CBUAE_EN_418_VER2
CBUAE_EN_418_VER2
CBUAE_EN_418_VER2
August 3, 2022
CBUAE Classification: Public
Contents
1. Introduction ........................................................................................................... 4
1.1. Purpose .......................................................................................................................... 4
1.2. Applicability .................................................................................................................... 4
1.3. Legal Basis .................................................................................................................... 5
1.3.1. Consequences for Failure to Disclose Suspicious Activity ....................................... 6
1.3.2. Protection for Individuals Disclosing Suspicious Activity .......................................... 6
1.3.3. Meaning of Suspicious Transaction ......................................................................... 6
1.4. Acronyms ....................................................................................................................... 7
Page 2 of 46
CBUAE Classification: Public
Annex 3. Red Flag Indicators for the UAE Insurance Sector ................................. 41
Annex 4. Overarching Rules and Principles for the goAML System .................... 42
Page 3 of 46
CBUAE Classification: Public
1. Introduction
1.1. Purpose
Article 44.11 of the Cabinet Decision No. (10) of 2019 Concerning the Implementing Regulation of Decree
Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal
Organisations charges Supervisory Authorities with “providing Financial Institutions…with guidelines and
feedback to enhance the effectiveness of implementation of the Crime-combatting measures.”
The purpose of this Guidance is to assist the understanding and effective performance by the United Arab
Emirates Central Bank’s (“CBUAE”) licensed financial institutions (“LFIs”) of their statutory obligations under
the legal and regulatory framework in force in the UAE. It should be read in conjunction with the CBUAE’s
Procedures for Anti-Money Laundering and Combating the Financing of Terrorism and Illicit Organizations
(issued by Notice No. 74/2019 dated 19/06/2019) and Guidelines on Anti-Money Laundering and
Combating the Financing of Terrorism and Illicit Organizations for Financial Institutions (issued by Notice
79/2019 dated 27/06/2019) and any amendments or updates thereof.1 As such, while this Guidance neither
constitutes additional legislation or regulation nor replaces or supersedes any legal or regulatory
requirements or statutory obligations, it sets out the expectations of the CBUAE for LFIs to be able to
demonstrate compliance with these requirements. In the event of a discrepancy between this Guidance
and the legal or regulatory frameworks currently in force, the latter will prevail. This Guidance may be
supplemented with additional separate guidance materials, such as outreach sessions and thematic
reviews conducted by the Central Bank.
Furthermore, this Guidance takes into account standards and guidance issued by the Financial Action Task
Force (“FATF”), industry best practices and red flag indicators. These are not exhaustive and do not set
limitations on the measures to be taken by LFIs in order to meet their statutory obligations under the legal
and regulatory framework currently in force. As such, LFIs should perform their own assessments of the
manner in which they should meet their statutory obligations.
This Guidance comes into effect immediately upon its issuance by the CBUAE with LFIs expected to
demonstrate compliance with its requirements within one month from its coming into effect.
1.2. Applicability
Unless otherwise noted, this guidance applies to all natural and legal persons, which are licensed and/or
supervised by CBUAE, in the following categories:
National banks, branches of foreign banks, exchange houses, finance companies, payment service
providers, registered hawala providers and other LFIs; and
Insurance companies, agencies, and brokers.
1
Available at https://www.centralbank.ae/en/cbuae-amlcft.
Page 4 of 46
CBUAE Classification: Public
Page 5 of 46
CBUAE Classification: Public
The proceeds of crime (Money laundering and related predicate offenses, or financing of terrorism
or illegal organisations);
Being related to the crimes of money laundering and related predicate offences, the financing of
terrorism or illegal organisations; and
Being intended to be used in an activity related to such crimes.
The AML-CFT Law and its AML-CFT Decision define a predicate offence as “any act constituting an offense
or misdemeanour under the applicable laws of the State whether this act is committed inside or outside the
State when such act is punishable in both countries.”
It should be noted that the only requirement for a transaction to be considered as suspicious is “reasonable
grounds” in relation to the conditions referenced above. Thus, the suspicious nature of a transaction can
be inferred from certain information, including indicators; financial/transactional and behavioral patterns;
Customer Due Diligence (“CDD”) information; or adverse media information, and it is not dependent on
Page 6 of 46
CBUAE Classification: Public
obtaining evidence that a predicate offense has actually occurred or on proving the illicit source of the
proceeds involved. LFIs do not need to have knowledge of the underlying criminal activity nor any founded
suspicion that the proceeds originate from a criminal activity; reasonable grounds to suspect any such
criminal activity are sufficient.
LFIs should also note that suspicious transactions need not be completed, in progress, or pending
completion. Attempted transactions, transactions that are not executed and past transactions, regardless
of their timing or completion status, which are found upon review to cause reasonable grounds for suspicion,
must be reported in accordance with the relevant requirements.
1.4. Acronyms
Terms Description
AIF Additional Information File without Transactions
AIFT Additional Information File with Transactions
Anti-Money Laundering / Combatting the Financing of Terrorism and
AML / CFT
Illegal Organisations
CBUAE Central Bank of the United Arab Emirates
CDD Customer Due Diligence
EDD Enhanced Due Diligence
FATF Financial Action Task Force
FIU Financial Intelligence Unit
HRC High Risk Country Transaction Report
HRCA High Risk Country Activity Report
KYC Know Your Customer
QC Quality Control
Report Any STR, SAR, AIF, AIFT, RFI, or RFIT based report
RFI Request for Information without Transactions
RFIT Request for Information with Transactions
RFR Reason For Reporting
SAR Suspicious Activity Report
STR Suspicious Transaction Report
Page 7 of 46
CBUAE Classification: Public
the timely escalation of potentially suspicious activity. LFIs should not rely solely on transaction monitoring
systems to identify unusual and potentially suspicious activity in their customer population. First line of
defense employees play a critical role in the detection and prevention of money laundering and the financing
of terrorism and illegal organisations. Appropriately trained employees are in fact well-placed to identify
suspicious transactions and assess that information once deemed reasonable—collected through
interactions with a customer—now appears suspicious. They should therefore be trained regarding
potential risk and risk mitigation and reporting within their business area. Employees should understand the
regulatory requirements within the scope of their role; red flags associated with their customers, products,
services, delivery channels, and geographies; and the appropriate escalation procedure both to their
management and to the second line of defense without compromising their responsibility to report
suspicious transactions.
Detect transactions relating to any crime as defined in Article 1 of the AML-CFT Decision.
Review, scrutinize, and study records; receive data concerning suspicious transactions; and make
decisions to either notify the FIU or maintain the transaction with a documented rationale for
maintaining the transaction while upholding confidentiality requirements.
Review the internal rules and procedures relating to combating the crime and their consistency with
relevant laws and regulations; assess the extent to which the LFI is committed to the application of
these rules and procedures; propose what is needed to update and develop these rules and
procedures; prepare and submit semi-annual reports on these points to senior management; and
send a copy of that report to the relevant supervisory authority with senior management remarks
and decisions.
Page 8 of 46
CBUAE Classification: Public
Prepare, execute, and document ongoing training and development programs and plans for the
LFI’s employees on money laundering and the financing of terrorism and financing of illegal
organisations, and the means to combat them.
Collaborate with the supervisory authority and FIU, provide them with all requested data, and allow
their authorized employees to view the necessary records and documents that will allow them to
perform their duties.
