• AML 6. AML 6. Business Risk Assessment

    • AML 6.1 AML 6.1 Assessing business AML risks

      • AML 6.1.1

        A Relevant Person must:

        (a) take appropriate steps to identify and assess money laundering risks to which its business is exposed, taking into consideration the nature, size and complexity of its activities;
        (b) when identifying and assessing the risks in (a), take into account, to the extent relevant, any vulnerabilities relating to:
        (i) its type of Customers and their activities;
        (ii) the countries or geographic areas in which it does business;
        (iii) its products, services and activity profiles;
        (iv) its distribution channels and business partners;
        (v) the complexity and volume of its Transactions;
        (vi) the development of new products and business practices, including new delivery mechanisms, channels and partners;
        (vii) the use of new or developing technologies for both new and pre-existing products and services; and
        (c) take appropriate measures to ensure that any risk identified as part of the assessment in (a) is taken into account in its day to day operations and is mitigated, including in relation to:
        (i) the development of new products, services, business practices and technologies;
        (ii) the taking on of new customers; and
        (iii) changes to its business profile.
        Amended on (15 April, 2019).

      • AML 6.1.2

        A Relevant Person must use the information obtained in undertaking its business risk assessment to:

        (a) develop and maintain its Anti-Money Laundering policies, procedures, systems and controls as required by Rule 6.2.1;
        (b) ensure that its Anti-Money Laundering policies, procedures, systems and controls adequately mitigate the risks identified as part of the assessment in Rule 6.1.1;
        (c) assess the effectiveness of its Anti-Money Laundering policies, procedures, systems and controls as required by Rule 6.2.1(c);
        (d) assist in the allocation and prioritisation of Anti-Money Laundering resources; and
        (e) assist in the carrying out of the customer risk assessment under Chapter 7.
        Amended on (15 April, 2019).

      • AML 6.1.3 AML 6.1.3

        Without limiting compliance with Rules 6.1.1 and 6.1.2 a Relevant Person must, prior to launching any new product, service, business practice or using a new or developing technology, take reasonable steps to ensure that it has:

        (a) assessed and identified the money laundering risks relating to the product, service, business practice or technology; and
        (b) taken appropriate steps to mitigate or eliminate the risks identified under (a).
        Added on (15 April, 2019).

        • Guidance

          1. Unless a Relevant Person understands the money laundering risks to which it is exposed, it cannot take appropriate steps to prevent its business being used for the purposes of money laundering. Money laundering risks vary from business to business depending on the nature of the business, the type of customers a business has, the nature of the products and services sold, and the geographical operations in which it operates.
          2. Using the RBA, a Relevant Person should assess its own vulnerabilities to money laundering and take all reasonable steps to eliminate or manage such risks. The results of this assessment will also feed into the Relevant Person's risk assessment of its Customers under Chapter 7.
          3. A Relevant Person should, prior to launching any new product, service, business practice pay specific attention to assessing the potential for risks associated with money laundering. This is especially important given the innovative nature of any such new offering as the Relevant Person may be less familiar with the functioning of the offering, compared to existing offerings.
          4. Similarly, in using a new or developing technology, such as those associated with the Regulated Activity of Developing Financial Technology Services within the RegLab, a Relevant Person should pay specific attention to assessing the potential for risks associated with money laundering that might arise as a result of implementing that innovative technology.
          Amended on (15 April, 2019).

    • AML 6.2 AML 6.2 Anti-Money Laundering systems and controls

      Amended on (15 April, 2019).

      • AML 6.2.1 AML 6.2.1

        A Relevant Person must:

        (a) establish and maintain effective policies, procedures, systems and controls to prevent opportunities for money laundering in relation to the Relevant Person and its activities;
        (b) ensure that its systems and controls in (a):
        (i) include the provision to the Relevant Person's Senior Management of regular management information on the operation and effectiveness of its Anti-Money Laundering systems and controls necessary to identify, measure, manage and control the Relevant Person's money laundering risks;
        (ii) enable it to determine whether a customer or a Beneficial Owners is a PEP;
        (iii) enable the Relevant Person to comply with these Rules and Federal AML Legislation; and
        (iv) the Penal Code of the United Arab Emirates; and
        (c) ensure that regular risk assessments are carried out on the adequacy of the Relevant Person's Anti-Money Laundering systems and controls to ensure that they continue to enable it to identify, assess, monitor and manage money laundering risk adequately, and are comprehensive and proportionate to the nature, scale and complexity of its activities.
        Amended on (15 April, 2019).

        • Guidance

          In Rule 6.2.1(c) the regularity of risk assessments will depend on the nature, size and complexity of the Relevant Person's business and also on when any material changes are made to its business.

          Amended on (15 April, 2019).

    • AML 6.3 [Deleted]

      Deleted on (15 April, 2019).