AML Compliance Requirements for Accountants and Auditors in UAE

AML/CFT Legal Framework for Accountants and Auditors

Over the years, with the increase in Money Laundering (ML) and Terrorist Financing (TF) activities, the United Arab Emirates (UAE) has been actively reinforcing its Anti-Money Laundering (AML) regulations to combat such financial crimes. As a result, the role of accountants and auditors has become crucial in ensuring compliance with these regulations.

The current legal regulations guiding AML/CFT for Accountants and Auditors in the UAE are primarily:

1. Federal Decree Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organization
2. The Cabinet Decision No. (10) of 2019 Concerning the Implementing Regulation Decree Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organization
3. Federal Decree Law No (26) of 2021 to amend certain provisions of Federal Decree Law No (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations
4. Supplemental guidance for auditors issued by the UAE Ministry of Economy

These laws and regulations explain the obligations and responsibilities of Designated Non-Financial Businesses and Professions (DNFBPs), such as accounting and auditing firms.

Further, in addition to the AML Law, accountants and auditors in the UAE must also follow relevant regulations issued by regulatory authorities, such as the Ministry of Economy.

Accountants and Auditors as Gatekeepers

Money Laundering is an attempt by criminals to make illegal funds look like they were gained through legitimate channels. Accountants and auditors deal with all types of clients. When their clients engage in something illegal with the money, it puts them at risk, too. So, auditors and accountants need to be super careful in identifying signs of money laundering and terrorist financing.

Imagine them as gatekeepers, as they are the ones businesses get in touch with when it comes to accounting and auditing. By virtue of the kind of services they provide, they know almost all the activities performed by the client. Accountants and auditors are professionals who also know the red flags associated with clients and transactions. They can spot the warning bells early and proactively submit suspicious activities and transactions to the FIU.

To efficiently understand the compliance requirements for Accountants and Auditors, let us first understand what makes Accountants and Auditors vulnerable to financial fraud.

1. Complex Business Structure: Customers often use complex company structures in multiple countries or shell companies to hide the source of their funds.

2. Irregularities in Transactions: Customers carry out unusual activities like large cash deposits, transactions in high-risk jurisdictions, or transferring money between accounts without clear reasons.

3. Hiding Information: Clients intentionally hide important details about where their money is coming from or what they intend to do with it.

4. Inconsistent Money Moves: Sudden change in client’s spending habits or financial profile.

5. Getting Third Parties Involved: Clients get other people moving their money around, making it harder to trace.

6. Geographical Factors: A customer might be carrying out business with high-risk geographies.

7. PEP Involvement: A client might hide his relationship with a Politically Exposed Person (PEP).

Due to such situations, Accountants and Auditors need to remain vigilant and attentive. By doing so, they safeguard themselves against unknown involvement in financial crimes, which, in turn, helps detect and prevent money laundering and terrorist financing activities.

AML Compliance Requirements for the Accountants and Auditors

1. AML Compliance Officer

AML compliance officer is one of the key positions in the company, as it is important to have a dedicated officer who will efficiently perform key responsibilities

An AML Compliance Officer’s primary responsibility is to oversee the implementation of AML/CFT policies and controls, detect suspicious activities and transactions, and so on.

Key responsibilities of an AML Compliance Officer include the following:

• Conducting Risk Assessments, e.g. Enterprise-Wide Risk Assessment (EWRA)
• Reviewing Compliance Program and its effectiveness, and regularly update and align it with regulatory changes
• Recognise irregularities in customer’s financial dealings and submit Suspicious Activity Report (SAR) and Suspicious Transaction Report (STR)
• Submitting regular reports to the Financial Intelligence Unit (FIU), UAE. Reports like Dealers in Precious Metals and Stones Report (DPMSR), Real Estate Activity Report (REAR), Funds Freeze Report (FFR), etc.
• Prepare policies for the Know Your Customer (KYC) and Customer Due Diligence (CDD) process.
• Carry out Sanctions Screening and ensure adherence to sanctions laws
• Training employees on AML rules and regulations
• Ensure the company’s compliance with Government-mandated AML Laws
• Communicate changes in UAE AML laws and their implication to the senior management
• Submit periodic reports on AML Compliance activities to senior management and file semi-annual reports with the concerned Supervisory Authorities

Moreover, the Compliance Officer must obtain prior approval from the Supervisory Authority and maintain meticulous records of compliance activities.

• Having a Compliance Officer guarantees AML/CFT compliance, minimising the risk of Non-Compliance Penalties and Reputational Damage.
• As Compliance Officer is in charge of conducting CDD, he contributes to maintaining robust AML frameworks and transparency in financial transactions.
• Having a dedicated Compliance Officer reflects the organisation’s commitment to regulatory compliance and ethical business practices.
• A fair compliance environment helps in maintaining trust among stakeholders, clients, and regulators.

2. goAML Registration

goAML registration is a simple registration process with the goAML Portal. Entities, upon fulfilment of registration requirements, get an email from FIU confirming their successful registration. DNFBPs, FIs, and VASPs must complete their goAML registration to report suspicious transactions and activities to FIU.

It is crucial for accountants and auditors to register on goAML for the following reasons:

• goAML provides a medium for reporting suspicious transactions and activities, thereby helping in detecting financial crimes.
• It facilitates compliance with AML regulations set forth by regulatory bodies.
• Enables FIs, VASPs, and DNFBPs to access vital information shared within the goAML system, making easier for them to comprehend illegal financial activities.

3. Enterprise-Wide Risk Assessment

Enterprise-wide Risk Assessment (EWRA) is an essential procedure for organisations to identify, assess, and mitigate risks involved in their operations. Accountants and Auditors play crucial roles in EWRA due to their expertise in financial analysis, audit trail examination, and compliance. Accountants are specialised in analysing financial data, detecting anomalies, and identifying red flags.