According to CBUAE’s Guidelines, the Compliance Officer is the LFI’s money laundering reporting officer
(“MLRO”) charged with reviewing, scrutinizing, and reporting STRs and other reports pertaining to
suspicious activity. In this capacity, the Compliance Officer or MLRO is ultimately responsible for the
detection of transactions related to money laundering and financing of terrorism and illegal organisations;
for reporting suspicions to the FIU; implementing the appropriate actions following an STR, SAR, or other
report filing (e.g., ensuring the STR or SAR subject is input into the relevant list for close monitoring or
internal watchlists/blacklists; changing the customer risk rating; etc.); and for cooperating with the relevant
authorities on AML/CFT matters. The Compliance Officer or MLRO is ultimately responsible to ensure that
an appropriate programme exists in the LFI and that the LFI effectively deploys a risk-based approach to
detect and report suspicious activity.
The Compliance Officer or MLRO should also act as the primary point of contact with law enforcement
agencies for their requests and investigations. The Compliance Officer or MLRO is responsible for liaising
with regulators and external bodies on financial crime issues in order to share knowledge, report cases,
develop best practices, and where possible, to improve coordination within the financial sector.
Page 9 of 46
CBUAE Classification: Public
of terrorism and illegal organisations , financing of proliferation, and any potentially unusual activity that
does not align to a customer’s or account's profile including by deploying a risk-based approach. An LFI’s
transaction monitoring systems and manual processes should be reviewed, assessed, and revised
periodically—at least annually—and otherwise as appropriate, justified by the required circumstances.
Additionally, this review should include both an evaluation of transaction monitoring system thresholds and
a fine tuning of the LFI’s transaction monitoring system as well as an evaluation of its effectiveness. The
individuals responsible for the review should have a proper understanding of the LFI’s framework—
including the LFI's business and customer base—to generate a meaningful output.
Governance and Management Oversight: Governance and management oversight helps to ensure
that an LFI’s compliance program is appropriately funded, staffed, and equipped with the requisite
technology, including to identify and report suspicious activity. An LFI’s Board of Directors also
ensures that the compliance program has an appropriately prominent status within the organization
and is operationally independent. In this capacity, senior management, inclusive of the Compliance
Officer, within a compliance program should have the appropriate authority; independence; access
to employees and information within the organization; and appropriate resources to conduct their
activities—including the identification and reporting of suspicious activity—effectively. The
compliance program should have access to the Board of Directors or a designated board committee
to raise any issues or risks; report on the status of ongoing compliance; and escalate any other
pertinent AML/CFT-related information.
As part of an LFI’s risk management framework, senior management and an LFI’s Board of
Directors should oversee the design, implementation, and maintenance of a transaction monitoring
and suspicious activity reporting program based on an LFI’s AML/CFT risks and in accordance with
all applicable laws and regulations. Senior management should likewise oversee a vendor selection
process (as applicable) if a third-party vendor is used to acquire, install, implement, or test a
transaction monitoring program or any aspect of identifying and reporting suspicious activity,
among other responsibilities. The Compliance Officer (or MLRO) shall periodically update the
Board of Directors (or a committee of the Board) on the overall capability framework (that includes
technology and process aspects of suspicious activity identification, investigation and reporting
aspects).
Page 10 of 46
CBUAE Classification: Public
Policies and Procedures: An LFI should have policies and procedures that govern changes to its
transaction monitoring program which ensures that changes are defined, managed, controlled,
reported, and audited. Namely, LFIs should have governance protocols surrounding the design and
implementation of new detection scenarios; periodic assessment and validation of existing
detection scenarios; and retiring of detection scenarios. In addition, an LFI should develop a
procedure for the investigation and processing of transaction monitoring alerts in order to file an
STR, SAR, or other report type promptly and qualitatively. These policies and procedures should
cover the key processes for drafting and filing an STR, SAR, or other report type and other
regulatory reports. More broadly, policies and procedures work to manage key AML/CFT risks and
create processes for adherence across an LFI.
Clear Lines of Responsibility and Reporting: In relation to suspicious transactions, an LFI should
have clear roles, responsibilities, and reporting lines, including reporting and escalations to the
Board of Directors and senior management. These roles, responsibilities, and reporting lines should
be clearly documented across all three lines of defense. Clear lines of responsibility help with
effectively identifying and reporting suspicious activity in a timely manner while ensuring that there
is appropriate and effective oversight of employees who engage in activities which may pose
greater AML/CFT risk. LFIs should also have a mechanism to inform senior management and the
Board of Directors (or a committee of the Board) of compliance initiatives, compliance deficiencies,
STRs or SARs (or other reports) filed, and corrective actions taken.
Ongoing Training: Training should be provided on an ongoing basis to an LFI’s employees and
should include changes to the UAE’s legislative and regulatory frameworks; internal policies or
procedures; and understanding of evolving risk issues with respect to an LFI’s transaction
monitoring and suspicious activity reporting program. Training topics can include, but are not limited
to, thematic analysis of STRs or SARs; regulatory requirements and best practices related to STR
or SAR reporting; noteworthy STRs or SARs (or other reports) filed during the prior quarter; and
controls related to emerging financial crime risks. Training should be customized to include any
other internal data that would be beneficial to both the first line and second line of defense.
Page 11 of 46
CBUAE Classification: Public
Location-based rules, in which the transactions involving a specific location (either as origin or
destination) are examined; and
Page 12 of 46
CBUAE Classification: Public
Senior Management and where required, notify the Board of Directors (as part of periodic updates), on the
appropriateness of design of manual monitoring reports. LFIs should be alert to the fact that complex and
evolving financial crime risks can undermine the effectiveness of manual monitoring systems, and therefore,
manual monitoring systems should also be independently reviewed for reasonable filtering criteria.
Page 13 of 46
CBUAE Classification: Public
Page 14 of 46
CBUAE Classification: Public
cases. As a result, it is critical that the information provided in all reports of suspicious activity be as
accurate, timely, and complete as possible.
STR: If, during the establishment or course of the customer relationship, or when conducting
transactions on behalf of a customer or an occasional customer, an LFI suspects transactions are
related to money laundering, related predicate offenses, or the financing of terrorism or illegal
organisations, then the LFI should submit an STR to the FIU within the timelines established in this
guidance.
SAR: If, during the establishment or course of the customer relationship, an LFI suspects any
activity or an attempted transaction (i.e., a non-executed transaction) can be related to money
laundering, related predicate offenses, or the financing of terrorism or illegal organisations, then
the LFI should submit a SAR to the FIU within the timelines established in this guidance.
Additional Information File (“AIF”) without Transactions: Should the FIU require any further details
while reviewing an STR or SAR, then the LFI that originally submitted the report may be solicited
for further information by receiving an AIF request from the FIU through the Message Board. Should
such a situation arise, the LFI is required to submit an AIF based report through the goAML
platform. Please note that an AIF is a supplemental report that does not contain transactional
details.
Additional Information File with Transactions (“AIFT”): Should the FIU require any further details
including transactions while processing an STR or SAR, then the LFI that originally submitted the
said report may be solicited for further information including transactions by receiving an AIFT
request from the FIU through the Message Board. Should such a situation arise, then the LFI is
required to submit an AIFT report through the goAML. Please note that an AIFT is a supplemental
report that contains transactional details.
Request for Information (“RFI”) without Transactions: Should the FIU require further information
from multiple LFIs rather than just the entity responsible for submitting the STR or SAR, then an
RFI request will be sent out to the concerned LFIs through the goAML Message Board. Should
such a situation arise, then the LFI is required to submit an RFI report through the goAML portal.
Request for Information with Transactions (“RFIT”): The ‘RFI with Transaction(s)’ report is similar
to the structure of an RFI request, with the exception that this report type supports the use of
transactions.
