The guidance will assist financial institutions, including banks, finance companies, exchange houses and insurance companies, agents, and brokers, with understanding risks and implementing their statutory AML/CFT obligations, taking into account Financial Action Task Force (FATF) standards. As the guidance comes into effect immediately, LFIs are required to comply with the CBUAE requirements.
Specifically, the guidance discusses identity proofing, enrolment, and authentication mechanisms in relation to LFI’s use of digital ID systems, requiring them to utilise technology best practices, adequate governance, and well-defined policies and procedures.
Furthermore, LFIs should make use of data generated by authentication (such as IP addresses) for ongoing CDD and transaction monitoring to help detect suspicious customer behaviour and/or transactions, be those in, to, or from jurisdictions that are sanctioned and high-risk. As per information included in the announcement, LFIs are permitted to rely on customer identification and verification undertaken by a third party at onboarding provided that:
They obtain all relevant information from the third party;
They take steps to ensure that the third party will provide copies of customer documents and information used for CDD;
They take steps to ensure that the third party is compliant with CDD and record-keeping requirements set out in the Cabinet Decision No. (10) of 2019 Concerning the Implementing Regulation of Decree Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations.
What is more, LFIs are expected to take adequate measures to address the technology and security challenges brought forth by digital ID systems. They should implement and enforce necessary safeguards as so to reduce identity proofing and enrolment risks, including cyberattacks, security breaches, and usage of stolen, falsified, or synthetic ID details, given that cyber breaches have been increasingly complex and severe.
Additionally, LFIs should conduct adequate assurance level and appropriateness assessments on their chosen digital ID systems. There is also an expectation to implement and enforce adequate assurance protocols in regard to the accuracy of digital ID systems, and LFIs can perform the assurance reviews either directly or they can obtain audit or assurance certification details from an expert body.
CBUAE officials have stated in their press release that the bank is working closely with licensed financial institutions looking to ensure their full compliance and understanding of the guidance they issue on a regular basis. The guidance on the use of digital ID for Customer Due Diligence obligations, is thought to help enhance the anti-money laundering and combatting the financing of terrorism framework and help mitigate potential risks for the safeguarding of the UAE’s financial system.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now