Customer Due Diligence in the UAE: Key Regulations, Importance, and Best Practices

Handing over the code to your safe without so much as a second glance or the keys to your house to a total stranger feels unsettling, doesn’t it? That’s precisely the kind of risk financial institutions take if they don’t thoroughly vet their customers.

The financial sector is a magnet for individuals looking to launder illegal funds, whether through money laundering or other deceptive schemes. Without a rigorous CDD framework, institutions risk becoming unwitting participants in these crimes.

In the UAE, CDD is a foundational requirement under the country’s Anti-Money Laundering (AML) laws. Regulatory bodies have tightened these protocols to align with global best practices, ensuring the financial network remains resilient against misuse.

This weblog will equip you with the essential knowledge to navigate Customer Due Diligence in the UAE.

What is Customer Due Diligence in the UAE?

Before bringing a new customer on board, it’s essential for financial institutions to confirm they are legitimate and not involved in any illegal activities. CDD is essential for following laws designed to prevent crimes like money laundering and fraud. It ensures that financial institutions stay safe and don’t unknowingly help criminals.

The process of CDD can differ depending on the level of risk associated with a customer. There are different levels of scrutiny: simplified, standard, enhanced, and ongoing. High-risk customers will go through a more detailed check.

According to the Central Bank of the UAE:
“Customer due diligence (''CDD'') is the process by which an RHP identifies and understands its customer. CDD is required by Article 5 of the AML-CFT Decision and is essential to protecting the RHP from abuse, and to deterring and detecting ML/TF schemes. In specific cases, and whenever the RHP believes that higher risks are present, the RHP must perform Enhanced Due Diligence (''EDD''). EDD involves more intensive measures to discover information about the customer.”

Why is Customer Due Diligence Important in the UAE?

Customer due diligence in the UAE is importance because financial institutions can:

1. Identify suspicious activity and prevent illegal financial practices.

2. Remain compliant with national and international laws.

3. Boost their reputation as a safe and reliable place for investment.

4. Protect entities from fraud.

Regulatory Framework Governing Customer Due Diligence in the UAE

The UAE has set up strong laws to fight money laundering, fraud, and the financing of weapons. The UAE’s regulators have issued clear guidelines to help businesses follow the rules effectively.

Customer Due Diligence in the UAE follows FATF’s recommendation No. 10, which emphasizes verifying customer identities and understanding who really controls a business (beneficial ownership). It is important to remember that Customer Due Diligence in the UAE is not only for financial institutions but also for other businesses; Designated Non-Financial Businesses and Professionals like lawyers, dealers in precious metals and real estate agents.

1. Federal Decree-Law No. (20) of 2018 on AML & CFT

2. Cabinet Decision No. (10) of 2019 on the Implementing Regulation of AML Law

3. UAE Central Bank’s AML Regulations

4. Role of Supervisory Authorities

Financial institutions in the UAE are overseen by multiple regulatory bodies, including:

• Central Bank of UAE (CBUAE): Regulates banks and financial service providers.

• Securities and Commodities Authority (SCA): Supervises securities markets.

• Dubai Financial Services Authority (DFSA): Regulates financial institutions in the Dubai International Financial Centre (DIFC).

1. UAE Customer Due Diligence and Enhanced Due Diligence Requirements for Financial Transactions

1. CDD is required by Article 5 of the AML-CFT Decision to protect institutions and detect financial crimes.

2. When to Perform CDD or EDD:

• Before any transaction, even for repeat customers.
• If the required checks aren’t completed, the transaction should not proceed.

3. If higher risks are identified, the institution must perform EDD, which involves more detailed checks.

4. When to Use CID, CDD, and EDD:

• Transfers between AED 1 - AED 3,499: Use CID, unless higher risks are found, then use CDD & EDD.
• Transfers between AED 3,500 - AED 54,999: Use CDD, unless higher risks are found, then use EDD.
• Transfers of AED 55,000 or more: Use both CDD & EDD.
• Transfers from high-risk countries: Use CDD & EDD.
• Transfers from Politically Exposed Persons (PEPs): Use CDD & EDD.
• Transfers from legal entities: Use CDD & EDD.

2. Customer Due Diligence in the UAE for Natural Persons

1. For each customer, the following details must be collected:

• Name
• Emirates ID number or passport number (if Emirates ID is unavailable)
• Date of birth and nationality
• Address
• Mobile number
• Occupation
• Name of the person sending/receiving money, and their country

2. Article 4 of Circular No. 24/2019: RHP must verify their customer’s identity using Emirates ID or passport if Emirates ID is unavailable.

