- 242 pages
- June 19, 2008
1. A basic legal framework for combating money laundering and terrorist financing is in place in the UAE, but that framework needs further strengthening in a number of areas. The AML law needs to be amended to expand the range of predicate offences and to provide greater powers for the financial intelligence unit. The FIU should also increase its own staffing so that it may operate as an autonomous unit, rather than relying on the resources of the Central Bank’s Supervision Department and other regulatory agencies.
2. The legal framework for the financial sector preventive measures in the domestic sector provides a basic grounding, but it mostly predates the revision of the FATF Recommendations in 2003, which have now imposed much more detailed requirements. While the central bank has taken various administrative measures to strengthen the regime within the domestic sector, these require a more solid basis in the legal and regulatory framework, especially with respect to the customer due diligence (CDD) and related obligations. The regime applied to financial institutions operating within the Dubai International Financial Centre2 tends overall to be relatively close to the FATF standards.
3. The suspicious transactions reporting system delivers a lower number of reports than might
be expected within a financial market of the size and nature of that within the UAE, and greater
clarity is required about the basis on which institutions are expected to report transactions suspected
of being linked to either money laundering or terrorist financing.
4. The authorities have taken positive initiatives to address the issue of Hawala dealers, and
have introduced a voluntary system of registration and reporting. The central bank intends
progressively to formalize its oversight regime for this sector, which is to be welcomed.
5. The basic AML legislation captures some of the DNFBP sectors, but no specific customer
due diligence or related obligations have been extended to these entities, and there is no AML/CFT
regulatory framework within the domestic sector. At the time of the onsite visit, Dubai International
Financial Center Authority (DIFCA) had drafted regulations for DNFBPs.3 Measures taken within the
various free zones vary substantially.
Legal Systems and Related Institutional Measures
6. The UAE has criminalized money laundering in Federal Law 4/2002 and the financing of
terrorism in Decree by Federal Law 1/2004. Money laundering is criminalized but not fully in
accordance with the FATF Recommendations. The predicate offenses in the money laundering law
should be extended to cover all serious offenses and, at a minimum, the 14 out of the 20 designated
categories of offenses in the FATF 40+9 Recommendations not currently covered. The terrorist
financing offense is in line with the international requirements of the International Convention on the
Suppression of the Financing of Terrorism (ICSFT) but does not include the financing of an
individual terrorist unless there is a contemplation of a terrorist act, which is a requirement under the
7. The Anti-Money Laundering and Suspicious Cases Unit (AMLSCU) is also established under
the anti-money laundering law to carry out the financial intelligence unit functions. While the
AMLSCU has undertaken a great deal of outreach, particularly in the banking sector, it needs to
continue that outreach into other sectors, particularly the securities and commodities sector. It should
also allocate more resources to fully analyze the STRs it receives. Furthermore, legislative action is
needed in order to clarify the FIU powers and responsibilities.
8. Recently enacted laws relating to confiscation of proceeds of crime appear comprehensive
and workable, but legislative amendment and awareness-raising is required in other areas. Overall
resourcing and staffing in law enforcement does not appear to present a significant concern, but the
extent of AML/CFT awareness across all legal and law enforcement sectors needs to be addressed.
The enhanced development of specific financial intelligence tools and AML/CFT expertise in law
enforcement, customs and the judiciary is also required.
Preventive Measures—Financial Institutions
9. The financial sector within the UAE is divided between institutions operating within the
domestic market and those licensed to conduct business in the Dubai International Financial Center,
the only financial free zone so far created in the UAE. While the federal laws on AML/CFT apply
equally to the domestic sector and within the DIFC, the responsibility for issuing implementing
regulations, and overseeing compliance, falls to the respective regulatory authorities. In the case of
the domestic sector this involves the central bank (for banks, money changers, and finance
companies), the Emirates Securities and Commodities Authority (securities brokers) and the ministry
of economy (insurance companies); whereas there is a single regulator, the Dubai Financial Services
Authority (DFSA), for all financial services providers in the DIFC.