High Risk Country Transaction Report (“HRC”): If, during the establishment or course of the
customer relationship, or when conducting transactions on behalf of a customer or a potential
customer, an LFI identifies transactions related to high-risk countries as defined by the National
Page 15 of 46
CBUAE Classification: Public
Anti-Money Laundering and Combating the Financing of Terrorism and financing of Illegal
Organizations Committee 2 , then the LFI should submit an HRC to the FIU. Such reported
transaction(s) may only be executed three working days after reporting such to the FIU, and if the
FIU does not object to conducting the transaction within the set period.
High Risk Country Activity Report (“HRCA”): If, during the establishment or course of the customer
relationship, or when conducting an activity on behalf of a customer or a potential customer, a
reporting entity identifies activities related to high-risk countries as defined by the National Anti-
Money Laundering and Combating the Financing of Terrorism and financing of Illegal Organizations
Committee3, then the entity should submit an HRC to the FIU. Such reported activity(ies) may only
be executed three working days after reporting such to the FIU, and if the FIU does not object to
conducting the activity within the set period.
When all applicable information is collected, analyzed, and documented and the LFI decides that an STR
or SAR is required, the information should be described in the narrative within an investigative narrative
report template in a concise and chronological format. The LFI should divide the narrative into three
sections: an introduction, a body, and a conclusion. The investigative narrative report template is
considered as an addition to the goAML report (due to the potential text limitation within the “goAML
description of the report” field).
Introduction
The introductory paragraph should provide:
A brief statement addressing the purpose of the report with a general description of the known or
alleged violation.
The name(s) of the subject against whom the report is filed.
Any linked/ previous STRs, SARs, or other reports, including the date of any STR(s) / SAR(s) filed
(or other reports) previously on the suspect or related suspects and the reason why the previous
STR(s) / SAR(s) (or other report) was filed.
Additional Guidance:
Whether the activity is associated with any sanctioned countries or contained on government lists
for individuals or organisations.
A summary of the “red flags” and suspicious patterns of activity that initiated the report. (This
information should be provided either in the introduction or conclusion of the narrative).
Body
The next paragraph or paragraphs of the narrative can provide all pertinent information documenting
why the STR, SAR, or other report was filed and might include:
Details of parties facilitating the suspicious activity or transactions. If the subject is an entity, details
of the subject can include the entity’s trade license number, date established, line of business,
licensing authority, and ownership structure.
2
https://www.namlcftc.gov.ae/en/high-risk-countries.php
3
Idem note
Page 16 of 46
CBUAE Classification: Public
Involved suspected transactions (usually identified in chronological order by date and amount) [To
be included only for an STR and supplementary reports involving transactions].
The review period for the suspicious activity or transactions.
The source of funds, destination of funds, and total of suspected amounts. This can include the
transactor and beneficiary information, providing as much detail as possible, including the name
and location of any involved domestic and/or international financial institution(s); names,
addresses, account numbers, and any other available identifiers of originator and beneficiary
transactor(s); and/or third parties or business entities on whose behalf the conductor was acting;
the date(s) of the transaction(s); and amount(s).
Explain in detail the reason for the suspicion, and why the activity or transaction is determined to
be illegal or suspicious.
Description of the method of operation (i.e., modus operandi).
Additional Guidance:
A breakdown of larger volumes of financial activity into categories of credits and debits, and by date
and amount. [To be included only for an STR and supplementary reports involving transactions].
An explanation of any observed relationships among the transactors (e.g., shared accounts,
addresses, employment, known or suspected business relationships and/or frequency of
transactions occurring amongst them; appearing together at the LFI and/or counter). [To be
included only for an STR and supplementary reports involving transactions].
Specific details on cash transactions that identify the branch(es) where the transaction(s) occurred,
the type of transaction(s), and how the transaction(s) occurred (e.g., night deposit, on-line banking,
ATM, etc.). [To be included only for an STR and supplementary reports involving transactions].
Any factual observations or incriminating statements made by the suspect.
Conclusion
The final paragraph will be covered under “Action Taken by Reporting Entity” field. The final paragraph
of the narrative can summarize the report and might also include:
Any planned/initiated mitigating steps, including information about any follow-up actions conducted
by the LFI (e.g., intent to close or closure of accounts, ongoing monitoring of activity, etc.).
Additional Guidance:
Names and telephone numbers of other contacts at the LFI if different from the point of contact
indicated in the report.
A general description of any additional information related to the LFI that may be made available
to law enforcement by the LFI.
Names of any law enforcement or department/unit investigating the case who are not already
identified in another section of the report.
Page 17 of 46
CBUAE Classification: Public
Describe the subject of the STR, SAR, or other report, otherwise known as the suspect(s),
including the conductor, beneficiary, and accountholders involved in the transaction or activity.
Provide identifying information on the parties involved in the transaction, such as the suspect’s
occupation and position or title within the business.
List beneficial owners, directors, officers, and those with signing authority, if possible. If the
transaction or activity involves an entity, include information on the ownership, control, and
structure of the business.
Provide details about each individual or entity's role in each of the financial transactions
described. It is important to understand who is sending and receiving the funds. [To be included
only for an STR and supplementary reports involving transactions].
If more than one individual or entity is involved in the suspicious activity, explain the relationships
among the individuals or entities (if known).
Even though information may not always be available, information should be included to the extent possible.
For instance, addresses for suspects are important; filing LFIs should note not only the suspect’s primary
street addresses, but also, other known addresses. Any identification numbers associated with the
suspect(s) such as passport and driver’s license numbers are also important to document.
What instruments or mechanisms are being used to facilitate the suspicious activity or
transaction(s)?
Review the instruments or mechanisms used in the suspicious activity (e.g., wire transfers,
foreign currency, Wages Protection System (WPS), letters of credit and other trade instruments,
correspondent accounts, money orders, credit/debit cards, etc.).
Understand the number of different methods employed for initiating the negotiation of funds,
such as the Internet, phone access, mail, night deposit box, remote dial-up, couriers, or others.
Describe the source of the funds (as originator) or use of the funds (as beneficiary). In
documenting the movement of funds, identify all account numbers at the LFI affected by the
suspicious activity or transaction and when possible, provide any account numbers held at other
LFIs and the names/locations of the other LFIs involved in the reported activity.
When did the suspicious activity or transaction take place?
If the activity takes place over a period of time, provide the date when the suspicious activity or
transaction was first observed and describe the duration of the activity.
To better understand the history and nature of the activity, and the flow of funds, LFIs should
provide information on each individual transaction in a chronological order (e.g., individual
Page 18 of 46
CBUAE Classification: Public
dates and transaction amounts, rather than only the aggregated amount). [To be included only for
an STR and supplementary reports involving transactions].
Provide information on when the transaction was completed or attempted. If the transaction was
not completed, the LFI should indicate this in the narrative. [To be included only for an STR and
supplementary reports involving transactions].
Where did the suspicious activity or transaction take place?
Explain if multiple offices of a single LFI were involved in the suspicious activity or transaction
being reported. Provide the addresses of those locations.
Specify if the suspected activity or transaction(s) involves a foreign jurisdiction. In this case,
list the foreign jurisdiction, LFI, address, and any account numbers involved in, or affiliated with the
suspected activity or transaction(s).
This information should include any location involved in the full transaction chain, including
ultimate originators and beneficiaries to the extent this can be ascertained. [To be included only for
an STR and supplementary reports involving transactions].
Why does the LFI think the activity or transaction is suspicious?
Describe the industry or business and why the activity or transaction is unusual for the
customer. Consider the types of products and services involved in the activity and the expected
activities of similar customers.
