The Central Bank of the UAE (“CBUAE”) has issued new guidance (the “Guidance”) to UAE financial institutions providing services to cash-intensive businesses.
The specific characteristics of cash—anonymity, interchangeability, and transportability—make it an attractive medium for illicit actors seeking to obfuscate the proceeds of crime or the funding of terrorism. Unlike other monetary instruments, such as wire transfers or credit cards, cash holds no record of its source or owner, it can be easily concealed in large quantities, it is widely accepted around the world, and it can be spent instantaneously, after which it is difficult to trace. For this reason, the Guidance, which aims to help UAE financial institutions understand and effectively mitigate the money laundering and terror financing risks associated with cash-intensive businesses, is yet another important step for the UAE in its commitment to combat money launderers and terror financiers.
We have reported on many of the prior steps that the UAE has taken to enhance the efficiency and robustness of its banking and financial system, including but not limited to passing new laws (see here), disseminating guidance on suspicious activity/transaction reporting (see here), and establishing a specialized court to hear money laundering cases (see here).
Identifying Risks
Cash-intensive businesses are enterprises that experience large flows of cash (and/or cash alternatives, such as negotiable instruments, prepaid cards, and so on). They can span various industries and sectors, including construction, gaming, hospitality, retail, many sorts of trading (e.g., auction houses and dealing in jewelry, precious metals, and vehicles), transportation, travel, wholesale, and more. Most cash-intensive businesses are perfectly legitimate. However, features of cash-intensive businesses, specifically cash deposits, cash couriers, and cross-border cash movements, can be vulnerable to abuse by financial criminals and other malicious actors seeking to legitimize the proceeds of criminal activity by feigning authentic origins. This necessitates special care on the part of UAE financial institutions delivering services to cash-intensive businesses.
The Guidance makes clear that the first step for financial institutions in discharging their anti-money laundering and counter-terror financing (“AML/CFT”) obligations regarding cash-intensive customers is properly identifying and understanding the risks and vulnerabilities associated with each such customer. This means that prior to onboarding a cash-intensive business, a financial institution should scrutinize the business’ products, operations, delivery channels, and geographies, as well as its intended use of the account or other service that would be provided by the financial institution, including anticipated transactional counterparties and volume. These lines of inquiry allow the financial institution to effectively evaluate the risks related to any given customer and to identify those requiring enhanced due diligence (“EDD”). Of course, where a financial institution cannot satisfy itself that it understands a customer and its business, then it should not accept the customer and should consider whether to file a suspicious activity report (“SAR”) with the UAE Financial Intelligence Unit (“FIU”).
Mitigating Risks
Customer Due Diligence (“CDD”) and, where necessary, EDD are the core preventive measures that help financial institutions manage the risks of their customers, particularly higher-risk customers. For most cash-intensive customers, financial institutions will need to update regularly the CDD/EDD documentation they hold on file, in order to ensure they continue to understand all the risk factors discussed above. This might entail conducting site visits to inspect cash management programs and monitoring open source intelligence for any adverse media. Again, if a financial institution determines that it no longer understands a customer’s business, then it should discontinue banking the customer and consider whether to file a SAR.
Additionally, financial institutions must conduct ongoing due diligence on customer transactions. This means monitoring payments, receipts, and other account usages, to identify potentially suspicious behavior, which must be reported to the FIU. Financial institutions should leverage the totality of the information they collect and hold on their customers when seeking to identify patterns of activity that appear unusual and/or potentially suspicious. As with all customer types, financial institutions deploying automated transaction monitoring systems to monitor cash-intensive customers should ensure their rules have appropriate thresholds and parameters that are designed to detect common typologies of illicit activity.
Additional Considerations
The Guidance came into effect on September 28, 2021 and afforded UAE financial institutions one month to comply. While it takes into account standards and guidance issued by the Financial Action Task Force (“FATF”), industry best practices, and red flag indicators, CBUAE does not consider the Guidance exhaustive and it certainly does not set limitations on the additional measures UAE financial institutions may or should take to satisfy their statutory AML/CFT obligations.
UAE financial institutions that have not yet operationalized comprehensive and risk-based AML/CFT programs, including rolling out training programs to ensure all staff are familiar with the obligations incumbent upon financial institutions, equipped to apply appropriate risk-based controls, and specifically aware of the risk factors and red flags associated with cash-intensive customers, are well-advised to take immediate action, including by seeking counsel should it be necessary.