The DFSA Rulebook

1 AML/VER18/09-21 The DFSA Rulebook Anti- money laundering , Counter-Terrorist Financing and Sanctions Module (AML) Anti- money laundering , Counter-Terrorist Financing and Sanctions Module (AML) AML/VER18/09-21 Contents The contents of this module are divided into the following chapters, sections and appendices: 1 INTRODUCTION .. 3 Application .. 3 Responsibility for compliance with this module .. 3 Application table .. 4 2 OVERVIEW AND PURPOSE OF THE MODULE .. 5 3 INTERPRETATION AND TERMINOLOGY .. 9 Interpretation .. 9 Glossary for AML .. 9 4 APPLYING A RISK-BASED APPROACH .. 16 The risk-based approach .. 17 5 BUSINESS RISK ASSESSMENT .. 18 Assessing business AML risks .. 18 AML systems and controls .. 20 6 CUSTOMER RISK 21 Assessing customer AML risks .. 22 7 CUSTOMER DUE DILIGENCE .. 28 Requirement to undertake customer due diligence.

2 29 Timing of customer due diligence .. 29 Customer due diligence requirements .. 31 Enhanced customer due diligence .. 37 Simplified customer due diligence .. 39 Ongoing customer due diligence .. 40 Failure to conduct or complete customer due diligence .. 41 8 RELIANCE AND OUTSOURCING .. 43 Reliance on a third party .. 43 Outsourcing .. 45 money Service Providers .. 46 9 CORRESPONDENT BANKING, ELECTRONIC FUND TRANSFERS AND AUDIT .. 47 Application .. 47 Correspondent banking .. 47 Electronic fund transfers .. 48 Audit .. 52 Anti- money laundering , Counter-Terrorist Financing and Sanctions Module (AML) AML/VER18/09-21 10 SANCTIONS AND OTHER INTERNATIONAL OBLIGATIONS .. 53 Application .. 53 Relevant United Nations resolutions and sanctions .. 53 Government, regulatory and international findings.

3 54 11 money laundering REPORTING OFFICER .. 57 Application .. 57 Appointment of a MLRO .. 57 Qualities of a MLRO .. 58 Responsibilities of a MLRO .. 58 12 AML TRAINING AND AWARENESS .. 60 Training and awareness .. 60 13 SUSPICIOUS ACTIVITY 62 Application and definitions .. 62 Internal reporting requirements .. 62 Suspicious activity report .. 63 Tipping-off .. 64 Freezing assets .. 64 14 GENERAL .. 65 Groups, branches and subsidiaries .. 65 Group policies .. 66 Notifications .. 66 Record keeping .. 66 Annual AML 68 Communication with the DFSA .. 69 Employee disclosures .. 69 Decision making procedures .. 69 15 DNFBP REGISTRATION AND SUPERVISION .. 71 Registration and notifications .. 71 Request to withdraw 72 Disclosure of regulatory status .. 73 Transitional .. 73 16 TRANSITIONAL RULES.

4 74 Application .. 74 General .. 74 Specific relief Ancillary Service Provider and DNFBPs .. 74 Anti- money laundering , Counter-Terrorist Financing and Sanctions Module (AML) 3 AML/VER18/09-21 1 INTRODUCTION Application This module (AML) applies to: (a) every Relevant Person in respect of all its activities carried on in or from the DIFC; (b) the persons specified in Rule as being responsible for a Relevant Person s compliance with this module; and (c) a Relevant Person, which is a DIFC entity, to the extent required by Rule except to the extent that a provision of AML provides for a narrower application. For the purposes of these Rules, a Relevant Person means: (a) an Authorised Firm other than a Credit Rating Agency; (b) an Authorised Market Institution; (c) a DNFBP; or (d) a Registered Auditor.

5 Responsibility for compliance with this module (1) Responsibility for a Relevant Person s compliance with this module lies with every member of its senior management. (2) In carrying out their responsibilities under this module every member of a Relevant Person s senior management must exercise due skill, care and diligence. (3) Nothing in this Rule precludes the DFSA from taking enforcement action against any person including any one or more of the following persons in respect of a breach of any Rule in this module: (a) a Relevant Person; (b) members of a Relevant Person s senior management; or (c) an Employee of a Relevant Person. Anti- money laundering , Counter-Terrorist Financing and Sanctions Module (AML) 4 AML/VER18/09-21 Application table Guidance Relevant Person Applicable Chapters Authorised Person 1 - 14 Representative Office 1 - 5* 10- 14 Registered Auditor 1 -8 10 - 14 DNFBP 1 - 8 10 - 15 * Chapters 6 9 are unlikely to apply to a Representative Office as such an office is only permitted to carry on limited activities in the DIFC and therefore must not have Customers.