10. The primary AML legislation imposes very little by way of CDD obligations on financial
institutions. Specific requirements are contained only in the instruments issued by the regulatory
authorities, and these vary markedly in depth and quality, resulting (within the domestic sector) in a
significant number of areas in which the requirements do not comply with the FATF standards. These
include the identification of beneficial ownership, the conduct of ongoing due diligence, and the
application of enhanced measures for high-risk customers. In addition, no requirements have been
implemented with respect to politically-exposed persons and correspondent banking. By contrast, the
DFSA has included extensive provisions within its rulebook that relate closely to the FATF
Recommendations, although the mission considers that the rules do not match the FATF definition of “law and regulation,” and that, therefore, they do not meet the statutory status required under the
FATF standard. Given the current divergence of the detailed obligations imposed on different parts of
the financial sector in the UAE, there would be considerable benefit in the authorities taking a more
coordinated approach to the development of future regulations.
11. Record-keeping requirements are broadly addressed through a range of laws and regulations,
although there are some gaps in the customer identification documents required to be retained by the
domestic securities and insurance sectors. The current requirements under the central bank regulations
relating to wire transfers are very general and fall well short of the FATF requirements in terms of the
procedures for verification of identity and the transmission of originator information. The DFSA has
issued rules that generally match the FATF standards.
12. The suspicious transactions reporting regime in relation to money laundering has been in
place in the domestic sector for several years, but lacks clarity as to the exact basis on which reports
should be filed. The central bank regulations refer variously to unusual and suspicious transactions,
and there is no indication of whether institutions are expected to apply a subjective or objective test to
suspicion. In addition, there is an apparent variation in the definition of the money laundering offense
between the primary law and the regulations, such that it is unclear what the scope of the reporting
should be in relation to the predicate offenses. The regulations issued for the domestic securities and
insurance sectors refer only to the reporting of unusual transactions, and the general procedures in
these sectors are far less developed than for the banking sector. The DFSA rules have much more
expansive provisions than for the domestic sectors, requiring institutions to report transactions where
there is knowledge, suspicion, or reasonable grounds to suspect that a person is engaged in money
laundering. These issues appear to be a factor in creating distinct variations in the nature and quality
of reporting by individual institutions, and overall the level of reporting appears to be low relative to
the size and nature of the financial markets.
13. In the domestic sector, the reporting of suspicions of terrorist financing has only been
extended to institutions subject to the supervision of the central bank, but it is not incorporated in law
and regulation. Within the DIFC, the DFSA originally sought to deal with the issue by revising the
definition of money laundering to include terrorist financing, but has decided to amend its legislation
to provide explicitly for rule-making powers with respect to terrorist financing.
14. The basic systems and controls requirements for the domestic banking sector go some way
towards meeting the FATF standards, but those for the securities and insurance sectors fall well short.
Generally, the central bank considers that the overall quality of the banks’ AML systems and controls
has improved significantly in recent years, but that there still remains room for improvement in many
institutions. The same assessment is not possible with respect to securities and insurance, where the
inspections programs are far less developed. The provisions covering institutions within the DIFC are
extensive and, based upon the examination work carried out by the DFSA, are being implemented
effectively, although the volume of business currently being undertaken within the DIFC is relatively
15. While some of the regulatory powers of the central bank are specified very generally within
the law, they provide a reasonable basis for fulfilling the Bank’s responsibilities in a flexible manner,
although there would be distinct benefit in formally documenting the central bank’s regulatory
expectations where they exceed those encompassed within the regulations. The procedures relating to the supervision and regulation of the domestic securities and insurance markets are far less developed,
with the insurance sector not yet being subject to any effective AML/CFT compliance monitoring.
There are a limited range of formal sanctions available to the domestic regulators, but the central
bank, in particular, has sought to draw on various general powers to bring institutions into
compliance, although there remains a lack of evidence as to how these are used specifically for
AML/CFT issues. The structure, powers and procedures of the DFSA are generally in line with
international standards, although it is early days within a market that remains relatively very small in
terms of business volumes.