Assess why the activity created a red flag for the LFI or triggered an alert within the system.
These answers will vary based on the LFI type (for example, a depository institution versus an insurance
company) and an LFI should also consider such factors as:
Describe how the transaction or pattern of transactions was committed (i.e., the “modus
operandi” or the method of operation). [To be included only for an STR and supplementary reports
involving transactions].
For example, if there appear to be multiple cheques deposited matched with outgoing wire transfers
from the accounts, the narrative should include information about both the cheques and outbound
transfers (including dates, destinations, amounts, accounts, frequency, and beneficiaries of the
funds transfers).
Page 19 of 46
CBUAE Classification: Public
According to the “goAML XML Submission Guide,” the goAML system reflects multiple mandatory fields,
business rules, and various binding scenarios. Combined, the system only accepts reports that pass
through the minimum requirements set by the FIU. Mandatory fields for submitting a report in the goAML
system are noted below:
4
The UAE FIU has noted instances where SAR or STRs are reported due to the LFI not receiving supporting documents that would
justify the transaction or activity. However, upon the FIU raising a request to the same LFI in the form of an AIF, supporting documents
were subsequently provided for the same subjects and report. This documentation in some instances removed the suspicion of the
transaction and in others, helped explain the transaction or action. Submitting reports to the FIU without first conducting a thorough
investigation and looking at all available evidence creates a situation where non-suspicious transactions may be reported to the FIU.
LFIs are reminded that internal investigations into the suspicious transaction or activity should be conducted to the fullest extent
possible prior to raising an STR or SAR and that related documentation, when available or easily retrievable, should be included with
the STR or SAR.
5
Egmont Group, Enterprise-wide STR Sharing: Issues and Approaches, Pg. 17
Page 20 of 46
CBUAE Classification: Public
1. Select the Report Type [4.2.1 GoAML XML Submission Guide]: A Compliance Officer or MLRO
should select a report type and populate all available details in the ‘Report Cover’ as depicted
below:
Reporting Entity ID – Entity name as per the Report Type* – Report type relevant to the
registration (auto-generated) suspicion/reason for submission to the FIU
Internal STR/SAR # – Internal STR/SAR FIU Reference – Only applicable in the
number case of AIF/RFI/ AIFT/RFIT type reports.
Submission Date* – Date of escalating the Provide the corresponding case number as
Report to the FIU (auto-generated) specified in the Message Board
Description/Summary of the Report* – Brief communication sent by the FIU
overview for the suspicion/reason for Action Taken by Reporting Entity* – The
submitting this report to the FIU. This field is action(s) taken by the reporting entity post-
only mandatory for STR and SAR report types identifying the reason for
Reporting Entity Branch – Branch where the suspicion/submission
main subject(s) of the report were identified
2. MLRO Details [4.2.2 GoAML XML Registration Guide]: This section of the report includes details
on the Compliance Officer, MLRO, or individual filing the report, which is automatically populated
using the details provided during the registration phase.6
3. Location of the Incident [4.2.3 GoAML XML Registration Guide]: The location of the incident
requires the location where the suspicious incident/transaction originated from. This is mandatory
for STR and SAR report types.
4. Reason for Reporting [4.2.4 GoAML XML Registration Guide]: The LFI is expected to select
the most appropriate reason for reporting available from the menu selection provided. If necessary,
more than one reason may also be provided. It is imperative that the correct Reason for Reporting
(“RFR”) is chosen for STRs or SARs submitted in the goAML system.7
5. Transactions [4.2.5 GoAML XML Registration Guide]: If the reported activity involves
transaction(s), the LFI should populate the following transaction details:
Transaction Ref. Number* – Kindly use the Transaction Executed by (Staff Name) –
auto-generate button to generate a unique Name of the staff member who executed
identification number if the LFI is not a the transaction
Bank/Exchange House
6
The UAE FIU has noted that there have been instances of reports being received whereby upon review, the LFI’s MLRO and related
team members’ contact details were not updated in the goAML system, which included email addresses and phone numbers. Keeping
contact information updated helps with the two-way communication between LFIs and the FIU while helping to shorten the turnaround
time of report analysis. It also enhances the ability of the FIU to analyze and subsequently process reports in a timely manner. The
contact information should be kept updated at all times.
7
The UAE FIU has noted that in some cases LFIs file reports while choosing RFRs that, upon closer examination, are not linked to
the actual suspicions of the report. As an example, reports have been received with RFRs related to the financing of terrorism and
illegal organisations with no evidence of any activity connected to the financing of terrorism and illegal organisations. Selecting
incorrect RFRs hinders the FIU’s analysis, and the LFI should expect multiple requests by the FIU for further clarification in these
cases. LFIs should be prudent and diligent when choosing RFRs and submitting reports to the UAE FIU. RFRs should be chosen
correctly and in relation to the actual suspicions of the STR or SAR being submitted.
Page 21 of 46
CBUAE Classification: Public
Reporting Entity Internal Reference Number* Authorizer – Name of the staff member
– Reporting entity's internal transaction responsible for authorizing the transaction
reference number Branch executing the transaction* –
Type of Transaction* – The mode used to Branch where the transaction was
conduct the transaction being reported executed
Late Deposit – Does this transaction account Date of receipt for recall request* (that field
as a late deposit? (Yes or No) will only show if ‘Yes’ was selected for
Total Suspected Amount* (AED) – Suspected Indemnified for Repatriation) – The date
amount in AED when the reporting entity received the fund
Date* – Date when transaction was initiated recall request
Indemnified for Repatriation* – If the reporting Purpose of the Transaction* – Purpose for
entity has received an indemnity for executing the transaction
repatriation Transactions Comments – Comments (if
any)
6. Transaction Type, From Type / To Type, My Client / Not My Client, Foreign Currency,
Conductor, [4.2.5.1-4.2.5.5 GoAML XML Registration Guide]: Additional transaction details
should be added according to the transaction type; transaction type (to/from) (i.e., my client, not
my client); and foreign currency type (if applicable); and the amount. These fields should be
populated by the LFI according to the GoAML XML Registration Guide’s instructions. Please refer
to Party Type: Person (below) to populate information on the conductor of the transaction for
4.2.5.6.
7. Phone, Address, Identification, Email, and Employer Address and Employer Phone [4.2.5.7-
4.2.5.11 GoAML XML Registration Guide]: These fields should be populated by the LFI according
to the GoAML XML Registration Guide’s instructions.
8. Party Type [4.2.5.12 GoAML XML Registration Guide]: The ‘Party Type’ refers to the initiating
source (source of funds) and beneficiary/destination party in relation to the report being filed. The
initiating source and beneficiary/destination party can be either a Person, Account, or Entity.
Party Type: Person [4.2.5.6, 4.2.5.13 GoAML XML Registration Guide]: Where the subject
initiating or receiving the transaction is a person, clicking the ‘Person’ radio button will
generate the following form and fields.
Page 22 of 46
CBUAE Classification: Public
Alias – A known alias for the person (if Passport Number* – Input the passport
applicable) number without any spaces/hyphens only
Emirates ID – Emirates ID number; input the in the absence of an Emirates ID
number without using any spaces/hyphens Passport Country* – Country of the
Nationality 1 – First nationality of the person passport provided
Nationality 2 – Second nationality of the Deceased – Is the person deceased?
person (Y/N)
Nationality 3 – Third nationality of the person Date of Death – Date when the person
ID Number – ID number; input the number died (applicable only if “Y” was provided in
without using any spaces/hyphens the ‘Deceased’ field)
Tax Number – Tax number for outside UAE
without hyphens/spaces (e.g., FATCA number
for US citizens)
Residence – Country of residence
Party Type: Account [4.2.5.14 GoAML XML Registration Guide]: If the transaction was
initiated or received through an Account, clicking the ‘Account’ radio button will generate the
following form and fields:
Please note that LFIs should also add a ‘Signatory(ies)’ form for reports involving accounts
that are classified as ‘My Client.’ When the accountholder is a person, the LFI is required to
enter all involved signatories. If the accountholder is an entity, the LFI is required to populate
the entity details. For instances where an account has multiple signatories, all of the signatory
details need to be captured in the goAML system.
