1. In this module, for simplicity, a reference to "money laundering" also includes terrorist financing and the financing of unlawful organisations (see AML Rule 3.1.1
Overview of the DIFC's AML regime
2. The DIFC
is governed by two separate and complementary regimes in relation to AML regulation, both administered by the DFSA:
a. The Federal regime: Under Article 3 of Federal Law No. 8 of 2004, the provisions of Federal Law No. 4 of 2002 on Combating Money Laundering and Terrorist Financing and Federal Law No. 7 of 2014 on Combating Terrorism Offences and the implementing regulations under those laws apply in the DIFC. The DFSA, as the DIFC's supervisory authority for the purposes of those laws, is obliged to issue regulations and guidance in the DIFC relating to the regulation of anti-money laundering and combating the financing of terrorism and unlawful organisations. The DFSA may also impose administrative penalties for breaches of those laws and the implementing regulations. See Article 11(2) of Federal Law No. 4 of 2002 and also Article 17 of Cabinet Resolution No. 38 of 2014; and
b. The DIFC
regime: Under Article 70
(3) of the DIFC Regulatory Law 2004 (the "Regulatory Law"), the DFSA has jurisdiction for the regulation of anti-money laundering in the DIFC relating to Relevant Persons (see para 4 below) and their officers, employees and agents
. The DIFC
specific regime is contained in Chapter 2
of Part 4 of the Regulatory Law and any DFSA Rules made in connection with anti-money laundering measures, policies and procedures.
3. Note that under Article 71
(1) of the Regulatory Law, the DIFC
regime requires compliance with the Federal regime. It follows that a failure to comply with a provision of Federal Law No. 4 of 2002 on Combating Money Laundering and Terrorist Financing or Federal Law No. 7 of 2014 on Combating Terrorism Offences or the implementing regulations under those laws may also provide evidence of failure to comply with Article 71(1), which may then be addressed under the disciplinary and remedial provisions of the Regulatory Law and DFSA Rules.
Purpose of the AML module
4. The AML module has been designed to provide a single reference point for all persons and entities (collectively called Relevant Persons) who are supervised by the DFSA for Anti-Money Laundering (AML), Counter-Terrorist Financing (CTF) and sanctions compliance under the two regimes referred to above. Accordingly it applies to Authorised Firms (other than Credit Rating Agencies), Authorised Market Institutions, Designated Non-Financial Businesses and Professions (DNFBPs), and Registered Auditors. The AML module takes into consideration the fact that Relevant Persons have differing AML risk profiles. A Relevant Person should familiarise itself with this module, and assess the extent to which the chapters and sections apply to it.
5. The AML module cannot be read in isolation from other relevant legislation or developments in international policy and best practice and, to the extent applicable, Relevant Persons need to be aware of, and take into account, how these aforementioned matters may impact on the Relevant Person's day to day operations. This is particularly relevant when considering United Nations Security Council Resolutions (UNSCRs) which apply in the DIFC, and unilateral sanctions imposed by other jurisdictions which may apply to a Relevant Person depending on the Relevant Person's jurisdiction of origin, its business and/or customer base.
Structure of the AML module
6. Chapter 1
of this module contains an application table which should assist a Relevant Person
to navigate through the module and to determine which chapters are applicable to it. Chapter 1
also specifies who is ultimately responsible for a Relevant Person's
compliance with the AML module. The DFSA
expects the senior management of a Relevant Person
to establish a robust and effective AML/CTF and sanctions compliance culture for the business.
7. Chapter 2
provides an overview of the AML module and chapter 3
sets out the key definitions in the module. Note that not all definitions used in this module are capitalised.
8. Chapter 4
explains the meaning of the risk-based approach (RBA), which should be applied when complying with this module. The RBA requires a risk-based assessment of a Relevant Person's
business (in chapter 5
) and its customers (in chapter 6
). A risk-based assessment should be a dynamic process involving regular review, and the use of these reviews to establish the appropriate processes to match the levels of risk. No two Relevant Persons
will have the same approach, and implementation of the RBA and the AML module permits a Relevant Person
to design and implement systems that should be appropriate to their business and customers, with the obvious caveat being that such systems should be reasonable and proportionate in light of the AML risks. The DFSA
expects the RBA to determine the breadth and depth of the Customer Due Diligence (CDD
) which is undertaken for a particular customer under chapter 7
, though the DFSA
understands that there is an inevitable overlap between the risk-based assessment of the customer in chapter 6
in chapter 7
. This overlap may occur at the initial stages of customer on-boarding but may also occur when undertaking on-going CDD
9. Chapter 8
sets out when and how a Relevant Person
may rely on a third party to undertake all or some of its CDD
obligations. Reliance on a third-party CDD
reduces the need to duplicate CDD
already performed for a customer. Alternatively, a Relevant Person
may outsource some or all of its CDD
obligations to a service provider.
10. Chapter 9
sets out certain obligations in relation to correspondent banking, wire transfers and other matters which apply to Authorised Persons
, and, in particular, to banks.
11. Chapter 10
sets out a Relevant Person's
obligations in relation to United Nations Security Council resolutions and sanctions, and government, regulatory and international findings (in relation to AML, terrorist financing and the financing of weapons of mass destruction).