Carrying out successful EWRA is important given the following reasons:

• EWRA helps FIs, VASPs, and DNFBPs in identifying potential ML/TF risks.
• EWRA highlights Residual Risks (Net Risk), i.e. Gross risk – Controls
• Through EWRA, accountants and auditors can strengthen their due diligence process, ensuring thorough assessment and verification of customer identities and beneficial owners.
• EWRA is not a one-time exercise; it is an ongoing process that demands regular review and updates to adapt to evolving AML/CFT laws and various ML/TF risks, ensuring continuous compliance.

4. AML/CFT Policies and Procedures

AML/CFT policies and procedures for accountants and auditors are crucial for preventing illegal activities within the financial system. Accountants and auditors should establish strict internal controls to ensure compliance with the AML regulations.

As stated above, compliance officers or designated personnel should supervise AML/CFT operations and conduct periodic reviews to assess the effectiveness of existing controls.

Same actions are expected with respect to clients’ businesses as well. Accountants and auditors must ensure whether their clients have executed all AML/CFT regulations appropriately. Also, it is important to know that these policies and procedures align with client’s risk tolerance capacity.

5. Customer Due Diligence

Customer Due Diligence (CDD) is a process where businesses verify the identity of their customers, assess the potential risks associated, and monitor transactions to prevent financial crimes. In simpler terms, it is like doing a background check on someone before trusting them with important dealings.

Accountants and auditors must perform Customer Due Diligence and apply appropriate CDD measures based on the type and degree of intensity of the risk. They need to apply similar CDD measures in the case of their clients as well.

• Accountants and Auditors must verify the client’s identity by collecting official documents like IDs and passports.
• It is mandatory to confirm that all documents and information obtained from clients are legit.
• It is crucial to examine clients against Sanctions Lists and investigate the involvement of any Politically Exposed Person (PEP).
• It is important that the Ultimate Beneficial Owner (UBO) is identified.
• Accountants and auditors need to understand the nature of their client’s business to assess the legitimacy of their transactions.
• They should scrutinise client’s transactions to detect any potential red flags.
• It is important to determine the source of funds for their client’s financial activities to ensure they are not obtained from any illegal sources.

6. AML/CFT Training

As per Article 21 of the Cabinet Decision No. (10) of 2019, FIs and DNBPs are obligated to provide AML/CFT training to their staff to ensure that they have a proper understanding of the risk of financial crimes and how to combat it.

Overall, apt AML/CFT training helps professionals contribute to keeping the financial system safe and clean.

7. Regulatory Reporting

Regulatory Reporting ensures legal adherence by facilitating timely and accurate submission of reports on suspicious activities to Financial Intelligence Units (FIUs). Here are certain points that indicate suspicious transactions:

• Unusual Transaction pattern: large transactions or transactions involving unrelated parties.
• Unexplained Sources of Funds: Transactions where the source of funds is unclear or unexplained raise red flags.
• Complex Corporate structure and unexplained ownership status
• Attempt to avoid Scrutiny
• Geographic Factors: Transactions that involve dealings with high-risk countries
• Excessive use of cash transactions

All such factors make regulatory reporting crucial and mandatory. Timely and accurate regulatory reporting serves as valuable evidence for law enforcements during investigations into financial crimes, safeguards reputation of financial institutions and helps in avoiding penalties associated with non-compliance.

8. Independent AML Audit

An Independent AML Audit means a thorough examination of an organisation’s AML Policies, procedures, and practices by an external party. During an independent AML audit, auditors typically review:

• AML Policies and Procedures- assessing the adequacy and effectiveness of the AML policies and process
• Customer Due Diligence processes
• Transaction Monitoring and Reporting System
• AML/CFT Training and Awareness Initiatives
• Regulatory Compliance

These audits should be conducted regularly, typically annually or bi-annually, to assess the efficiency of AML program of an organization.

By identifying weaknesses in the AML framework and providing actionable recommendations, these audits help businesses strengthen their compliance measures, protect against financial crimes, and demonstrate commitment to ethical business conduct.

9. Record-Keeping

Maintaining proper records is one of the crucial parts of the effective implementation of the AML/CFT program. It helps to track and document financial transactions, and ensures transparency and accountability.

According to AML regulations in the UAE, all financial records should be retained for a minimum period of 5 years, while it is 6 years, as per ADGM and DIFC.

Challenges faced by Accountants and Auditors in fulfilling their AML Compliance Obligations

Accountants and auditors face several challenges while following the AML Compliance Obligations. Here are some key challenges:

• Complex ML Techniques: Criminals use various tactics like shell companies, offshore accounts, and digital currencies to hide the original source of money. This makes it difficult to trace the transaction.
• Lack of Cooperation and Information Sharing: Clients hesitate to share data, making it difficult for AML professionals to carry out AML compliance effectively.
• Limited Technology: Organizations might lack sufficient tech tools to detect suspicious activities. Especially, small, and medium sized firms. They face shortages in resources, including compliance team and technology.
• Increased Burden of Governance: Identifying beneficial owners and gathering extensive customer data requires time and resources.
• Shortage of Skilled staff: It is indeed difficult to find skilled AML professionals. Also, the turnover rate is as high as the demand. Onboarding expenses and sector-specific expertise add to the challenge.

Conclusion

Accountants and Auditors are fundamental guardians against money laundering and terrorist financing among other financial crimes. By knowing their duties under the AML/CFT laws, recognising risk factors and red flags, and executing mitigation measures to minimize the risks, accountants and auditors always help to safeguard the financial system and the society from the terrible consequences of money laundering.