Page 23 of 46
CBUAE Classification: Public
Party Type: Entity [4.2.5.15 GoAML XML Registration Guide]: If the transaction was
initiated through an Entity, clicking the ‘Entity radio button will generate the following form and
fields.
9. Involved Parties [4.2.5.16 GoAML XML Registration Guide]: If there are multiple parties
involved in the reported activity, the ‘Involved Parties’ form should be populated with the following
fields.
Page 24 of 46
CBUAE Classification: Public
10. Good and Services [4.2.5.17 GoAML XML Registration Guide]: This section corresponds to
transactions involving the exchange of goods and services.
Item Type* – The type of item (e.g., Vehicle) Disposed Value - Effective value for
Description – Description of the item (e.g., property transfer (value must be in AED)
Luxury Car) Size UOM – Unit of measurement (e.g.
Manufacturer – Item maker (e.g., if the item square meters)
is a car - BMW) Size – Size of the property
Presently Registered To – Name of current Registration Number – Official registration
owner number (e.g., Car VIN Number)
Previously Registered To – Name of Registration Date – Official registration
previous owner date (in MM/DD/ YYYY format)
Status Code – Stats code (e.g., Bought, Identification Number – Any number that
Hired) can identify the item (e.g., Car Plate
Estimated Value – Estimated value of the Number)
item Comments – If applicable
Currency Code – Used to report service **Addresses can be added
conducted in foreign currency
11. Activity [4.2.6 GoAML XML Registration Guide]: If the report does not contain any transaction(s),
then the activity details may be captured in the report. The activity details should include the
significance of a concerned subject (scale of 0-10), the reason for reporting the party, and any
comments. The ‘Activity’ tab will be shown only in the case the reporting entity is submitting an
“SAR”, “RFI without transaction(s)” or an “AIF without transaction(s)” based report file.
Upon completion of all the mandatory fields (noted above) and submission of the report in the goAML
system, the report will be provided to the FIU. It is mandatory for the LFI’s filer to attach supplemental
documents to accompany the submission—including but not limited to—Know Your Customer (“KYC”)
documentation, copies of identification documentation, account opening forms, transaction receipts,
financial statements, and other documents relevant to the investigation. In the instance that the LFI
conducted due diligence or internal investigations, the corresponding documents must also be attached.
This will assist the FIU in reviewing the report with all the appropriate documentation to support its review
and analysis.
Page 25 of 46
CBUAE Classification: Public
Alert Review: An LFI’s employees should review an alert and determine whether further investigation is
warranted. The underlying basis for the determination should be documented in accordance with an LFI’s
investigations procedures. An LFI may choose to have alert review decisions subject to Quality Control
(“QC”) review, prior to final dispositioning.
Where the facts available at the alert review stage are or may be sufficient to warrant an STR or SAR filing
without further investigation, or where the transaction may otherwise require immediate attention (per
criteria set forth below in 4.4 Activity Requiring Immediate Attention), employees should immediately
escalate the alerted activity to the designated STR or SAR decision authority for expedited review.
Case Investigation: For any alerted activity determined to require further investigation, employees should
conduct and complete (at least preliminarily) an investigation of the alerted activity, document the results
of any research or analysis performed, and make a recommendation as to whether an STR or SAR should
be filed.
Where a case investigator becomes aware of activity that requires immediate attention (per criteria set forth
below in 4.4 Activity Requiring Immediate Attention), employees should immediately escalate the activity to
the designated STR or SAR decision authority for expedited review.
If, in the case investigator’s judgment, the facts available at the filing recommendation deadline meet one
or more of the UAE regulatory definitions of suspicious activity, the case investigator should submit a
recommendation to file an STR or SAR, even if certain aspects of the activity remain unexplained.
Unanswered requests for information (RFIs) made in the course of a case investigation should not delay
the timely submission of recommendations with respect to an STR or SAR filing. LFIs should define the
reasonable RFI timeframe to allow the customer to respond to quires raised during a case investigation as
part of the RFI process.
Page 26 of 46
CBUAE Classification: Public
In the event of escalation for expedited review, the Compliance Officer or MLRO should review the activity
and make a determination as to whether it is suspicious within 24 hours of the date of escalation. Where
appropriate, the Compliance Officer or MLRO also should escalate the activity for potential exit and account
closure.
In the event of escalation for expedited review, the Compliance Officer or MLRO should file an STR or SAR
to the FIU within 24 hours of the determination. All prospective STRs or SARs should be reviewed for
accuracy and completeness prior to filing, in accordance with applicable procedures.
LFIs are ultimately responsible under UAE’s AML-CFT Law to report suspicious activity without delay and
should seek to file STRs and SARs ahead of the prescribed timeline.
If the LFI designates an investigation as “complex”, the LFI should submit an initial STR or SAR to the FIU
within 15 business days of the alert generation. The initial STR/SAR should be labelled as a “Complex
investigation” to the FIU. Following the initial STR or SAR filing, the LFI has an additional 30 business days
Page 27 of 46
CBUAE Classification: Public
to obtain all necessary information related to the complex investigation and submit a follow-up STR or SAR
to the FIU.
Page 28 of 46
CBUAE Classification: Public
As part of their risk-based AML/CFT framework, and in keeping with the nature and size of their businesses,
LFIs and their foreign branches or group affiliates where applicable, should establish adequate policies,
procedures and controls to ensure the confidentiality and protection of information and data related to STRs,
SARs, and other report types. These policies, procedures and controls should be documented, approved
by senior management, and communicated to the appropriate levels of the organization.
LFIs must ensure that all relevant information relating to STRs, SARs, and other report types is kept
confidential, with due regard to the conditions and exceptions provided for in the law, and the guiding
principles for this must be established in policies and procedures. LFIs should ensure that policy and
procedures are reflected in for example, appropriate access rights with regard to core systems used for
case management and notifications, secure information flows and guidance/training to all employees
involved. This guidance and training are particularly important for the first line of defense employees who
have contact with customers. It is essential that these employees know when there may be cases of
suspicious transactions, what questions they have to ask the customer and which information they must
not under any circumstances disclose to the customer.
It should be noted that the confidentiality requirement does not pertain to communication within the LFIs
or its affiliated group members (foreign branches, subsidiaries, or parent company) for the purpose of
sharing information relevant to the identification, prevention or reporting of suspicious transactions and/or
crimes related to money laundering and the financing of terrorism and illegal organisations, according to
the Article 39.1 of the AML-CFT Decision.
Page 29 of 46
CBUAE Classification: Public
It is a federal crime for LFIs or their managers, employees, or representatives, to inform a customer or any
other person, whether directly or indirectly, that a report has been filed or will be filed, or of any information
or data contained in the report, or that an investigation is under way concerning the transaction, otherwise
known as “tipping off.” Any person violating this prohibition is liable to a penalty of no less than AED100,000
and no more than AED500,000 and imprisonment for a term of not less one year, according to the Article
25 of the AML-CFT Law.
