed Guidance on identifying and verifyingBeneficial Owners , see the guidance onCDD at the end of AML section 7.3.Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]AML 7.3.4
A
Relevant Person is not required to comply with AML Rules 7.3.1(1)(b) and (c) if the customer is either:(a) a body corporate that:(i) has its Securities listed by theDFSA , anotherFinancial Services Regulator or aRegulated Exchange ; and(ii) is subject to disclosure requirements which ensure that adequate information about its business, structure and beneficial ownership is publicly available; or(b) a majority-owned subsidiary of a body corporate referred to in (a).Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]Identifying and verifying beneficial owners: foundations
AML 7.3.5
(1) If a customer is a foundation, aRelevant Person must identify and verify theBeneficial Owners under AML Rule 7.3.1(1)(b) in accordance with this Rule.(2) TheRelevant Person must identify the founder, guardian, contributors, qualified recipients, other persons entitled to receive any property or income from the foundation and any other natural person who exercises ultimate effective control of the foundation.(3) If the qualified recipients, or other persons entitled to receive property or income from a foundation, are designated by characteristics or by class, theRelevant Person must obtain sufficient information to satisfy itself that it will be able to establish the identity of the qualified recipient or other person before it makes any payment or transfer of property to the recipient or person.(4) TheRelevant Person must verify the identity of a qualified recipient or other person referred to in (3) before it makes any payment, or transfers any property, from the foundation to that recipient or person.Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]Identifying and verifying beneficial owners: trusts and similar arrangements
AML 7.3.6
(1) If a customer is a legal arrangement, aRelevant Person must identify and verify theBeneficial Owners under AML Rule 7.3.1(1)(b) in accordance with this Rule.(2) TheRelevant Person must identify:(a) for a trust, the settlor, trustee, protector, enforcer, beneficiaries and any other natural person who exercises ultimate effective control over the trust; and(b) for other types of legal arrangements, persons in equivalent or similar positions to those persons referred to in (a).(3) If the beneficiaries of a trust or arrangement are designated by characteristics or by class, theRelevant Person must obtain sufficient information about the beneficiaries to satisfy itself that it will be able to establish the identity of a beneficiary:(a) before it makes a distribution to the beneficiary; or(b) when the beneficiary intends to exercise vested rights.(4) TheRelevant Person must verify the identity of a beneficiary referred to in (3) before it makes a distribution to the beneficiary or the beneficiary exercises vested rights.Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]Identifying and verifying beneficiary of a life insurance policy
AML 7.3.7 AML 7.3.7
(1) This Rule applies if aRelevant Person is providing a customer with a life insurance or other similar policy.(2) TheRelevant Person must, in addition to complying with AML Rule 7.3.1:(a) if a beneficiary is specifically named in the policy, record the name of that person; and(b) if the beneficiaries of the policy are designated by characteristics or by class, obtain sufficient information to satisfy itself that it will be able to establish the identity of the beneficiaries when any payment is due to be made under the policy.(3) TheRelevant Person must undertake the measures referred to in (2) as soon as the beneficiary of the policy is identified or designated.(4) TheRelevant Person must verify the identity of beneficiaries and anyBeneficial Owners of a beneficiary before it makes a payout under the policy.Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]AML 7.3.7 Guidance
An insurance policy that is similar to a life insurance policy includes life-related protection, or a pension or investment product that pays out to the policyholder or beneficiary upon a particular event occurring or upon redemption.
Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]Politically Exposed Persons: other measures
AML 7.3.8 AML 7.3.8
(1) ARelevant Person must take reasonable measures to determine:(a) if a customer, or aBeneficial Owner of a customer, is aPolitically Exposed Person (PEP); and(b) for a life insurance or other similar policy, if a beneficiary of the policy, or aBeneficial Owner of a beneficiary, is aPEP .(2) If a customer, or aBeneficial Owner of a customer, is aPEP , aRelevant Person must:(a) obtain the approval of senior management to commence or continue the business relationship with the customer;(b) take reasonable measures to establish the source of wealth and source of funds of the customer orBeneficial Owner ; and(c) increase the degree and nature of monitoring of the business relationship, to determine whether the customer's transactions or activities appear unusual or suspicious.(3) If a beneficiary of a life insurance or other similar policy, or aBeneficial Owner of a beneficiary, is aPEP , aRelevant Person must:(a) obtain the approval of senior management to make any payout under the policy;(b) take reasonable measures to establish the source of wealth and source of funds of the beneficiary orBeneficial Owner of the beneficiary; and(c) increase the degree and nature of monitoring of its business relationship with the policyholder, to determine whether the customer's transactions or activities appear unusual or suspicious.(4) ARelevant Person must carry out the additionalCustomer Due Diligence referred to in (3) before it makes any payout under the policy.Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]AML 7.3.8 Guidance on CDD
1. Items (a) to (c) in AML Rule 7.3.2(2) should be obtained from a current valid passport or, where a customer does not possess a passport, an official identification document which includes a photograph. The concept of domicile generally refers to the place which a person regards as his permanent home and with which he has the closest ties or which is his place of origin.2. Under AML Rule 7.3.1(3), aRelevant Person is required to verify the identity of a person based on reliable and independent source documents, data or information. ARelevant Person should generally have sight of original identification documents and retain a copy of the identification document. However in complying with AML Rule 7.3.1, it may not always be possible to obtain original documents. Where identification documents cannot be obtained in original form, for example, because aRelevant Person has no physical contact with the customer, theRelevant Person should obtain a copy certified as a true copy by a person of good standing such as a registered lawyer or notary, a chartered accountant, a bank manager, a police officer, anEmployee of the person's embassy or consulate, or other similar person. TheDFSA considers that downloading publicly-available information from an official source (such as a regulator's or other official government website) is sufficient to satisfy the requirements of AML Rule 7.3.1. TheDFSA also considers thatCDD information and research obtained from a reputable company or information-reporting agency may also be acceptable as a reliable and independent source as would banking references and, on a risk-sensitive basis, information obtained from researching reliable and independent public information found on the internet or on commercial databases.3. For higher risk situations theDFSA would expect identification information to be independently verified, using both public and non-public sources.Derived from RM117/2013 [VER9/07-13]
[Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
[Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]AML 7.3.8 Guidance on identification and verification of Beneficial Owners
4. In determining whether an individual meets the definition of aBeneficial Owner , regard should be had to all the circumstances of the case, in particular the size of an individual's legal or beneficial ownership in a transaction. The question of what is a "minor" ownership interest for the purposes of the definition of aBeneficial Owner in AML Rule 7.3.3 will depend on the individual circumstances of the customer. TheDFSA considers that the question of whether an ownership interest is minor should be considered in the context of theRelevant Person's knowledge of the customer and the customer risk assessment and the risk of money laundering.5. When identifyingBeneficial Owners , aRelevant Person is expected to adopt a substantive (as opposed to form over substance) approach toCDD for legal persons. Adopting a substantive approach means focusing on the money laundering risks of the customer and the product/service and avoiding an approach which focusses purely on the legal form of an arrangement or sets fixed percentages at whichBeneficial Owners are identified (or not). It should take all reasonable steps to establish and understand a corporate customer's legal ownership and control and to identify theBeneficial Owner . TheDFSA does not set explicit ownership or control thresholds in defining theBeneficial Owner