[ad_1]
New guidelines from the Central Bank of the United Arab Emirates (CBUAE) on Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) require Licensed Financial Institutions (LFIs) to use a digital identity system for customer due diligence (CDD).
It focuses on the digital identity mechanisms that LFIs should employ to continuously perform customer due diligence in relation to natural persons. A WAM report says the guidance specifically addresses identification, registration and authentication mechanisms relevant to LFI’s use of digital identity systems.
LFIs also need to leverage technology best practices, adequate governance, and clearly defined policies and procedures.
use data
In addition, LFIs should conduct ongoing CDD and transaction monitoring utilizing authentication-generated data (e.g. IP addresses) to detect suspicious clients in, to, from, or from sanctioned and high-risk jurisdictions conduct and/or transactions. LFI may rely on client identification and verification by a third party upon onboarding, provided (i) LFI obtains all relevant information from the third party, (ii) takes steps to ensure that the third party will provide information, and (iii) take steps to ensure that third parties comply with the CDD and record keeping requirements set out in Cabinet Decision No. (10) of 2019 on the Implementing Rules of Decree No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Reports of Illegal Organizations.
LFIs include banks, finance companies, exchanges and insurance companies, agents and brokers.
Effective immediately, the guidance will help LFIs understand the risks and effectively meet their statutory AML/CFT obligations, taking into account the standards of the Financial Action Task Force (FATF). The guidelines require LFIs to demonstrate compliance with the relevant CBUAE notifications.
security challenge
LFIs should take appropriate steps to address the inherent technical and security challenges posed by digital identity systems. Given the increasing sophistication and severity of cyber breaches, LFIs should implement and enforce necessary safeguards to reduce identification and registration risks, including cyber attacks, security breaches and the use of stolen, forged or synthetic ID details.
LFIs shall conduct an adequate assurance level and suitability assessment of the digital ID system they select. They should also implement and enforce adequate assurance protocols regarding the accuracy of digital identity systems and have direct access to assurance reviews or access to audit or assurance certification details from expert bodies.
CBUAE Governor Khaled Mohamed Balama said: “The Central Bank is working closely with LFIs to ensure they fully comply with and understand our regularly issued guidance. This guidance on the use of digital identities to fulfill CDD obligations will strengthen AML and the fight against terrorist financing Doctrinal framework and will mitigate potential risks to protect the UAE’s financial system.” — trade arab news agency
[ad_2]
Source link