The UAE Central Bank has issued new guidelines for licenced financial institutions, including banks, finance companies, exchange houses and insurance companies, agents and brokers, to combat money laundering and the financing of terrorism.
The new guidelines focus on the use of digital identification systems by licensed financial institutions, or LFIs, to address customer due diligence obligations.
The guidance specifically discusses identity proofing, enrolment and authentication mechanisms in relation to LFIs’ use of digital ID systems, the financial regulator said in a statement on Wednesday.
“The Central Bank is working closely with the licensed financial institutions to ensure their full compliance and understanding of the guidance that we issue regularly,” said Khaled Balama, governor of the UAE Central Bank.
“This guidance on the use of digital ID for customer due diligence obligations will enhance the anti-money laundering and combating the financing of terrorism framework and will mitigate the potential risks in order to safeguard the UAE’s financial system.”
The new rules come as the Central Bank continues to take strict measures to combat money laundering and the financing of terrorism.
Last month, it issued new guidelines for LFIs operating in the insurance sector.
The regulator also penalised an exchange house operating in the country for failing to achieve the appropriate levels of compliance with anti-money-laundering regulations.
Per the new rules, LFIs should leverage data generated by authentication — IP addresses, for example — for ongoing customer due diligence and transaction monitoring to detect suspicious customer behaviour or transactions to or from sanctioned and high-risk jurisdictions.
The LFIs are permitted to rely on customer identification and verification undertaken by a third party at onboarding, provided they obtain all relevant information from the third party and take steps to ensure that the third party will provide copies of customer documents and information used for customer due diligence, the regulator said.
They should also take steps to ensure that the third party complies with customer due diligence and record-keeping requirements set out in Cabinet Decision No (10) of 2019, concerning the Implementing Regulation of Decree Law No (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations.
“LFIs should implement and enforce necessary safeguards to reduce identity proofing and enrolment risks, including cyber attacks, security breaches and use of stolen, falsified or synthetic ID details, given the increasing complexity and severity of cyber breaches,” the Central Bank said.
LFIs are also expected to conduct adequate assurance level and appropriateness assessments on the digital ID systems they choose. They are also required to enact and enforce adequate assurance protocols regarding the accuracy of digital ID systems and may perform the assurance reviews directly or obtain audit or assurance certification details from an expert body.