AML 2 Guidance

1. In this module, for simplicity, a reference to "money laundering" also includes terrorist financing and the financing of illegal organisations (see AML Rule 3.1.1).

Overview of the DIFC's AML regime

2. The DIFC is governed by two separate and complementary regimes in relation to AML regulation, both administered by the DFSA:
a. The Federal regime: Under Article 3 of Federal Law No. 8 of 2004, the provisions of Federal Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations and Federal Law No. 7 of 2014 on Combating Terrorism Offences and the implementing regulations under those laws apply in the DIFC. The DFSA, as the DIFC's supervisory authority for Relevant Persons for the purposes of those laws, is obliged to supervise and monitor Relevant Persons for compliance with provisions of the Federal laws and regulations. The DFSA may also impose administrative penalties for breaches of those laws and the implementing regulations. See Article 14 of Federal Law No. 20 of 2018, Article 44 of Cabinet Decision No. 10 of 2019, and Article 20 of Cabinet Decision No. 20 of 2019; and
b. The DIFC regime: Under Article 70(3) of the DIFC Regulatory Law 2004 (the "Regulatory Law"), the DFSA has jurisdiction for the regulation of anti-money laundering in the DIFC relating to Relevant Persons (see para 4 below) and their officers, employees and agents. The DIFC specific regime is contained in Chapter 2 of Part 4 of the Regulatory Law and any DFSA Rules made in connection with anti-money laundering measures, policies and procedures.
3. Note that under Article 71(1) of the Regulatory Law, the DIFC regime requires compliance with the Federal regime. It follows that a failure to comply with a provision of Federal Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations or Federal Law No. 7 of 2014 on Combating Terrorism Offences or the implementing regulations under those laws may also provide evidence of failure to comply with Article 71(1), which may then be addressed under the disciplinary and remedial provisions of the Regulatory Law and DFSA Rules.

Purpose of the AML module

4. The AML module has been designed to provide a single reference point for all persons and entities (collectively called Relevant Persons) referred to in AML Rule 1.1.2 who are supervised by the DFSA for Anti-Money Laundering (AML), Counter-Terrorist Financing (CTF) and sanctions compliance. Accordingly it applies to Authorised Firms (other than Credit Rating Agencies), Authorised Market Institutions, Designated Non-Financial Businesses and Professions (DNFBPs), and Registered Auditors. The AML module takes into consideration the fact that Relevant Persons have differing AML risk profiles. A Relevant Person should familiarise itself with this module, and assess the extent to which the chapters and sections apply to it.
5. The AML module cannot be read in isolation from other relevant U.A.E. legislation or developments in international policy and best practice and, to the extent applicable, Relevant Persons need to be aware of, and take into account, how these aforementioned matters may impact on the Relevant Person's day to day operations. This is particularly relevant when considering the list of persons and terrorist organisations issued under Cabinet Decision No. 20 of 2019 and the United Nations Security Council Resolutions (UNSCRs) which apply in the DIFC, and unilateral sanctions imposed by other jurisdictions which may apply to a Relevant Person depending on the Relevant Person's jurisdiction of origin, its business and/or customer base.

Structure of the AML module

6. Chapter 1 of this module contains an application table which should assist a Relevant Person to navigate through the module and to determine which chapters are applicable to it. Chapter 1 also specifies who is ultimately responsible for a Relevant Person's compliance with the AML module. The DFSA expects the senior management of a Relevant Person to establish a robust and effective AML/CTF and sanctions compliance culture for the business.
7. Chapter 2 provides an overview of the AML module and chapter 3 sets out the key definitions in the module. Note that not all definitions used in this module are capitalised.
8. Chapter 4 explains the meaning of the risk-based approach (RBA), which should be applied when complying with this module. The RBA requires a risk-based assessment of a Relevant Person's business (in chapter 5) and its customers (in chapter 6). A risk-based assessment should be a dynamic process involving regular review, and the use of these reviews to establish the appropriate processes to match the levels of risk. No two Relevant Persons will have the same approach, and implementation of the RBA and the AML module permits a Relevant Person to design and implement systems that should be appropriate to their business and customers, with the obvious caveat being that such systems should be reasonable and proportionate in light of the AML risks. The DFSA expects the RBA to determine the breadth and depth of the Customer Due Diligence (CDD) which is undertaken for a particular customer under chapter 7, though the DFSA understands that there is an inevitable overlap between the risk-based assessment of the customer in chapter 6 and CDDin chapter 7. This overlap may occur at the initial stages of customer on-boarding but may also occur when undertaking on-going CDD.
9. Chapter 8 sets out when and how a Relevant Person may rely on a third party to undertake all or some of its CDDobligations. Reliance on a third-party CDDreduces the need to duplicate CDDalready performed for a customer. Alternatively, a Relevant Person may outsource some or all of its CDDobligations to a service provider.
10. Chapter 9 sets out certain obligations in relation to correspondent banking, wire transfers and other matters which apply to Authorised Persons, and, in particular, to banks.
11. Chapter 10 sets out a Relevant Person's obligations in relation to United Nations Security Council resolutions and sanctions, and government, regulatory and international findings (in relation to AML, terrorist financing and the financing of weapons of mass destruction).
12. Chapter 11 sets out the obligation for a Relevant Person to appoint a Money Laundering Reporting Officer (MLRO) and the responsibilities of such a person.
13. Chapter 12 sets out the requirements for AML training and awareness. A Relevant Person should adopt the RBA when complying with chapter 12, so as to make its training and awareness proportionate to the AML risks of the business and the employee role.
14. Chapter 13 contains the obligations applying to all Relevant Persons concerning Suspicious Activity Reports, which are required to be made under Federal Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations.
15. Chapter 14 contains the general obligations applying to all Relevant Persons, including Group policies, notifications, record-keeping requirements and the annual AML Return.
16. Chapter 15 sets out specific Rules applying to DNFBPs, including the requirement to register with the DFSA, and Chapter 16 contains certain transitional Rules.