3. The CDD process applies even if a customer splits large transfers into smaller amounts to avoid CDD requirements (e.g., transferring below AED 3,500 repeatedly).

4. Screening:

• RHP must screen customers (and remitters/beneficiaries) against the UN Consolidated List and Local UAE Terrorist List before processing transactions.
• If there’s a match, RHP must verify if the information (e.g., date of birth, nationality) matches the listed person.
• If a match is confirmed, RHP must freeze the funds rather than return or send money.

5. RHP must understand the purpose and nature of each transaction to ensure it aligns with the services allowed by RHP. Suspicious transactions may include:

• A laborer transfers an amount greater than the average annual income for their role.
• A customer making frequent, small transfers that exceed the average yearly income.
• A customer with no occupation making large transfers.

6. If RHP cannot collect the required information or comply with the CDD requirements, they must reject the transaction.

7. Record Keeping:

• This information must be printed on receipts.
• RHP must store this information for five years.
• A photo or photocopy of the customer’s ID must also be kept for five years.

3. Customer Due Diligence in the UAE for Legal Persons

1. When a company or organization uses an RHP for a transaction, the company itself is the customer, not the individual representing it.

• The company must be registered and based in the UAE.
• Legal entities do not have personal data like individuals and need specific CDD procedures.

2. Actions Required for CDD (per Articles 8 and 9 of UAE’s AML Laws & regulations):

• Collect Information About the Company: Company name, legal form (e.g., LLC), address, trade license, and senior managing official’s name.
• Perform CDD on the Representative: Verify the identity of the individual representing the company in the transaction.
• Check Authorization: Ensure the representative has valid authorization, such as a trade license or letter from the company.

• Identify Beneficial Owners:
  • Find individuals who own or control 25% or more of the company.
  • If no one owns 25%, conduct CDD on the senior managing official.
  • Beneficial owners must be individuals, not other companies.

• Understand Ownership and Control: Know who owns and controls the company and how.
• Understand the Business: Understand what business the company does and how it makes money. If the business seems unusual, further investigation is needed.
• Sanctions Screening: Screen the company, its representative, beneficial owners, and senior officials against sanctions lists.

FATF Compliance and UAE’s Grey List Status

The Financial Action Task Force (FATF) placed the UAE on its grey list in 2022 due to strategic deficiencies in its AML/CFT framework. To overcome this, the UAE had to a) Enhance due diligence on high-risk customers b) Improve transaction monitoring systems, and c) Strengthen reporting mechanisms for suspicious transactions.

Feb 2024 marks a major milestone in UAE's efforts to comply with international AML regulations. The UAE was removed from FATF grey list because:

1. A dedicated office was set up to manage and oversee the country’s efforts to combat financial crime.

2. Specialized courts focused on financial crime were introduced to handle cases more efficiently.

3. Stricter rules were put in place for financial institutions and non-financial businesses to follow.

4. Authorities increased inspections and introduced measures such as asset freezing to prevent illegal financial activities.

Key Elements of an Effective CDD Framework

A strong Customer Due Diligence framework includes the following key steps:

1. Customer Identification and Verification (KYC)
   • Collect official identification documents (e.g., passport, Emirates ID, trade license for businesses).
   • Verify ownership details for corporate entities.
   • Check customers against sanction lists and Politically Exposed Persons (PEP) databases.

Read more: Know Your Customer (KYC) Vs. Customer Due Diligence (CDD): What's the difference?

2. Risk Assessment and Classification
   • Classify customers as low, medium, or high risk.
   • Perform Enhanced Due Diligence for high-risk customers, including PEPs
   • Ongoing Monitoring and Transaction Review

3. Monitor customer transactions for unusual activities.
   • Use automated tools to identify suspicious patterns.
   • Report suspicious transactions to the UAE Financial Intelligence Unit (FIU) as needed.

When is Customer Due Diligence in the UAE Required?

In general, customer due diligence is required 1) before any transaction, 2) for high-risk transactions (large and or complex) 3) for new customers 4) for unusual or abnormal activity. In the UAE though, customer due diligence is required:

1. Customer due diligence in the UAE must be completed before any transaction, whether it’s with a new or repeat customer. If it’s not done, the transaction should be stopped.
   

