Outcome of the DFSA’s Financial Crime Thematic Review released

Background

In 2017, the DFSA - the independent financial services regulator for the Dubai International Financial Centre (DIFC) Financial Free Zone - conducted a financial crime thematic review outlining key issues relevant to financial crime and assessing progress by relevant persons in certain areas of improvement, that were initially identified in its April 2015 Analysis and Guidance Report on Annual Anti-Money Laundering (AML) Returns. The three main areas of improvement initially identified by the DFSA in its April 2015 Report included ensuring:

• an objective and proportionate approach to risk-based assessments
• appropriateness and quality with regards to ongoing customer due-diligence (CDD), and
• internal escalation processes and quality of external reports in relation to Suspicious Activity Reports (SAR).

Findings

As outlined in the DFSA’s "Dear SEO Letter" issued on 23 July 2018, the findings of its financial crime thematic review (the Review) can be summarised as follows:

• Business AML risk assessments - the Review revealed that such risk assessments generally lacked relevant supporting analysis of money laundering and terrorist financing risks, and that there should be a more interactive role of Senior Management in drafting the assessments to identify such risks (beyond reviewing and approving).

• Ongoing CDD - whilst the Review concluded that those firms reviewed generally had adequate systems and controls for ongoing CDD and transaction monitoring, areas identified for improvement included implementation of ongoing CDD policies, having policies and procedures in place to deal with dormant customers, and the issue of locally placed staff having minimal visibility and knowledge of transaction monitoring systems where such monitoring is generally conducted by another group entity.

• SARs - whilst relevant persons were noted to have a good understanding of the internal and external processes relevant to filing SARs, delay between an internal notification and a SAR submission to the Financial Intelligence Department (FID) of the UAE Central Bank, were noted by the DFSA (mainly due to internal investigations undertaken to confirm details of the underlying suspicious activity). The DFSA has noted that the majority of SARs it reviewed were sufficiently detailed and supported, and that internal notifications were double the number of SARs submitted to the FID (indicating a strong overall understanding of SAR-related processes).

Future Actions

In light of the UAE’s upcoming Mutual Evaluation by the Financial Action Task Force (FATF), set to take place in July 2019, the DFSA have been taking a number of actions, including issuing two consultation papers on developments to its AML and Counter-Terrorist Financing (CTF) regime, in order to enable the DFSA’s framework to be more aligned with FATF’s International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation (ie the FATF Recommendations) - covered in our previous articles which can be accessed here and here. The DFSA has also announced that it will shortly be issuing a more extensive report on the Review.

Takeaway Points

The DFSA’s financial crime thematic review demonstrates the regulator’s key focus on financial crime and compliance, which as mentioned above, is within the context of the UAE’s forthcoming Mutual Evaluation by FATF. As such, relevant persons in the DIFC should, amongst other things, consider ensuring:

• regular evidence of AML and CTF policy implementation - as with all areas of compliance, policies and processes should be implemented, and such implementation should be capable of being evidenced
• regular and scheduled involvement of Senior Management in the development of AML and CTF policy, including in identifying risks
• a firm understanding of relevant financial crime-related risks across the various client business, sectors and jurisdictions, which can assist in the supporting analysis to identify risks
• the maintenance and development of key internal processes to deal with internal reporting of suspicious transactions and SAR filings
• that in addition to the DFSA’s own requirements, international standards that are often used as benchmarks (such as the FATF Recommendations) are understood and considered, and
• standard group-wide AML and CTF compliance policies are reviewed and, to the extent necessary, amended or supplemented to incorporate DFSA / UAE specific requirements.

For further specific guidance, please contact Muneer Khan or your usual contact.