Specifically, once a suspicious transaction or other suspicious information related to a customer or business
relationship has been reported to the FIU, the LFI should take the following immediate responses:
LFIs should follow the instructions, if any, of the FIU in relation to both the specific transaction and
to the business relationship in general.
LFIs should identify all related/associated accounts or relationship of STR or SAR customers and
conduct a review on those accounts/relationship to check whether any suspicious transaction(s)
Page 30 of 46
CBUAE Classification: Public
has taken place. If yes, appropriate risk-based Enhanced Due Diligence (“EDD”) and ongoing
monitoring procedures should be implemented.
The customer or business relationship, including the related/associated accounts and relationship
to the STR or SAR customers, should immediately be classified as a high-risk customer and
appropriate risk-based EDD and ongoing monitoring procedures should be implemented in order
to mitigate the associated money laundering and the financing of terrorism and illegal organisations
risks.
Unless specifically instructed by the FIU to do so, LFIs are under no obligation to carry out transactions
they suspect, or have reasonable grounds to suspect, of being related to a crime. Furthermore, unless
specifically instructed by the FIU to maintain the business relationship (for example, so that the competent
authorities may monitor the customer’s activity), it should be the LFI’s responsibility to take appropriate
steps in order to decide whether or not to maintain the business relationship based on their risk appetite.
However, LFIs should consider the risk of tipping off a customer when taking these restrictive measures on
the account. These steps may include, but are not limited to:
Reassessing the business relationship risk and re-evaluating the customer’s risk profile, where
necessary.
Initiating an enhanced customer due diligence review.
Considering the performance of an enhanced background investigation (including, if appropriate,
the use of a third-party investigation service).
Any other reasonable steps, commensurate with the nature and size of their businesses, and
bearing in mind the obligation to avoid “tipping off” the customer.
LFIs that determine to maintain the business relationship should, commensurate with the nature and size
of their businesses:
Document the process by which the decision was made to maintain the business relationship, along
with the rationale for, and any conditions related to, the decision; and
Implement adequate EDD measures to manage and mitigate the money laundering/the financing
of terrorism and illegal organisations risks associated with the business relationship.
In such cases, beyond EDD measures, LFIs should also implement additional control measures such as,
but not limited to:
Requiring additional data, information or documents from the customer in order to carry out
transactions (for example, evidence of relevant licenses or authorizations, customs documents,
additional identification documents, bank or other references).
Restricting the customer’s use of certain products or services.
Placing restrictions and/or additional approval requirements on the processing of the customer’s
transactions (for example, transaction size and/or volume limits, or limits to the number of
transactions of certain types that can be executed during a given time period).
LFIs should also document the specific EDD, ongoing monitoring, and additional control measures to be
taken. In this regard, LFIs should obtain senior management approval for the plan, including its specific
conditions, duration and any requirements for its removal, as well as the roles and responsibilities for its
implementation, monitoring and reporting, commensurate with the nature and degree of the money
Page 31 of 46
CBUAE Classification: Public
laundering and the financing of terrorism and illegal organisations risks associated with the business
relationship.
Thus, retaining a customer relationship, exiting the relationship, restricting an account, or any other
actions taken by an LFI following the filing of an STR, SAR, or other report is a decision based on
the LFI’s internal policies and procedures, including its risk appetite, to safeguard the LFI from
relevant risks. This is unless the entity receives instructions from the FIU or any other competent authority
that should be immediately implemented without delay. In cases where the LFI decides to reject a new
customer or to exit an existing relationship due to an STR or SAR filing (or other report), the LFI should
ensure that the subject of the filing is added to internal watch lists, (e.g., a list of individuals and entities that
have been exited for financial crime-related reasons and that should be screened by the LFI to avoid future
on-boarding).
While individual STRs, SARs, or other reports that pose particular risk may require escalation and review
for potential exit, repeated filings on a single account or group of related accounts should trigger
consideration of customer exit. Repeat filings should also prompt a review of risks associated with accounts
of a similar type and of whether internal controls are effectively mitigating risk. An LFI should determine a
threshold for which an account that has been subject to a certain amount of STR or SAR filings (or other
report) will be escalated to senior management for consideration of account closure, possible restrictions
on the account, and/or enhanced monitoring.
LFIs should also maintain a customer exit policy that outlines the process for reviewing the overall customer
relationship and deciding on next steps, including ending the relationship and notifying law enforcement
and/or other group affiliates, as appropriate. Customer exit policies should include criteria for when these
actions are appropriate and outline how the LFI should monitor the activity of a customer it decides to retain.
The LFI should contact law enforcement before closing an account if the entity has knowledge of an ongoing
law enforcement investigation involving that account or customer, or the LFI has filed an STR(s), SAR(s),
or other report types on the customer or account due to continuing suspicious activity. LFIs should be aware
that law enforcement may have an interest in ensuring that certain accounts remain open notwithstanding
suspicious or potential criminal activity in connection with those accounts. If a law enforcement agency
requests that an LFI keep a particular account open, the LFI should ask for a written request. The written
request should indicate that the agency has requested that the LFI maintain the account along with the
purpose and duration of the request. Ultimately, the decision to maintain or close an account should be
made by an LFI in accordance with its own standards and guidelines.
Employees should report the number and types of STRs, SARs, or other regulatory reports filed to the
Board of Directors or a Board-designated committee. While employees are not required to provide actual
Page 32 of 46
CBUAE Classification: Public
copies of STRs, SARs, or other regulatory reports to the Board (or a committee of the Board), such
notifications should contain sufficient information to enable the Board or its committee to provide
appropriate oversight over the LFI’s AML/CFT program. Where an individual filing documents activity that
poses a particular risk, management may provide a copy of the report to the Board or Board-designated
committee. Where appropriate, the suspicious activity or transaction underlying the filing of an STR, SAR,
or other regulatory reports should be communicated to those individuals responsible for managing the risk
associated with the customer and/or activity that is the subject of the STR, SAR, or other regulatory reports
in order to permit such employees to respond appropriately to the AML/CFT risks identified. Although all
such communications are subject to the confidentiality restrictions, it should be noted that the confidentiality
requirement does not pertain to communication within the LFIs or its affiliated group members (foreign
branches, subsidiaries, or parent company) for the purpose of sharing information relevant to the
identification, prevention, or reporting of suspicious transactions and/or crimes related to money laundering
and the financing of terrorism and illegal organisations, according to Article 39.1 of the AML-CFT Decision
(also referenced in Section 5. Confidentiality and Prohibition against “Tipping Off”).
Suspicious transaction indicator alert records, logs, investigations, recommendations and decision
records, and all related correspondence;
Competent authority request for information, correspondent bank requests for assistance, and their
related investigation files and correspondence;
CDD and Business Relationship monitoring records, documents, and information obtained in the
course of analyzing or investigating potentially suspicious transactions, requests for assistance by
LFIs, and all internal or external correspondence or communication records associated with them;
STRs, SARs, and other report types (internal and external), logs, and statistics, together with their
related analysis, recommendations and decision records, and all related correspondence; and
Notes concerning feedback provided by the FIU with respect to reported STRs, SARs, and other
report types, as well as notes or records pertaining to any other actions taken by, or requested by,
the FIU.
Page 33 of 46
CBUAE Classification: Public
Example 2:
Money orders were purchased on 03-28-21 to ABC Corporation in the amount of AED30,000.
Comments: No explanation is given as to why the MVTS considers this activity suspicious. The LFI does
not indicate if money orders were purchased with cash. The LFI does not provide any information about the
purchaser or nature of the business (ABC Corporation) and if this activity was normal or unusual for the
purchaser or the business.
