23 July 2018
Senior Executive Officers of Authorised Firms
Senior Executive Officers of Authorised Market Institutions Principal Representatives of Representative Offices Compliance Officers of Authorised Firms
Audit Principals at Registered Auditors
Money Laundering Reporting Officers of Relevant Persons
RE: Outcome of Financial Crime Thematic Review
The purpose of this letter is to update you on the results of a financial crime thematic review. Capitalised terms used in this letter have the same meaning as set out in the Glossary Module and the AML Module of the DFSA Rulebook unless the context requires otherwise.
As you will be aware, in April 2015 the DFSA issued its first Analysis and Guidance Report in relation to annual AML Returns (the “2015 Report”). The 2015 Report focused on the 2014 AML Returns and covered the following key areas: Senior Management and Sign Off; Assessment of Business AML Risk; Assessment of Customer AML Risk; Customer Due Diligence; Reliance and Outsourcing; and, Suspicious Activity Reports. The 2015 Report identified the following three areas for improvement:
a. Risk-based approach – ensuring risk-based assessments are objective and proportionate;
b. Ongoing CDD – ensuring appropriateness and quality of ongoing CDD; and
c. Suspicious Activity Reporting – ensuring internal escalation processes and quality of external reports
(together, the “Required Improvements”).
Recent Thematic Review
In 2017, the DFSA conducted a further financial crime thematic review (“the Review”). The objective of the Review was to assess Relevant Persons compliance with the AML Rules and progress on the Required Improvements from the 2015 Report. The scope of the Review included:
a. data from annual AML Returns and supporting documents submitted by approximately 400 Relevant Persons across all financial sectors, and also a number of Designated Non- Financial Businesses and Professions;
b. reports on AML contraventions and observations from on-site risk assessments conducted by the DFSA on Relevant Persons; and
c. visits to a number of Authorised Firms selected by the DFSA based on their business activities, prudential category, number and profile of clients, Suspicious Activity Report statistics and other relevant factors.
The Review Findings
Overall, the Review findings revealed that most Relevant Persons had taken actions to address the Required Improvements. However, the Review also revealed a number of issues, certain of which we have highlighted below as material issues.
Business AML Risk Assessment
The Review revealed that more than half of the ‘Business AML Risk Assessments’ produced by Relevant Persons require improvement due to a lack of supporting analysis of the relevant money laundering and terrorism financing risks faced by the particular business being assessed. Moreover, the Review revealed that Senior Management’s role in the assessment process was generally limited to “reviewing and approving” the assessment, and should be more interactive in drafting the assessment to identify risks.
Ongoing Customer Due Diligence
The Review revealed that the majority of Relevant Persons had adequate systems and controls in place for ongoing CDD and transaction monitoring. In particular, the majority of Relevant Persons were able to demonstrate that enhanced reviews were undertaken for transactions considered complex in nature, or, larger than usual for the particular customer, or, otherwise deemed high risk. However, there are a few instances where improvement is required to demonstrate compliance with the AML Rules, in particular:
a. Certain Relevant Persons failed to implement ongoing CDD as described in their own policies.
b. For a number of Relevant Persons where transaction monitoring was performed by another entity within their Group or their Parent, the local staff had minimal visibility of the transaction monitoring systems used and very limited knowledge of the parameters or alert triggers that were implemented.
c. The majority of Relevant Persons did not have policies and procedures in place to deal with dormant customers or in the event a dormant customer became active.
Suspicious Activity Reporting
The Review revealed that Relevant Persons generally had a good understanding of the suspicious activity reporting process. Most staff of Relevant Persons were able to articulate clearly the process of internal reporting of suspicious activity, naming the MLRO as the first point of contact.
While generally it was observed that Relevant Persons filed Suspicious Activity Reports (SARs) in a timely manner, there were some instances of delay between the internal notification and the submission of the SAR to the Financial Intelligence Department of the Central Bank of the UAE (the “FID”). Relevant Persons had explained such delays as being mainly due to internal investigations undertaken to confirm details of the suspicious activity.
As part of the Review, the DFSA also compared the number of internal notifications versus the number of SARs lodged with the FID. The data showed that the number of internal notifications reported to the MLRO was double the number of SARs submitted to the FID. These results indicate that Relevant Persons are capturing a range of suspicious activities and alerts and undertaking investigations to determine whether the activity reported to the MLRO should be reported to the FID. The DFSA also observed an overall improvement in the quality of the SARs. The majority of SARs reviewed by the DFSA were considered sufficiently detailed and supported by relevant documentation provided to the FID.
Please keep in mind, combatting financial crime is, and will continue to be, a key regulatory priority for the DFSA, and, accordingly, will continue to feature in the DFSA’s future supervisory agenda. To this end, the DFSA will continue to enhance its AML regime to align with the international standards set by the Financial Action Task Force. In furtherance of the above, the DFSA consulted in February and April 2018 on enhancements to its AML Module which will come into force later this year.
The DFSA will issue a more extensive report shortly, covering the findings of this Review. Additionally, the DFSA plans to revise its website in the second half of this year to highlight relevant pieces of information to stakeholders in a more timely manner. We encourage all Relevant Persons to consider these examples when assessing their current AML systems and controls and required actions necessary to achieve better compliance with the AML Rules.
The DFSA also wishes to emphasise that it will incorporate the Review and other relevant thematic reviews, into future on-site and off-site reviews and inspections. We look forward to your continuing support and cooperation on this key regulatory priority.
Managing Director, Supervision