12. Chapter 11
sets out the obligation for a Relevant Person
to appoint a Money Laundering Reporting Officer (MLRO
) and the responsibilities of such a person.
13. Chapter 12
sets out the requirements for AML training and awareness. A Relevant Person
should adopt the RBA when complying with chapter 12, so as to make its training and awareness proportionate to the AML risks of the business and the employee role.
14. Chapter 13
contains the obligations applying to all Relevant Persons
concerning Suspicious Activity Reports
, which are required to be made under Federal Law No. 4 of 2002.
15. Chapter 14
contains the general obligations applying to all Relevant Persons
, including Group
policies, notifications, record-keeping requirements and the annual AML Return.
16. Chapter 15
sets out specific Rules applying to DNFBPs
, including the requirement to register with the DFSA
, and Chapter 16
contains certain transitional Rules.
The U.A.E. criminal law
17. The U.A.E. criminal law applies in the DIFC and, therefore, persons in the DIFC must be aware of their obligations in respect of the criminal law as well as these Rules. Relevant U.A.E. criminal laws include Federal Law No. 4 of 2002 on Combating Money Laundering and Terrorist Financing, Federal Law No. 7 of 2014 on Combating Terrorism Offences and the Penal Code of the U.A.E.
18. Under Federal AML legislation, a Person
may be criminally liable for the offence of money laundering if it intentionally commits specified acts in relation to funds which it knows are the proceeds of crime. The DFSA notes that:
a. the failure to report suspicions of money laundering;
b. "tipping off"; and
c. assisting in the commission of money laundering,
may each constitute a criminal offence that is punishable under the laws of the State.
19. The U.A.E Central Bank has the power under Federal AML legislation to freeze funds or other assets suspected of relating to money laundering, terrorist financing or the financing of unlawful organisations. Federal authorities also have powers to apply for the confiscation of funds or other assets that have been used for such purposes.
20. In a number of places in this module, Guidance cross-refers to specific requirements in Federal AML legislation. As interpretation of Federal AML legislation is a matter for the relevant Federal authorities rather than the DFSA, any question about those requirements should be directed to the relevant Federal authorities. Rules or Guidance in this module should not be relied upon to interpret or determine the application of the laws of the State.
Financial Action Task Force
21. The Financial Action Task Force (FATF) is an inter-governmental body whose purpose is the development and promotion of international standards to combat money laundering and terrorist financing.
22. The DFSA has had regard to the FATF Recommendations in making these Rules. A Relevant Person may wish to refer to the FATF Recommendations and interpretive notes to assist it in complying with these Rules. However, in the event that a FATF Recommendation or interpretive note conflicts with a Rule in this module, the relevant Rule takes precedence.
23. A Relevant Person may also wish to refer to the FATF typology reports which may assist in identifying new money laundering threats and which provide information on money laundering and terrorist financing methods. The FATF typology reports cover many pertinent topics for Relevant Persons, including corruption, new payment methods, money laundering using trusts and company service providers, and vulnerabilities of free trade zones. These typology reports can be found on the FATF website www.fatf-gafi.org.
24. The U.A.E.
, as a member of the United Nations, is required to comply with sanctions issued and passed by the United Nations Security Council (UNSC). These UNSC obligations apply in the DIFC
and their importance is emphasised by specific obligations contained in this module requiring Relevant Persons
to establish and maintain effective systems and controls to comply with UNSC sanctions and resolutions (See chapter 10
25. The FATF has issued guidance on a number of specific UNSC sanctions and resolutions regarding the countering of the proliferation of weapons of mass destruction. Such guidance has been issued to assist in implementing the targeted financial sanctions and activity based financial prohibitions. This guidance can be found on the FATF website www.fatf-gafi.org.
26. In relation to unilateral sanctions imposed in specific jurisdictions such as the European Union, the U.K. (HM Treasury) and the U.S. (Office of Foreign Assets Control), the DFSA expects a Relevant Person to consider and take positive steps to ensure compliance where required or appropriate.
Tax Issues and Exchange of Information for Tax purposes
27. The DIFC benefits from an international customer base with a growing number of customers who may be investing with financial institutions outside their country of residence. These factors create a risk of the services of Relevant Persons being used to hide assets which are subject to taxation, or to launder the unlawful proceeds of tax crimes.
28. The DFSA is committed to protecting the DIFC from being used to facilitate tax crimes and believes that strong AML policies, procedures, systems and controls, including robust customer due diligence requirements, are needed to mitigate the risk of tax crimes.
29. Such measures will also ensure that a Relevant Person is able to comply with other international obligations such as the OECD Automatic Exchange of Information for Tax Purposes Programme and FATF Recommendations, which were updated in 2012 to expand the scope of money laundering predicate offences to include tax crimes (related to direct and indirect taxes).
30. A Relevant Person
should therefore establish and maintain appropriate policies, procedures, systems and controls to enable it to detect and deter the laundering of proceeds of tax crimes. For example, as part of its risk-based approach under chapter 4
, it should consider its tax risk exposure as a result of the nature of its business, customers, products, services and other relevant factors. It should also conduct appropriate customer due diligence to identify customers who may be subject to tax crime risk (see also the Guidance after AML Rule 6.1.4