Example 3:
Mr. X was the originator of 12 wires totaling AED400,000. All of the wires were remitted to a Hong
Kong based company. During the same period of time, Mr. X deposited cash into his account.
Comments: The narrative lacks specific details on the destination of the funds (the name of the Hong Kong
based company, bank, and account number of the beneficiary, if identifiable). The depository LFI fails to
include any information concerning the relationship, if any, between the LFI and the customer. Also, no
specific transaction data is provided that identifies the dates and amounts of each wire transfer and the
cash deposit.
Example 4:
The reason for the suspicion is due to multiple third-party transfers being paid into Mr. Y account
that were soon followed by multiple cash withdrawals. Funds sent from the account to multiple third
parties.
Comments: The narrative lacks specific details on the source of the funds (the individual/entity sending
the multiple third-party transfers). The STR does not provide a timeframe of when the transfers were made,
the number and value of the third-party transfers, the number and value of the cash withdrawals, and the
timeframe (how soon) the cash withdrawals were made following the third-party transfers. The depository
LFI fails to include any information concerning the relationship, if any, between the individual/entity sending
the multiple third-party transfers and the customer.
Example 5:
Information has come to our attention that the Mrs. Y has been convicted of a drug trafficking
offense.
Page 34 of 46
CBUAE Classification: Public
Comments: The narrative fails to describe the depository LFI’s relationship with the subject and include
additional identifying details about the subject (name, occupation, address, account number, etc.). The
narrative does not describe any suspicious activity aside from the conviction and fails to state if the
suspicion is related to money laundering or if there are possible links to the financing of terrorism and illegal
organisations.
Example 6:
Mrs. Y came into the bank and asked questions during the account opening process that were
suspicious.
Comments: The narrative does not describe the suspicious activity in detail as a basis for filing the SAR
(e.g., the customer refusing to answer account opening questions; providing falsified or counterfeit
documentation; exhibiting reluctance to provide detailed information about the customer’s business). The
narrative template also fails to describe information that the LFI was able to gather on the prospective
customer during account opening (occupation, address, etc.).
Example 7:
Mr. LMN was the subject of adverse media involving his association with a terrorist group.
Comments: The narrative fails to describe the depository LFI’s relationship with the subject and include
additional identifying details about the subject (name, occupation, address, account number, etc.). The
narrative template also does not identify the terrorist group, describe the customer’s relationship with the
terrorist group, the timeframe for the customer’s involvement with the terrorist group, and how the LFI
became aware of this association, such as a hyperlink to the adverse media report.
Example 8:
Mrs. ABC purchased an insurance product using unusual payment methods. Mrs. ABC is a teacher
at Happy Day Elementary School in Dubai and resides at 11111 Street Name, Dubai, UAE. Mrs.
ABC also has two motor vehicles insured with the LFI since April 2019.
Comments: The narrative fails to describe the type of insurance product purchased, on what date, with
what payment method, and why the institution considers this payment method unusual. The institution also
does not indicate the customer’s stated purpose for purchasing the insurance product and if this is line with
what the LFI knows about the customer.
Example 9:
Mr. XYZ requests to increase payments on his life insurance policy during the period from 02-01-
21 to 05-01-21, and the payments appear to be excessive, given Mr. XYZ’s prior history.
Comments: The narrative fails to include additional identifying details about the subject (name, occupation,
address, etc.). The narrative lacks specific transaction data that identifies the dates, amounts, and method
of payment on the life insurance policy. The narrative also does not describe why the institution considers
these payments to be excessive based on the customer’s prior history of payments. The narrative does not
indicate how long the subject has been in possession of the life insurance policy.
Page 35 of 46
CBUAE Classification: Public
Transactions involving locations with poor AML/CFT regimes or high exposure to corruption.
Significant and/or frequent transactions in contrast to known or expected business activity.
Significant and/or frequent transactions in contrast to known employment status.
Ambiguous or inconsistent explanations as to the source and/or purpose of funds.
Where relevant, nervous or uncooperative behavior exhibited by the LFI’s employees and/or
customers.
B.2 Wire transfers to and from bank accounts
How it works: Transferring proceeds of crime from one person to another via money remittance
services.
Possible indicators
o Significant and/or frequent cash payments for transfers.
o Transfers to or from locations that have poor AML/CFT regimes or high exposure to
corruption.
o Transfers to high-risk countries or known tax havens.
o Transfers to numerous offshore jurisdictions with no business rationale.
o Same home address provided by multiple remitters.
o Reluctant to provide the LFI with identification details.
Page 36 of 46
CBUAE Classification: Public
Page 37 of 46
CBUAE Classification: Public
Possible indicators
o Frequent cheque deposits issued by car dealers, dealers in jewelry, etc.
o Significant and/or frequent payments to utility companies, for example, prepaid cards for
fuel, telecom e-wallets etc.
o Frequent cheque deposits issued by utility companies (i.e., electricity providers).
o Significant and/or frequent payments for purchases from online auction sites.
o Frequent personal cheque deposits issued by third parties.
B.10 Co-Mingling
How it works: Combining proceeds of crime with legitimate business takings.
Possible indicators
o Significant and/or frequent cash deposits when business has electronic funds transfer at
point-of-sale facilities.
o Large number of accounts held by a customer with the same LFI.
o Accounts operated by someone other than the account holder.
o Merging businesses to create layers.
o Complex ownership structures.
o Regular use of third-party accounts.
Page 38 of 46
CBUAE Classification: Public
B.13 Structuring
How it works: Separating large transactions into small transactions to avoid scrutiny and detection
from LFIs.
Possible indicators
o Many transactions conducted at various LFIs and/or branches, in one day.
o Small/frequent cash deposits, withdrawals, electronic transfers made over a short time
period.
o Multiple low value domestic or international transfer.
B.14 Smurfing
How it works: Utilizing third parties or groups of people to carry out structuring.
Possible indicators
o Third parties conducting numerous transactions on behalf of other individuals.
o Many transactions conducted at various LFIs and/or branches, in one day.
o Accounts operated by someone other than the account holder.
Page 39 of 46
CBUAE Classification: Public
Possible indicators
o Excessive use of stored value cards.
o Significant and/or frequent transactions using mobile telephone services.
o Unjustified transactions to and from Cryptocurrency platforms and digital assets
exchanges.
Page 40 of 46
CBUAE Classification: Public
The UAE Insurance Authority has issued the following list of red flag indicators when handling life and
general insurance products. The indicators, as well as any future ones the UAE Insurance Authority may
determine, should be incorporated into an LFI’s AML/CFT program with a view to update policies,
procedures, detection scenarios, and red flag indicators for identifying potentially suspicious activity related
to life and general insurance products.
1. The purchase of an insurance product does not reflect a customer’s known needs (e.g., purpose
of the account).
2. The early surrender of an insurance product is taken at a cost to the customer.
3. The surrender of an insurance product is initiated with the refund directed to a third party.
4. The customer exhibits no concern for the investment performance of a purchased insurance
product and instead exhibits significant concern for its early surrender terms.
5. The customer purchases insurance products using unusual payment methods, such as cash or
cash equivalents, or with monetary instruments in structured amounts.
6. The customer demonstrates reluctance to provide identifying information when purchasing an
insurance product.
7. The customer borrows the maximum amount available from their insurance product shortly after
purchase.
8. The customer used to purchase low-premium insurance and pay premiums by making regular
payments but suddenly purchases insurance that requires a large lump-sum premium payment, for
which no reasonable explanations are provided.