because theDFSA considers that the applicable threshold to adopt will ultimately depend on the risks associated with the customer, and so theDFSA expects aRelevant Person to adopt the RBA and justify on reasonable grounds an approach which is proportionate to the risks identified. ARelevant Person should not set fixed thresholds for identifying theBeneficial Owner without objective and documented justification as required by AML Rule 4.1.1. An overly formal approach to defining theBeneficial Owner may result in a criminal "gaming" the system by always keeping his financial interest below the relevant threshold6. TheDFSA considers that in some circumstances no threshold should be used when identifyingBeneficial Owners because it may be important to identify all underlyingBeneficial Owners in order to ensure that they are not associated or connected in some way. This may be appropriate where there are a small number of investors in an account or fund, each with a significant financial holding and the customer-specific risks are higher. However, where the customer-specific risks are lower, a threshold can be appropriate. For example, for a low-risk corporate customer which, combined with a lower-risk product or service, a percentage threshold may be appropriate for identifying "control" of the legal person for the purposes of the definition of aBeneficial Owner .7. For a retail investment fund which is widely-held and where the investors invest via pension contributions, theDFSA would not expect the manager of the fund to look through to any underlying investors where there are none with any material control or ownership levels in the fund. However, for a closely-held fund with a small number of investors, each with a large shareholding or other interest, theDFSA would expect aRelevant Person to identify and verify each of theBeneficial Owners , depending on the risks identified as part of its risk-based assessment of the customer. For a corporate health policy with defined benefits, theDFSA would not expect aRelevant Person to identify theBeneficial Owners .8. Under Federal AML legislation, if the customer is a legal person, theRelevant Person must identify any person who, alone or jointly with other persons, has a controlling ownership interest of 25% or more in the legal person i.e. it applies a specified threshold. This does not affect the approach that should be taken under AML Rule 7.3.1(1)(b) and AML Rule 7.3.3 for verifying the identity ofBeneficial Owners , where no threshold is specified (see Guidance items 4 to 7 above). As a result, under the Federal AML legislation aRelevant Person will need to obtain information identifying natural persons who have a controlling interest of hold more than 25%. Then, in accordance with the risk-based approach in Guidance items 4 to 7, theRelevant Person should determine whether it is necessary also to identify other persons who may beBeneficial Owners , and verify their identityDerived from RM117/2013 [VER9/07-13]
[Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
[Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]
[Amended] DFSA RM258/2019 (Made 26th June 2019). [VER16/07-19]
AML 7.3.8 Guidance on politically exposed persons
9. Individuals who have, or have had, a high political profile, or hold, or have held, public office, can pose a higher money laundering risk to aRelevant Person as their position may make them vulnerable to corruption. This risk also extends to members of their families and to known close associates.Politically Exposed Person ("PEP") status itself does not, of course, incriminate individuals or entities.10. Generally, a foreignPEP presents a higher risk of money laundering because there is a greater risk that such person, if he was committing money laundering, would attempt to place his money offshore where the customer is less likely to be recognised as aPEP and where it would be more difficult for law enforcement agencies in his home jurisdiction to confiscate or freeze his criminal property.11. Corruption-related money laundering risk increases when aRelevant Person deals with aPEP . Corruption may involve serious crimes and has become the subject of increasing global concern. Corruption offences are predicate crimes under the Federal AML legislation. ARelevant Person should note that customer relationships with family members or close associates ofPEPs involve similar risks to those associated withPEPs themselves.12. TheDFSA considers that after leaving office aPEP may remain a higher risk for money laundering if such person continues to exert political influence or otherwise pose a risk of corruption.13. The fact that an individual is aPEP does not automatically mean that the individual must be assessed to be a high risk customer. ARelevant Person will need to assess the particular circumstances relating to eachPEP to determine what risk category is appropriate. If thePEP is assigned a high risk, then theRelevant Person will need to undertake theEnhanced Customer Due Diligence measures under AML Rule 7.4.1. However, even if aPEP is not assigned a high risk, theRelevant Person is required as a minimum to undertake the additional customer due diligence measures specified in AML Rule 7.3.8(2) and (3) forPEP s.Derived from RM117/2013 [VER9/07-13]
[Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
[Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]AML 7.4 AML 7.4 Enhanced Customer Due Diligence
AML 7.4.1 AML 7.4.1
Where a
Relevant Person is required to undertakeEnhanced Customer Due Diligence under AML Rule 7.1.1(1)(b) it must, to the extent applicable to the customer:(a) obtain and verify additional:(i) identification information on the customer and anyBeneficial Owner ;(ii) information on the intended nature of the business relationship; and(iii) information on the reasons for a transaction;(b) update more regularly theCustomer Due Diligence information which it holds on the customer and anyBeneficial Owners ;(c) take reasonable measures to establish:(i) the source of funds; and(ii) the source of wealth,
of the customer or, if applicable, of theBeneficial Owner ;(d) increase the degree and nature of monitoring of the business relationship, in order to determine whether the customer's transactions or activities appear unusual or suspicious;(e) obtain the approval of senior management to commence a business relationship with a customer; and(f) where applicable, require that any first payment made by a customer in order to open an account with aRelevant Person must be carried out through a bank account in the customer's name with:(i) aBank ;(ii) aRegulated Financial Institution whose entire operations are subject to regulation and supervision, including AML regulation and supervision, in a jurisdiction with AML regulations which are equivalent to the standards set out in the FATF recommendations; or(iii) aSubsidiary of aRegulated Financial Institution referred to in (ii), if the law that applies to theParent ensures that the Subsidiary also observes the same AML standards as itsParent .Derived from RM117/2013 [VER9/07-13]
[Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
[Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]AML 7.4.1 Guidance
1. In AML Rule 7.4.1 EnhancedCDD measures are only mandatory to the extent that they are applicable to the relevant customer or the circumstances of the business relationship and to the extent that the risks would reasonably require it. Therefore, the extent of additional measures to conduct is a matter for theRelevant Person to determine on a case by case basis.2. In AML RM117/2013(e), senior management approval may be given by an individual member of theRelevant Person's senior management or by a committee of senior managers appointed to consider high risk customers. It may also be outsourced within the Group.3. For high risk customers, aRelevant Person should, in order to mitigate the perceived and actual risks, exercise a greater degree of diligence throughout the customer relationship and should endeavour to understand the nature of the customer's business and consider whether it is consistent and reasonable.4. ARelevant Person should be satisfied that a customer's use of complex legal structures and/or the use of trust and private investment vehicles, has a genuine and legitimate purpose.5. For enhancedCDD , aRelevant Person has to take reasonable measures to establish the source of funds. That is, where the funds for a particular service or transaction will come from (e.g. a specific bank account held with a specific financial institution) and whether that funding is consistent with the source of wealth of the customer or, if applicable, of theBeneficial Owner .6. For enhancedCDD , where there is aBeneficial Owner , establishing the customer's source of funds and wealth may require enquiring into the Beneficial Owner's source of funds and wealth because the source of the funds would normally be theBeneficial Owner and not the customer.7. TheDFSA considers that taking reasonable measures to establish the source of funds includes obtaining independent corroborating evidence such as proof of dividend payments connected to a shareholding, bank statements, salary/bonus certificates, loan documentation and proof of a transaction which gave rise to the payment into the account. A customer should be able to demonstrate and document how the relevant funds are connected to a particular event which gave rise to the payment into the account or to the source of the funds for a transaction.8. TheDFSA considers that verification of source of wealth includes obtaining independent corroborating evidence such as share certificates, publicly-available registers of ownership, bank or brokerage account statements, probate documents, audited accounts and financial statements, news items from a reputable source and other similar evidence. For example:a. for a legal person, this might be achieved by obtaining its financial or annual reports published on its website or news articles and press releases that reflect its financial situation or the profitability of its business; andb. for a natural person, this might include documentary evidence which corroborates answers given to questions on the source of wealth