The Central Bank of the UAE (CBUAE) has issued a new
guidance on anti-money laundering and combatting the financing of terrorism (AML/CFT)
for licensed financial institutions (LFIs) including banks, finance companies, exchange
houses and insurance companies, agents and brokers.
The Guidance, which comes into effect immediately, will assist LFIs’ understanding of
risks and effective implementation of their statutory AML/CFT obligations, and takes
Financial Action Task Force (FATF) standards into account. The Guidance requires LFIs
to demonstrate compliance with its requirements in line with the relevant CBUAE notice.
The Guidance discusses the use of digital ID systems by LFIs to address their customer
due diligence (“CDD”) obligations. The Guidance focuses on the Digital ID mechanisms
that LFIs should employ to perform CDD on an ongoing basis in relation to natural
persons. The guidance specifically discusses identity proofing, enrollment and
authentication mechanisms in relation to LFIs’ use of digital ID systems. LFIs are also
required to utilise technology best practices, adequate governance and well-defined
policies and procedures.
Moreover, LFIs should leverage data generated by authentication (IP addresses for
example) for ongoing CDD and transaction monitoring with a view to detect suspicious
customer behavior and/or transactions in, to or from sanctioned and high-risk
jurisdictions. LFIs are permitted to rely on customer identification and verification
undertaken by a third party at onboarding provided (i) the LFIs obtain all relevant
information from the third party, (ii) take steps to ensure that the third party will provide
copies of customer documents and information used for CDD and (iii) take steps to ensure
that the third party complies with the CDD and record-keeping requirements set out in the
Cabinet Decision No. (10) of 2019 Concerning the Implementing Regulation of Decree
Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of
Terrorism and Illegal Organisations.
LFIs should take adequate measures to address the inherent technology and security
challenges presented by digital ID systems. LFIs should implement and enforce
necessary safeguards to reduce identity proofing and enrollment risks, including cyber
attacks, security breaches and use of stolen, falsified or synthetic ID details, given the
increasing complexity and severity of cyber breaches.
LFIs are expected to conduct adequate assurance level and appropriateness
assessments on the digital ID systems they choose. They are also expected to implement
and enforce adequate assurance protocols regarding the accuracy of digital ID systems
Page 2 of 2
CBUAE Classification: Public
and may perform the assurance reviews directly or obtain audit or assurance certification
details from an expert body.
His Excellency Khaled Mohamed Balama, Governor of the CBUAE, said: “The
Central Bank is working closely with the Licensed Financial Institutions to ensure their full
compliance and understanding of the guidances that we issue regularly. This guidance
on the use of digital ID for Customer Due Diligence obligations, will enhance the antimoney laundering and combatting the financing of terrorism framework, and will mitigate
the potential risks in order to safeguard the UAE’s financial system”.
To view the Guidance, please click here.