2. Transaction Thresholds:

• For transfers between AED 1 - AED 3,499, Customer Identification Diligence (CID) is enough, unless higher risks are identified, which would require full CDD and Enhanced Due Diligence (EDD).

• For transfers between AED 3,500 - AED 54,999, CDD is required. If there are higher risks, EDD must also be done.

• For transfers of AED 55,000 or more, both CDD and EDD are necessary.
  

3. If the transfer is from a high-risk country or involves a Politically Exposed Person (PEP), CDD and EDD must be performed.

4. If the transaction is made by a company or other legal entity, CDD and EDD are also required.

Financial institutions in the UAE must regularly review their customers to ensure that their information is up to date and that their transactions are not suspicious.

AML Customer Due Diligence Checklist

This is a simple effective and practical step-by-step checklist from a practical:

1. Establish Clear Customer Identification

• Request Essential Identification

• Verify Identity Thoroughly

• Understand Ownership Structures for Companies

2. Assess and Classify Risk Levels

• Assign a Risk Rating to Each Customer

• Apply EDD for Higher-Risk Clients

• Investigate Source of Wealth

3. Perform Sanctions and Watchlist Screening

• Check for Red Flags via Sanctions Lists

• PEP Identification

4. Understand the Business Model

• Know What Your Customer Does

• Ensure Transactions Match the Client’s Profile

5. Stay Alert

• Monitor Transactions for Suspicious Activity

• Implement Alerts for Anomalies

6. Document and Store Evidence

• Retain Identification and Transaction Records (for at least 5 years)

• File Suspicious Transaction Reports (STRs)

7. Continuous Due Diligence

• Regularly Review Customer Information

• Adapt to Changes in Risk Factors

Best Practices for an Effective CDD Program in the UAE

1. Adopt a risk-based approach.

2. Establish clear CDD procedures.

3. Screen names for risks.

4. Use technology to speed up data collection and risk assessments, minimizing human errors.

5. Implement encryption, access controls, and regular audits.

6. file STR/SAR reports.

7. Regularly update customer profiles and transaction activities.

8. Train employees.

9. Keep thorough records of CDD activities for at least 5 years.

Streamline Customer Due Diligence with FOCAL

FOCAL helps financial institutions efficiently manage customer due diligence. It screens customers against real-time sanctions, PEP lists, and adverse media reports, instantly flagging any matches.

The platform allows you to customize onboarding processes to suit different customer types and needs. With trusted data sources like Yakeen, Wathq, and Dow Jones, FOCAL ensures accurate identity verification. Automation streamlines the onboarding process, making it faster and secure.

FOCAL also uses AI due diligence to assess customer risk during onboarding, helping you make better decisions. It meets industry standards and regulatory requirements, ensuring compliance and reducing legal risks.

Ready to see how it works in action? Book a one-on-one demo with a FOCAL expert today!

Conclusion

The UAE is updating its rules on preventing financial crimes, and businesses need to stay compliant. Financial institutions must have strong Customer Due Diligence practices to meet regulations and reduce risks. Using the right tools, like the Customer Due Diligence solution by FOCAL, can help businesses stay compliant while also keeping the customer experience smooth.

These rules apply to all financial service providers, not only CDD in banking, but also insurance companies, and virtual asset businesses. Customer due diligence in the UAE is essential for all these businesses, to have proper CDD in place to prevent financial crimes and manage risks effectively.

Customer Due Diligence in the UAE FAQs

Q1. What is CDD?

CDD is the process by which financial institutions identify and verify their customers to assess potential risks of money laundering.

Q2. What are the different types of CDD in the UAE?

The UAE recognizes three levels of CDD: Customer Identification Diligence, Standard Due Diligence, Enhanced Due Diligence.

Q3. How is CDD information collected in the UAE?

Financial institutions gather CDD information by securing and confirming official identification documents, like passports or Emirates IDs. They also collect additional details like the customer’s occupation, the origin of their funds, and the intended purpose of their business relationship.

Q4. What are the penalties for non-compliance with CDD in the UAE?

Non-compliance with CDD regulations can result in administrative fines ranging from AED 50,000 to AED 5,000,000 per violation.

Q5. What is CDD Meaning in Banking?

CDD in banking is the process banks use to confirm the identity of their customers, evaluate their risks, and gain insight into the nature of their financial activities.