The U.A.E. criminal law

17. The U.A.E. criminal law applies in the DIFC and, therefore, persons in the DIFC must be aware of their obligations in respect of the criminal law as well as these Rules. Relevant U.A.E. criminal laws include Federal Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations, Federal Law No. 7 of 2014 on Combating Terrorism Offences and the Penal Code of the U.A.E.
18. Under Federal AML legislation a Person may be criminally liable for certain conduct, such as:
a. money laundering;
b. financing terrorism;
c. financing illegal organisations;
d. 'tipping off';
e. violation of sanctions;
f. failure to declare currency or precious metals brought into or taken out of the U.A.E.
19. The U.A.E Central Bank has the power under Federal AML legislation to freeze funds or other assets suspected of relating to money laundering, terrorist financing or the financing of illegal organisations. Other Federal authorities also have powers to apply for the freezing or confiscation of funds or other assets that have been used for such purposes.
20. In a number of places in this module, Guidance cross-refers to specific requirements in Federal AML legislation. Rules or Guidance in this module should not be relied upon to interpret or determine the application of the Federal AML legislation. Relevant Persons should refer to the guidelines issued under the Federal AML legislation to understand their obligations under that legislation..

Financial Action Task Force

21. The Financial Action Task Force (FATF) is an inter-governmental body whose purpose is the development and promotion of international standards to combat money laundering and terrorist financing.
22. The DFSA has had regard to the FATF Recommendations in making these Rules. A Relevant Person may wish to refer to the FATF Recommendations and interpretive notes to assist it in complying with these Rules. However, in the event that a FATF Recommendation or interpretive note conflicts with a Rule in this module, the relevant Rule takes precedence.
23. A Relevant Person may also wish to refer to the FATF typology reports which may assist in identifying new money laundering threats and which provide information on money laundering and terrorist financing methods. The FATF typology reports cover many pertinent topics for Relevant Persons, including corruption, new payment methods, money laundering using trusts and company service providers, and vulnerabilities of free trade zones. These typology reports can be found on the FATF website
24. The U.A.E., as a member of the United Nations, is required to comply with sanctions issued and passed by the United Nations Security Council (UNSC). These UNSC obligations apply in the DIFC and their importance is emphasised by specific obligations contained in this module requiring Relevant Persons to establish and maintain effective systems and controls to comply with UNSC sanctions and resolutions (See chapter 10).
25. The FATF has issued guidance on a number of specific UNSC sanctions and resolutions regarding the countering of the proliferation of weapons of mass destruction. Such guidance has been issued to assist in implementing the targeted financial sanctions and activity based financial prohibitions. This guidance can be found on the FATF website
26. In relation to unilateral sanctions imposed in specific jurisdictions such as the European Union, the U.K. (HM Treasury) and the U.S. (Office of Foreign Assets Control), the DFSA expects a Relevant Person to consider and take positive steps to ensure compliance where required or appropriate.

Tax Issues and Exchange of Information for Tax purposes

27. The DIFC benefits from an international customer base with a growing number of customers who may be investing with financial institutions outside their country of residence. These factors create a risk of the services of Relevant Persons being used to hide assets which are subject to taxation, or to launder the unlawful proceeds of tax crimes.
28. The DFSA is committed to protecting the DIFC from being used to facilitate tax crimes and believes that strong AML policies, procedures, systems and controls, including robust customer due diligence requirements, are needed to mitigate the risk of tax crimes.
29. Such measures will also ensure that a Relevant Person is able to comply with other international obligations such as the OECD Automatic Exchange of Information for Tax Purposes Programme and FATF Recommendations, which were updated in 2012 to expand the scope of money laundering predicate offences to include tax crimes (related to direct and indirect taxes).
30. A Relevant Person should therefore establish and maintain appropriate policies, procedures, systems and controls to enable it to detect and deter the laundering of proceeds of tax crimes. For example, as part of its risk-based approach under chapter 4, it should consider its tax risk exposure as a result of the nature of its business, customers, products, services and other relevant factors. It should also conduct appropriate customer due diligence to identify customers who may be subject to tax crime risk (see also the Guidance after AML Rule 6.1.4).
Derived from RM117/2013 [VER9/07-13]
[Amended] DFSA RM132/2014 (Made 21st August 2014). [VER10/06-14]
[Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
[Amended] DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]
[Amended] DFSA RM258/2019 (Made 26th June 2019). [VER16/07-19]