in an application form or customer questionnaire. For example, if a natural person attributes the source of his wealth to inheritance, he may be asked to provide a copy of the relevant will or grant of probate. In other cases, a natural person may be asked to provide sufficient bank or salary statements covering a number of years to draw up a picture of his source of wealth.9. ARelevant Person may commission a third party vendor report to obtain further information on a customer or transaction or to investigate a customer orBeneficial Owner in very high risk cases. A third party vendor report may be particularly useful where there is little or no publicly-available information on a person or on a legal arrangement or where aRelevant Person has difficulty in obtaining and verifying information.10. In AML Rule 7.4.1(f), circumstances where it may be applicable to require the first payment made by a customer in order to open an account with aRelevant Person to be carried out through a bank account in the customer's name with a financial institution specified in that paragraph include:a. where, following the use of other EnhancedCDD measures, theRelevant Person is not satisfied with the results of due diligence; orb. as an alternative measure, where one of the measures in AML Rule 7.4.1 (a) to (e) cannot be carried out.Derived from RM117/2013 [VER9/07-13]
[Amended] RM196/2016 (Made 7th December 2016). [VER13/02-17]
[Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]AML 7.5 AML 7.5 Simplified customer due diligence
AML 7.5.1 AML 7.5.1
(1) Where aRelevant Person is permitted to undertakeSimplified Customer Due Diligence under AML Rule 7.1.1(2), modification of AML Rule 7.3.1 may include:(a) verifying the identity of the customer and anyBeneficial Owners after the establishment of the business relationship under AML Rule 7.2.1(3);(b) deciding to reduce the frequency of, or as appropriate not undertake, customer identification updates;(c) deciding not to verify an identification document other than by requesting a copy;(d) reducing the degree of on-going monitoring of transactions, based on a reasonable monetary threshold or on the nature of the transaction; or(e) not collecting specific information or carrying out specific measures to understand the purpose and intended nature of the business relationship, but infering such purpose and nature from the type of transactions or business relationship established.(2) The modification in (1) must be proportionate to the customer's money laundering risks.Derived from RM117/2013 [VER9/07-13]
[Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
[Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]AML 7.5.1 Guidance
1. AML Rule 7.5.1(1) provides examples ofSimplified CDD measures. Other measures may also be used by aRelevant Person to modifyCDD in accordance with the customer risks.2. ARelevant Person should not use a "one size fits all" approach for all its low risk customers. Notwithstanding that the risks may be low for all such customers, the degree ofCDD undertaken needs to be proportionate to the specific risks identified on a case by case basis.3. ARelevant Person is not required to identify or verifyBeneficial Owners for retail investment funds which are widely held and for investment funds where the investor invests via pension contributions.4. An example of circumstances where aRelevant Person might reasonably reduce the frequency of or, as appropriate, eliminate customer identification updates would be where the money laundering risks are low and the service provided does not offer a realistic opportunity for money laundering.5. An example of where aRelevant Person might reasonably reduce the degree of on-going monitoring and scrutinising of transactions, based on a reasonable monetary threshold or on the nature of the transaction, would be where the transaction is a recurring, fixed contribution to a savings scheme, investment portfolio or fund or where the monetary value of the transaction is not material for money laundering purposes given the nature of the customer and the transaction type.
6. For the avoidance of doubt, aRelevant Person should not conductSimplified CDD where there is any suspicion of money laundering.Derived from RM117/2013 [VER9/07-13]
[Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
[Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]AML 7.6 AML 7.6 Ongoing Customer Due Diligence
AML 7.6.1 AML 7.6.1
(1) When undertaking ongoing
Customer Due Diligence under Rule 7.3.1(1)(d), aRelevant Person must, using the risk-based approach:(a) monitor transactions undertaken during the course of its customer relationship to ensure that the transactions are consistent with theRelevant Person's knowledge of the customer, his business and risk rating;(b) pay particular attention to any complex or unusually large transactions or unusual patterns of transactions that have no apparent or visible economic or legitimate purpose;(c) enquire into the background and purpose of the transactions in (b);(d) review the adequacy of theCustomer Due Diligence information it holds on customers andBeneficial Owners to ensure that the information is kept up to date, particularly for customers with a high risk rating; and(e) review each customer to ensure that the risk rating assigned to a customer under Rule 6.1.1(1)(b) remains appropriate for the customer in light of the money laundering risks.(2) A
