Entire Section

  • AML 8.1 AML 8.1 Reliance on a third party

    • AML 8.1.1 AML 8.1.1

      (1) A Relevant Person may rely on the following third parties to conduct one or more elements of Customer Due Diligence on its behalf:
      (a) an Authorised Person;
      (b) a law firm, notary, or other independent legal business, accounting firm, audit firm or insolvency practitioner or an equivalent person in another jurisdiction;
      (c) a Financial Institution; or
      (d) a member of the Relevant Person's Group.
      (2) In (1), a Relevant Person may rely on the information previously obtained by a third party which covers one or more elements of Customer Due Diligence.
      (3) Where a Relevant Person seeks to rely on a person in (1) it may only do so if and to the extent that:
      (a) it immediately obtains the necessary Customer Due Diligence information from the third party in (1);
      (b) it takes adequate steps to satisfy itself that certified copies of the documents used to undertake the relevant elements of Customer Due Diligence will be available from the third party on request without delay;
      (c) if a person in (1)(b) to (d) is in another country, the person is:
      (i) subject to requirements in relation to customer due diligence and record keeping which meet the standards set out in the FATF Recommendations; and
      (ii) supervised for compliance with those requirements in a manner that meets the standards for regulation and supervision set out in the FATF Recommendations;
      (d) the person in (1) has not relied on any exception from the requirement to conduct any relevant elements of Customer Due Diligence which the Relevant Person seeks to rely on; and
      (e) in relation to (2), the information is up to date.
      (4) Where a Relevant Person relies on a member of its Group, such Group member need not meet the condition in (3)(c) if:
      (a) the Group applies and implements a Group-wide policy on customer due diligence, record keeping, Politically Exposed Persons and AML programmes which meets the standards set out in the FATF Recommendations; and
      (b) where the effective implementation of those Customer Due Diligence, record keeping and PEP requirements and AML programmes are supervised at Group level by a Financial Services Regulator or other competent authority in a country, the supervision and regulation meets the standards set out in the FATF Recommendations.
      (5) If a Relevant Person is not reasonably satisfied that a customer or Beneficial Owner has been identified and verified by a third party in a manner consistent with these Rules, the Relevant Person must immediately perform the Customer Due Diligence itself with respect to any deficiencies identified.
      (6) Notwithstanding the Relevant Person's reliance on a person in (1), the Relevant Person remains responsible for compliance with, and liable for any failure to meet the Customer Due Diligence requirements in this module.
      Derived from RM117/2013 [VER9/07-13]
      [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
      [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

      • AML 8.1.1 Guidance

        1. In complying with AML Rule 8.1.1(3)(a), "immediately obtaining the necessary CDD information" means obtaining all relevant CDD information, and not just basic information such as name and address. Compliance can be achieved by having that relevant information sent by email or other appropriate means. For the avoidance of doubt, a Relevant Person is not required automatically to obtain the underlying certified documents used by the third party to undertake its CDD. A Relevant Person must, however, under AML Rule 8.1.1(3)(b) ensure that the certified documents are readily available from the third party on request.
        2. The DFSA would expect a Relevant Person, in complying with AML Rule 8.1.1(5), to fill any gaps in the CDD process as soon as it becomes aware that a customer or Beneficial Owner has not been identified and verified in a manner consistent with these Rules.
        3. If a Relevant Person acquires another business, either in whole or in part, the DFSA would permit the Relevant Person to rely on the CDD conducted by the business it is acquiring but would expect the Relevant Person to have done the following:
        a. as part of its due diligence for the acquisition, to have taken a reasonable sample of the prospective customers to assess the quality of the CDD undertaken; and
        b. to undertake CDD on all the customers to cover any deficiencies identified in a. as soon as possible following the acquisition, prioritising high risk customers.
        4. Where a particular jurisdiction's laws (such as secrecy or data protection legislation) would prevent a Relevant Person from having access to CDD information upon request without delay as referred to in AML Rule 8.1.1(3)(b), the Relevant Person should undertake the relevant CDD itself and should not seek to rely on the relevant third party.
        5. If a Relevant Person relies on a third party located in a foreign jurisdiction to conduct one or more elements of CDD on its behalf, the Relevant Person must ensure that the foreign jurisdiction has AML regulations that are equivalent to the standards in the FATF Recommendations (see AML Rule 8.1.1(3)(c) and AML Rule 8.1.2).
        Derived from RM117/2013 [VER9/07-13]
        [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
        [Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]

    • AML 8.1.2

      (1) When assessing under AML Rule 8.1.1(3)(c) or (4) if requirements, supervision or regulation in another jurisdiction meet FATF standards, a Relevant Person must take into account factors including, among other things:

      (a) mutual evaluations, assessment reports or follow-up reports published by FATF, the IMF, the World Bank, the OECD or other International Organisations;
      (b) membership of FATF or other international or regional groups such as the MENAFATF or the Gulf Co-operation Council;
      (c) contextual factors such as political stability or the level of corruption in the jurisdiction;
      (d) evidence of recent criticism of the jurisdiction, including in:
      (i) FATF advisory notices;
      (ii) public assessments of the jurisdiction's AML regime by organisations referred to in (a); or
      (iii) reports by other relevant non-government organisations or specialist commercial organisations; and
      (e) whether adequate arrangements exist for co-operation between the AML regulator in that jurisdiction and the DFSA.

      (2) A Relevant Person making an assessment under (1) must rely only on sources of information that are reliable and up-to-date.

      (3) A Relevant Person must keep adequate records of how it made its assessment, including the sources and materials considered.

      Derived from DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]