Clari5 Market Insights
United Arab Emirates
Central Bank of the UAE
New Guidance for FIs on Risks Related to VAs & VASPs
The Central Bank of the UAE has Issued a New Guidance for Licensed Financial Institutions on Risks Related to Virtual Assets and Virtual Asset Service Providers
By when must Financial Institutions (FIs) comply with the mandate?
FIs must meet the CBUAE guidelines by June 30, 2023.
Why has CBUAE issued the new mandate?
The UAE region is seeing a huge uptick in money laundering activities related to Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs) in the ongoing times. Virtual assets, like more traditional forms of value such as cash and e-money, can be used to move or store value related to any kind of illicit activity, from fraud to the proliferation of weapons of mass destruction like illicit sale of narcotics and firearms. Computer-based fraud and extortion, drug trafficking, cybercrimes, purchases from online dark web marketplaces, existence of professional money laundering schemes that allow criminals to cash out proceeds generated in virtual currency via illicit online markets are also observed.
VAs and VASPs have become a vulnerable area because of the Anonymity or pseudo-anonymity of blockchain transactions, Weak Regulatory and Supervisory Architecture in the jurisdictions, Insufficient Preventive Measures, and Downstream services to third-party (i.e., non-customer) VASPs.
Virtual asset markets offer less consumer protection than traditional financial markets, with correspondingly greater risks of fraud and manipulation. Hence these Virtual assets may be targets for hackers, who have been able to breach sophisticated security systems to steal funds, without the company holding your virtual assets and not being able to offer you the kind of help you expect from a bank. Therefore, CBUAE issued these guidelines.
Highlights of the mandate
The guidance published by CBUAE is applicable to all National banks, branches of foreign banks, exchange houses, finance companies, payment service providers, registered hawala providers, and Insurance companies, agencies, and brokers.
The CBUAE has laid out Requirements for Non-Objection for Opening New Accounts for VASPs for Administrative Accounts, Transactional Accounts, Jurisdiction, Control Assurance and Non-Objection Process.
The CBUAE has also laid out Mitigation steps for ML / TF Risks Related to VASP Customers and VA-Related Customer Transactions which include:
Risk-Based Approach
LFIs must perform, document, and keep up to date an enterprise-wide risk assessment that includes an assessment of risks related to VASP or VA-exposed customers. This risk assessment should consider all the risk factors relevant to VASPs and VA activities, including those arising in relation to its customers, Products and services, Delivery channels, and Geographies. FIs need to perform a one-time review and assessment of their existing customer portfolio to understand if any existing customers meet the definition of a VASP or engage in VA transactions and establish a compliance monitoring plan.
Customer Due Diligence
Under Article 5 of the AML-CFT Decision, LFIs must conduct CDD before or during the establishment of the business relationship or account, or before executing a transaction for a customer with whom there is no business relationship. As part of General CDD, follow the steps of Customer Identification and Verification, Beneficial Owner Identification and Verification, Understanding the Nature of the Customer’s Business and the Nature and Purpose of the Business Relationship, Ongoing Monitoring throughout the business relationship, Sanctions Screening of all parties, and of Customer Rejection and Exit. Besides that, there needs to be Specific Due Diligence done for All VASP Customers, and Enhanced Measures taken for Higher-Risk Customers.
Transaction Monitoring and Suspicious Transaction Reporting
Under Article 16 of the AML-CFT Decision, LFIs must monitor activity by all customers to identify Behaviour that is potentially suspicious and that may need to be the subject of an STR or SAR. LFIs should ensure that transaction monitoring rules or keyword searches are designed and updated with sufficient frequency to allow the LFI to detect undisclosed VASP activity as well as significant transactions between their customers and third-party VASPs. LFIs should monitor transactions for recognized indicators of suspicious VA activities or possible attempts to evade targeted financial sanctions and AML / CFT reporting requirements or other controls.
Sanctions Obligations and Freezing Without Delay
Guidelines need to be followed as per the United Nations Security Council.
Training
An effective training program of the employees will be tailored and customized to the LFI’s risks and nature of its operations.
Governance and Independent Audit
‘Three lines of defense’ model and AML / CFT program to be followed for the preventive measures mentioned in the paper.
Record Keeping
Specific guidelines on maintaining records of measures taken, data analysis and results.
The CBUAE has also laid out Mitigation steps for ML / TF Risks Related to LFIs’ Proprietary Investments in VAs which include Specific Due Diligence for All VASP Counterparties and Enhanced Measures for High-Risk VASP Counterparties similar as above.
How Clari5 helps UAE’s FIs quickly comply with CBUAE’s mandate
Highlights
Advantages
Highlights
- End- to End AML compliance solution with our pre-packaged AML scenarios, various parameters like Threshold & Time Duration can be configured based on the business policies. These scenarios cover recommendations made by various regulatory agencies.
- Configure new scenarios and modify existing scenarios with multiple variables to combat emerging money laundering patterns and risks, however sophisticated
- Real -time Screening module which can be integrated to any type of watchlist, and has capabilities to screen any parameter or entity
- The engine receives transactions in real-time from transaction processing systems (Core Banking and remittance systems) to correlate and detect any suspicious money laundering schemes which then generates a case for manual investigation
- Clari5 supports regulatory reporting (STR / SAR reports) for timely filing along with integrated role-based reports and dashboards for any investigator or supervisor
Advantages
- Clari5’s web-based Scenario Authoring Tool configures new scenarios as / when required, without any coding or effort from the IT team.
- With our pre-packaged AML scenarios, various parameters like Threshold & Time Duration can be configured based on the business policies. These scenarios cover recommendations made by various regulatory agencies
- Case Management System to shrink analyst time on false positive investigation, using AI / ML driven models on past resolution data; workflow-driven investigation in a configurable centralized or decentralized manner
- Quicker implementation because of prepackaged AML scenarios and built-in interfaces for integration
- Low-cost commodity hardware infrastructure leading to reduced TCO