9. The customer purchases an insurance product without concern for the coverage or benefits, or the
customer only cares about the procedures for the policy loan, cancellation of insurance policy, or
changing beneficiary when purchasing an insurance policy that has a high cash value or requires
a high lump-sum premium payment.
10. The customer usually pays a premium by making regular payments but suddenly requests to
purchase a large-sum policy by paying off premium all at once.
11. The customer purchases insurance products with high cash value successively over a short period
of time, and the insurance products purchased do not appear to be commensurate with the
customer’s status and income or are unrelated to the nature of the customer’s business.
12. The customer pays premiums in cash and in several payments marginally below the threshold for
declaration but cannot reasonably explain the source of funds. In addition, the transactions do not
appear to be commensurate with the customer’s status and income or are unrelated to the nature
of the customer’s business.
13. The customer, after making a large premium payment for a policy purchased, applies for a large
policy loan or cancels the policy in a short period of time, for which no reasonable explanations are
provided.
14. The customer is a policyholder of several motor vehicles which is inconsistent with their profile.
15. The theft of a motor vehicle is not reported by the customer/policyholder.
16. The customer attempts to insure a motor vehicle that was reported as stolen or as a total loss.
Page 41 of 46
CBUAE Classification: Public
Page 42 of 46
CBUAE Classification: Public
Page 43 of 46
CBUAE Classification: Public
Information generated from an STR, SAR, and other report type is important for law enforcement and the FIU to effectively identify and
Importance of Filing an combat financial crime. Specifically, the quality of STRs, SARs, and other report types is imperative for increasing the FIU’s analytical
STR or SAR function to identify vulnerabilities and threats to the UAE financial system and develop an overall understanding of money laundering and
the financing of terrorism and illegal organisations risks.
Basic Structure of an Different report types can be filed in the FIU’s “goAML” portal (i.e., STR, SAR, AIF, AIFT, RFI, RFIT, HRC, HRCA). In addition, an LFI
STR or SAR should divide a narrative into three sections (introduction, body, and conclusion).
Procedures for
the Reporting of Best Practices for A narrative should identify and answer the five questions – who? what? when? where? and why? – of the suspicious activity being
Suspicious Drafting an STR or reported to the FIU in addition to the operation/modus operandi (or how?). The Guidance also addresses how defensive STR or SAR
Transactions SAR filings are generally discouraged.
LFIs are required to submit suspicious transaction and activity reports directly to the FIU using the “goAML” portal. There are certain
How to Submit an STR
mandatory fields that an LFI should populate when submitting a report in the goAML portal in addition to providing certain supplemental
or SAR
documents.
Amendments to Once a report is submitted and accepted in the goAML system, changes cannot be applied, including amendments for missing or incorrect
Submitted Reports information. However, LFIs may file a corresponding AIF, AIFT, RFI, or RFIT.
In the absence of escalation for expedited review, LFIs are expected to file an STR/SAR within a maximum of 35 business days from the
date of automated alert generation. The establishment of adequate grounds of suspicion may involve the investigation procedures as per
Alert Review, Case
the LFIs' AML and/or Financial Crime Compliance policies and procedures. LFIs are expected to complete the required investigative
Investigation, and
procedures as expeditiously as possible. LFIs must maintain adequately detailed records of investigative procedures performed against
STR/SAR Decision
alerts and when filing an STR/SAR, must include a summary justifying the time taken to establish grounds of suspicion. In the event of
Making and Filing
escalation for expedited review, the Compliance Officer or MLRO should file an STR or SAR to the FIU within 24 hours of the determination.
All prospective STRs or SARs should be reviewed for accuracy and completeness prior to filing, in accordance with applicable procedures.
Monitoring and
Upon filing an STR/SAR pertaining to an account holder, LFIs are expected to implement enhanced monitoring on such account holders. In
Reporting of
the case of continued suspicious activity detected against said account holder, LFIs are expected to expeditiously file an STR/SAR with the
Timing of Alert Continuing Suspicious
FIU.
Reviews and Activity
STR Filings Situations requiring immediate attention include reportable violations that are ongoing (e.g., part of an ongoing money laundering scheme
Activity Requiring
as indicated by an appropriate law enforcement authority) and transactions that the LFI suspects are related to the financing of terrorism
Immediate Attention
and illegal organisations.
If the LFI designates an investigation as “complex”, the LFI should submit an initial STR or SAR to the FIU within 15 business days of the
Exceptions for alert generation. The initial STR/SAR should be labelled as a “Complex investigation” to the FIU. Following the initial STR or SAR filing,
Complex Investigations the LFI has an additional 30 business days to obtain all necessary information related to the complex investigation and submit a follow-up
STR or SAR to the FIU.
Summary of Review,
There are recommended timelines for the review, investigation, and reporting of suspicious activity in the absence of an escalation for
Investigation, and
expedited review.
Reporting Timelines
Page 44 of 46
CBUAE Classification: Public
Escalation for In certain cases, an alert or case may need to be dispositioned and an STR or SAR filed more rapidly than usual processes allow. In such
Expedited Review cases, the alert will be dispositioned and the STR or SAR filed within 24 hours.
Confidentiality
Confidentiality and When reporting suspicious activity or transactions to the FIU, LFIs are obliged to maintain confidentiality regarding both the information
and Prohibition
Prohibition against being reported and specific to the act of reporting itself, and to make reasonable efforts to ensure that the information and data reported
against
“Tipping Off” are protected from access by any unauthorized person.
“Tipping Off”
Requirements for
If the FIU reaches out to an LFI for additional information pertaining to an STR or SAR, details should be provided in a way that is precise
Corresponding with the
and outlined as per the request. LFIs should maintain clarity on the presented information and provide it in the expected format.
FIU
Following the filing of an STR or SAR filing, LFIs are obliged to follow the instructions, if any, of the FIU in relation to both the specific
Handling of transaction and to the business relationship in general. LFIs may decide to retain a customer relationship, exit the relationship, or restrict
Post STR or SAR
Transactions an account, among others. Any actions taken by an LFI following the filing of an STR or SAR is a decision based on the LFI’s internal
Process
and Business policies and procedures, including its risk appetite, although LFIs should consider the risk of tipping off a customer when implementing
Relationships such restrictive measures.
after Filing Governance and
LFIs should have mechanisms to inform the Board of Directors (or a committee of the Board) and senior management on the status of its
STRs Reporting to Senior
AML/CFT program, including reporting on the number and types of STRs or SARs.
Management
LFIs are required to retain all records and documents pertaining to STRs or SARs and the results of all analysis or investigations
Record Retention performed for a period of no less than five (5) years from the date of completion of the transaction or termination of the business
relationship.
Annex 1: Indicative
Examples of Examples of insufficient STR or SAR narratives are provided with an explanation on why these STR or SAR narratives are not sufficient
Insufficient STR or and comprehensive.
SAR Narratives
Annex 2. Red Flag
The FIU published typologies and indicators of suspicious activity that an LFI should consider with a view to update policies, procedures,
Indicators in the
detection scenarios, and red flag indicators for identifying potentially suspicious activity.
Context of the UAE
Annex 3. Red Flag
Annexes The UAE Insurance Authority issued a list of red flag indicators that an LFI should consider with a view to update policies, procedures,
Indicators for the UAE
detection scenarios, and red flag indicators for identifying potentially suspicious activity.
Insurance Sector
Annex 4. Overarching
Rules and Principles The goAML XML Submission Guide provides additional detail on the rules that an LFI should consider when submitting an STR, SAR, or
for the goAML other report type in the goAML system.
System
Annex 5 Synopsis of the Guidance
Page 45 of 46
CBUAE Classification: Public
Page 46 of 46