6 Anti- money laundering , Counter-Terrorist Financing and Sanctions Module (AML) 5 AML/VER18/09-21 2 OVERVIEW AND PURPOSE OF THE MODULE Guidance 1. In this module, for simplicity, a reference to money laundering also includes terrorist financing and the financing of illegal organisations (see Rule ). Overview of the DIFC s AML regime 2. The DIFC is governed by two separate and complementary regimes in relation to AML regulation, both administered by the DFSA: a. The Federal regime: Under Article 3 of Federal Law No. 8 of 2004, the provisions of Federal Law No. 20 of 2018 on Anti- money laundering and Combating the Financing of Terrorism and Illegal Organisations and Federal Law No. 7 of 2014 on Combating Terrorism offences and the implementing regulations under those laws apply in the DIFC.

7 The DFSA, as the DIFC s supervisory authority for Relevant Persons for the purposes of those laws, is obliged to supervise and monitor Relevant Persons for compliance with provisions of the Federal laws and regulations. The DFSA may also impose administrative penalties for breaches of those laws and the implementing regulations. See Article 14 of Federal Law No. 20 of 2018, Article 44 of Cabinet Decision No. 10 of 2019, and Article 20 of Cabinet Decision No. 20 of 2019; and b. The DIFC regime: Under Article 70(3) of the DIFC Regulatory Law 2004 (the Regulatory Law ), the DFSA has jurisdiction for the regulation of anti- money laundering in the DIFC relating to Relevant Persons (see para 4 below) and their officers, employees and agents. The DIFC specific regime is contained in Chapter 2 of Part 4 of the Regulatory Law and any DFSA Rules made in connection with anti- money laundering measures, policies and procedures.

8 3. Note that under Article 71(1) of the Regulatory Law, the DIFC regime requires compliance with the Federal regime. It follows that a failure to comply with a provision of Federal Law No. 20 of 2018 on Anti- money laundering and Combating the Financing of Terrorism and Illegal Organisations or Federal Law No. 7 of 2014 on Combating Terrorism offences or the implementing regulations under those laws may also provide evidence of failure to comply with Article 71(1), which may then be addressed under the disciplinary and remedial provisions of the Regulatory Law and DFSA Rules. Purpose of the AML module 4. The AML module has been designed to provide a single reference point for all persons and entities (collectively called Relevant Persons) referred to in Rule who are supervised by the DFSA for Anti- money laundering (AML), Counter-Terrorist Financing (CTF) and sanctions compliance.

9 Accordingly it applies to Authorised Firms (other than Credit Rating Agencies), Authorised Market Institutions, Designated Non-Financial Businesses and Professions (DNFBPs), and Registered Auditors. The AML module takes into consideration the fact that Relevant Persons have differing AML risk profiles. A Relevant Person should familiarise itself with this module, and assess the extent to which the chapters and sections apply to it. 5. The AML module cannot be read in isolation from other relevant legislation or developments in international policy and best practice and, to the extent applicable, Relevant Persons need to be aware of, and take into account, how these aforementioned matters may impact on the Relevant Person s day to day operations.

10 This is particularly relevant when considering the list of persons and terrorist organisations issued under Cabinet Decision No. 20 of 2019 and the United Nations Security Council Resolutions (UNSCRs) which apply in the DIFC, and unilateral sanctions imposed by other jurisdictions which may apply to a Relevant Person depending on the Relevant Person s jurisdiction of origin, its business and/or customer base. Anti- money laundering , Counter-Terrorist Financing and Sanctions Module (AML) 6 AML/VER18/09-21 Structure of the AML module 6. Chapter 1 of this module contains an application table which should assist a Relevant Person to navigate through the module and to determine which chapters are applicable to it. Chapter 1 also specifies who is ultimately responsible for a Relevant Person s compliance with the AML module.