top of page
Writer's pictureMy Best CFO

New Guidance on The Risks Relating to Payments.

Updated: Aug 31, 2022

On August 1, 2022, the UAE Central Bank issued the Guidance for Licensed Financial Institutions on the Risks Relating to Payments.


The guidance helps to implement the requirements of Federal Decree Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations. It explains the UAE Central Bank’s expectations in the area of necessary compliance measures that need to be adopted within payments ecosystems. The guidance should not be treated as an amendment or replacement to the existing UAE Central Bank’s requirements and should be read in conjunction with the existing legislation and guidance materials.


The guidance is written in accordance with the recommendations issued by the Financial Action Task Force. The aim of the guidance is to promote the UAE as a jurisdiction compliant with anti-money laundering best practices. It does not, however, set forth an exhaustive list of measures, and financial institutions are ultimately expected to perform their own risk-based assessments as to appropriate measures to be adopted.

The guidance applies to UAE banks, branches of foreign banks, exchange houses, finance companies, stored value facilities, retail payment service providers, and card schemes and is effective from the date of its issuance, and the above-mentioned financial institutions are expected to demonstrate compliance within one month.

The guidance intends to educate about the key risks and types of transactions that require scrutiny. Examples include peer-to-peer payments, cross-border transfers, intermediation, nesting, use of agents or affiliates, dealing with merchants, dealings with correspondent banks, and outsourcing.


The guidance requires financial institutions to take a risk-based approach to mitigating and managing risks related to the payment sector. It describes in detail recommended compliance measures, which apply, to varying degrees, to financial institutions providing retail services and services to other payment sector participants.


The key provisions include a step plan that financial institutions should follow in approaching compliance:

  • Mapping the risks

Financial Institutions should map the risks they are facing, which should cover all payment products and services provided by the relevant financial institutions as well as its relevant UAE and foreign direct relationships. The assessments should be reflected in risk ratings.


The analysis should be tailored to the type of service in question and focus primarily on the area of geographic operation (e.g., whether there are any high-risk jurisdictions), scope of allowed transactions (e.g., whether peer-to-peer payments are allowed), regulatory status (licensed versus unlicensed entity), use of intermediaries, etc.

  • Implementing the design and operation of compliance programs

Financial Institutions should implement the design and operation of compliance programs to ensure greater attention to areas of higher risks. The compliance program needs to ensure ongoing monitoring and accuracy of information.


This step should include, in respect of retail services, customer due diligence (know your customer, including via UAE governmental services, such as UAE-Pass), use of location indicators, imposing limits on certain types of dealings (e.g., maximum storage values), merchant due diligence (e.g., number of complaints it obtains, volumes of operations). It should also include sanctions screening.


In respect of corporate customers, financial institutions need to identify beneficial owners owning 25% or more of shares or, if no person satisfies this criterion, persons holding senior management positions in the entity. Financial Institutions should ensure they have contractual rights to obtain this information and consider terminating the relationship, if no access can be provided.


Financial institutions should also conduct analysis of the materials pertaining to payment sector participants, including by reviewing their promotional materials, website, identifying key merchants, evaluating policies, and controls.


The guidance also sets forth specific requirements with respect to due diligence of correspondent banks. These requirements include collecting information on the nature of the business and evaluating regulatory status, policies (including in respect of merchant due diligence), and controls (in particular, in respect of nesting transactions). They also include obtaining senior management approval before establishing a new correspondent banking relationship, reviewing reports and audit results, and understanding and documenting the scope of responsibilities relating to anti-money laundering.


In some cases (e.g., providing payment services as part of a network), financial institutions should assume full responsibility for customer due diligence.

  • Implementing appropriate controls and trainings

Financial Institutions should implement appropriate controls and trainings to minimize or eliminate the features making payment products and services and new payment products and services attractive to illicit actors.


The guidance suggests that financial institutions providing retail services should consider using geolocation to prevent customer access from high-risk countries, imposing transaction limits, imposing a requirement for customers to only fund accounts and withdraw funds via regulated domestic financial institutions, and using multi-factor authentication.


Appropriate regular training should be provided to employees and agents, including agents of delivery, on-boarding, and cash acceptance. The employees’ and agents’ knowledge in these areas should be periodically tested.

  • Filing suspicious transaction reports

The guidance also reiterates the importance of filing suspicious transaction reports to the UAE Financial Intelligence Unit using the “goAML” portal. The general principle under the guidance is that financial institutions are ultimately responsible for using all information they have to monitor transactions processed or conducted through them. The guidance encourages financial institutions to outsource transaction monitoring.


The guidance is part of the rapidly developing anti-money laundering rules in the UAE and the increasing use of traditional and new types of payment services. It supplements the existing rules with recommendations on compliance, aiming to ensure that financial institutions determine the nature of operations and take measures to exercise some degree of control over operations and service providers to combat illicit finance.


Should you need any help, My Best CFO Team is always happy to help.

Stay up-to-date with us!



38 views0 comments

Σχόλια


Post: Blog2_Post
bottom of page