Relevant Person must carry out a review under (1)(d) and (e) periodically and at other appropriate times when a material change or event occurs relating to a customer.AML 7.6.1 Guidance
1. In complying with Rule 7.6.1(1)(d), aRelevant Person should undertake a periodic review to ensure that non-static customer identity documentation is accurate and up-to-date. Examples of non-static identity documentation include passport number and residential/business address and, for a legal person, its share register or list of partners.2. ARelevant Person should undertake a review under Rule 7.6.1(1)(d) and (e), both periodically and at other appropriate times such as when:a. theRelevant Person changes itsCDD documentation requirements;b. an unusual transaction with the customer is expected to take place;c. there is a material change in the business relationship with the customer; ord. there is a material change in the nature or ownership of the customer.3. The degree of the on-going due diligence to be undertaken will depend on the customer risk assessment carried out under Rule 6.1.1.4. ARelevant Person's transaction monitoring policies, procedures, systems and controls, which may be implemented by manual or automated systems, or a combination thereof, are one of the most important aspects of effectiveCDD . Whether aRelevant Person should undertake the monitoring by means of a manual or computerised system (or both) will depend on a number of factors, including:a. the size and nature of theRelevant Person's business and customer base; andb. the complexity and volume of customer transactions.AML 7.6.2 AML 7.6.2 Ongoing sanctions screening
A
Relevant Person must review its customers, their business and transactions against United Nations Security Council sanctions lists and against any other relevant sanctions list when complying with Rule 7.6.1(1)(d).AML 7.6.2 Guidance
In AMLRule 7.6.2, a "relevant sanctions list" may include U.A.E EU, U.K. HM Treasury, U.S. OFAC lists and any other list which may apply to a
Relevant Person .Derived from RM117/2013 [VER9/07-13]
[Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]AML 7.7 AML 7.7 Failure to conduct or complete customer due diligence
AML 7.7.1 AML 7.7.1
(1) Where, in relation to any customer, aRelevant Person is unable to conduct or complete the requisiteCustomer Due Diligence in accordance with AML Rule 7.1.1 it must, to the extent relevant:(a) not carry out a transaction with or for the customer through a bank account or in cash;(b) not open an account or otherwise provide a service;(c) not otherwise establish a business relationship or carry out a transaction;(d) terminate or suspend any existing business relationship with the customer;(e) return any monies or assets received from the customer; and(f) consider whether the inability to conduct or completeCustomer Due Diligence necessitates the making of a Suspicious Activity Report under AML Rule 13.3.1(c).(2) ARelevant Person is not obliged to comply with (1) (a) to (e) if:(a) to do so would amount to "tipping off" the customer, in breach of Federal AML legislation; or(b) the FIU directs theRelevant Person to act otherwise.Derived from RM117/2013 [VER9/07-13]
[Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
[Amended] DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]]
[Amended] DFSA RM258/2019 (Made 26th June 2019). [VER16/07-19]AML 7.7.1 Guidance
1. In complying with Rule 7.7.1(1) aRelevant Person should apply one or more of the measures in (a) to (f) as appropriate in the circumstances. WhereCDD cannot be completed, it may be appropriate not to carry out a transaction pending completion ofCDD . WhereCDD cannot be conducted, including where a material part of theCDD , such as identifying and verifying aBeneficial Owner cannot be conducted, aRelevant Person should not establish a business relationship with the customer.2. ARelevant Person should note that Rule 7.7.1 applies to both existing and prospective customers. For new customers it may be appropriate for aRelevant Person to terminate the business relationship before a product or service is provided. However, for existing customers, while termination of the business relationship should not be ruled out, suspension may be more appropriate depending on the circumstances. Whichever route is taken, theRelevant Person should be careful not to tip off the customer.3. ARelevant Person should adopt the RBA forCDD of existing customers. For example, if aRelevant Person considers that any of its existing customers (which may include customers which it migrates into theDIFC ) have not been subject toCDD at an equivalent standard to that required by this module, it should adopt the RBA and take remedial action in a manner proportionate to the risks and within a reasonable period of time whilst complying with Rule 7.7.1.