top of page

CBUAE issues new AML regulation for licensed financial institutions (LFIs)

Updated: Oct 27, 2021

CBUAE has issued a new anti money laundering and financial terrorism regulatory guidance for licensed financial institutions (LFIs).

CBUAE issues new AML regulation for LFIs

On 13 September 2021, the Central Bank of the UAE (CBUAE) released new regulatory guidance on transaction monitoring and sanctions screening for licensed financial institutions (LFIs) in an effort to fight against money laundering and terrorist financing.

About the guidance, H.E Khaled Mohamed Balama, Governor of the CBUAE, said:

“As we continue to enhance the effectiveness of AML/CFT measures to safeguard the UAE financial system, we expect licensed financial institutions to fulfill their duties as well. This guidance serves as a key point of reference for licensed financial institutions to ensure their compliance with AML/CFT requirements.”


Stay on top of the latest governance, regtech and innovation trends and insights!


Who is the CBUAE’s new AML-CFT mandate for?

The CBUAE’s new AML-CFT mandate applies to all natural and legal persons and institutions, which are licensed and/or supervised by the CBUAE, in the following categories:

  • National banks, branches of foreign banks, exchange houses, finance companies, payment service providers, registered hawala providers and other LFIs; and

  • Insurance companies, agencies, and brokers.

What are the requirements of the new CBUAE AML-CFT regulation for LFIs?

According to the CBUAE’s official guidance document, LFIs should establish and apply specific preventive policies, procedures and controls to identify, manage, and mitigate any potential risks of dealing with cash-intensive businesses (CIBs). The most common practices include:

  • Assessing CIBs’ all relevant AML/CFT risks,

  • Conducting due diligence at account opening and throughout the entire relationship, and

  • Constantly monitoring these relationships for any unusual or potentially suspicious activity.

In addition, during the risk assessment, LFIs are required to focus their resources on those accounts that pose the greatest risk of money laundering or financing terrorism and illegal organisations.

The CBUAE defines CIBs as “businesses that experience a high volume of cash flows spanning across various industry sectors such as retail, wholesale and trading, travel and transport.” Some aspects of these businesses, such as the involvement of cash couriers, cash deposits, currency exchanges and cross-border movement of cash, may be vulnerable to money laundering or the financing of terrorism and illegal organisations.

To facilitate the compliance process for LFIs, the CBUAE has also provided a list of the key controls LFIs are expected to integrate into their overall internal AML-CFT governance and compliance programmes. These broadly fall into the following 4 categories:

1) Risk assessment: LFIs must take a risk-based approach in their AML programmes and asses all their customers, including CIB clients, to determine their degree of risk. When assessing the risk profile of their customers, LFIs should consider the following risk factors:

  • Geographical risk related to the jurisdiction in which the customer is based and operates

  • Customer risks related to the nature of the customer business and the characteristics of the business relationship

  • Product, service and delivery channel risk related to the products and services the customer intends to use and the delivery channels through which the LFIs will provide these services.

2) Customer due diligence: For all customers including CIBs, LFIs must apply enhanced Customer Due Diligence (CDD) following these 4 key steps:

  • Customer identification: LFIs must identify and verify the identity of all customers.

  • Beneficial owners identification: As the majority of CIBs are legal persons, LFIs are must identify all individuals who have a controlling ownership interest in the legal person of 25% or more. If no such individual can be identified, the LFIs must identify the individual/s holding the senior management position/s within the legal person customer.

  • Nature of the customer’s business and purpose of the relationship: The purpose of the account and the nature of the customer’s business are critical drivers of risk for CIB customers. LFIs should fully understand the CIB’s exact intent to hold the account and the expected activity on the account.

  • Perform ongoing monitoring: For all customers, LFIs should ensure that all customer information is accurate, complete and up-to-date at all times. So, following the completion of the onboarding process and due diligence, LFIs should continue monitoring the customer profile on a frequent, intensive, and intrusive basis.

3) Transaction monitoring and reporting: The transaction monitoring system used by LFIs should effectively identify any suspicious patterns of activity and unusual behaviour that may indicate that a customer’s business and risk profile has changed. If a suspicious transaction or activity is detected, LFIs are required to submit a suspicious transaction report (STR) or suspicious activity report (SAR) to the UAW Financial Intelligence Unit.

4) Governance and training: All preventative measures should be supported by a comprehensive institutional AML/CFT governance and training programme.

When is the new regulation coming into effect?

The guidance that was circulated on 13 September 2021 requires all LFIs in the scope of the new regulation to demonstrate compliance with its requirements within one month from the date of publication.

How can ControlNet help you become compliant?

ControlNet is an end-to-end control and risk management software system that allows organisations to manage the controls and risks across all 3 lines of defence: Business line management, Risk management, and Audit.

By digitising the management of internal controls and risks, ControlNet eliminates the need to use inefficient, manual and paper-based systems and processes. Build a strong control and risk environment in a simple, cost-effective and secure way, with ControlNet.

If you want to learn more about how we can help you become compliant with the CBUAE’s new AML-CFT regulation, click here to arrange a meeting with one of our team.




How to manage internal controls - Whitepaper Banner


Still using paper-based checklists or excel spreadsheets to manage your internal risks and controls?

ControlNet helps you automate the process, and create an efficient, accountable and secure operational environment.

bottom of page