A Guide for UBO Compliance for DNFBPs in UAE

A Guide for UBO Compliance for DNFBPs in UAE

RapidAML Team

2024-06-18

Table of Contents

What Is UBO

The abbreviation UBO stands for “Ultimate Beneficial Owner”. A UBO is a natural person who exercises significant control over any business’s decisions. According to UAE AML laws, a UBO is a natural person owning 25% or more shares or voting rights or having ultimate control/influence on the decision-making process of the business.

What is UBO

Why Is it Necessary to Know Who the Ultimate Beneficial Owner Is

Recognising UBO is essential to identify and verify the natural person directing or orchestrating the functioning and operations of a business with whom the DNFBPs intend to establish business relationships.

Businesses in UAE are required to ensure compliance with AML regulatory requirements, such as carrying out Customer Due Diligence (CDD) of legal persons/entities to ensure that the natural person or persons running or making decisions for such legal entity are not engaged with any criminal activity or have their name appearing in any of the sanctions list.

Criminals tend to misuse legal entities or corporate vehicles with the aim to conceal their true identities by creating complex ownership structures and multiple shell companies, making it very difficult for the business to identify the UBO behind such a legal entity. UBO information can be disguised by the creation of complex ownership and control structures, such as nominee shareholding and bearer shares, which are created by a confusing web of layers of ownership where the identity of the ultimate beneficial owner is kept concealed.

The absence of sufficient and accurate UBO information facilitates ML/FT and PF as it enables criminals to disguise their:

  • True identity
  • True purpose behind establishing business relationship
  • Source of funds or source of wealth associated with the legal entity

Having obtained the necessary identification documents of the UBO of a legal entity, the business requiring AML compliance needs to conduct the usual CDD processes.

Legal Framework for UBO Compliance

Regulatory Requirements for UBO Identification in the UAE

The regulatory requirement of identification of the UBOs of a legal entity or corporate body prior to the establishment of a business relationship and conducting ongoing monitoring of such legal entity and its UBO during the course of a business relationship comes under the ambit of:

  • Federal Decree-Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations.
  • Cabinet Decision No. (10) of 2019 on the Implementing Regulations of Federal Decree Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations.

The Federal Decree-Law No. (20) of 2018 and the Cabinet Decision No. (10) of 2019 requires businesses coming under its purview to implement a risk-based approach while onboarding new customers and have in place an effective and adequate customer due diligence program commensurate with the ML/FT and PF risks to which such a business is exposed.

Additionally, to facilitate the effective implementation of UBO identification requirements and ensure alignment with the FATF updated recommendations on UBO identification and verification, the UAE government has enacted the following regulations:

  1. The Cabinet Decision No. (109) of 2023 On Regulating the Beneficial Owner Procedures
    • Revoking the previous law “Cabinet Decision No. (58) of 2020 concerning the regulation of Beneficial Ownership Procedures”
  2. Cabinet Resolution No. (132) of 2023 Concerning the Administrative Penalties against Violators of The Provisions of the Cabinet Resolution No. (109) of 2023 Concerning the Regulation of Beneficial Owner Procedures
    • Revoking the previous law “Cabinet Decision No. (53) of 2021 on the administrative fines to be imposed on the violators of Cabinet Decision No. (58) of 2020 concerning the regulation of Beneficial Ownership Procedures.”

Cabinet Decision No. (109) of 2023 and Cabinet Resolution No. (132) of 2023 are brought into force to ensure that regulated businesses meet the UBO identification requirements. The regulated businesses must maintain a register with the database of beneficial owners of legal entities with which they conduct business. Administrative penalties and fines are also prescribed for non-compliance with the above provisions.

Methodology for UBO Identification and Verification

The methodology for UBO identification and verification involves the following steps:

Methodology for UBO Identification and Verification1.Recognising the AML Compliance Needs:

The first step requires conducting a business-wide or enterprise-wide risk assessment to identify ML/TF risks. This is followed by drafting and implementing adequate and commensurate AML/CFT and CPF policies, procedures, systems, and controls in sync with the regulatory requirements.

Once AML compliance needs are identified then adequate ML/FT and PF risk mitigation measures need to be defined. In this stage, the business should chart out the methodology in which they shall conduct CDD of their customers, which are legal entities, corporate bodies, trusts, or foundations, and the procedure for obtaining and verifying the identification documents of the UBOs of their legal entity or corporate customers.

2.Gathering Data About Legal Entities:

Once the business has identified the manner in which they shall streamline the elements of their CDD process concerning legal entities, the next step requires procuring legal entity records such as articles of incorporation, memorandum of association, organisation chart, list of shareholders, trade license, and any other corporate documents which specify the beneficial ownership structure.

3.Beneficial Ownership Analysis:

Once legal documentation concerning legal entities is collected, these documents need to be read out carefully and examined with the focus on finding the ownership details in terms of all the people or institutions that will finally have 25% or more of share/voting rights or control over decision making or ownership stakes in the organisation.

4.Verification of UBO Information:

The business should, upon identification of the UBOs, thoroughly deploy CDD techniques that prove the real identity of UBOs. This may include vetting them by asking for official identification documents and doing a background check. UBO identification and verification can be carried out through KYC/CDD software solution, where the name screening or sanctions screening aspect is also covered.

 

UBO Records Management

Businesses such as DNFBPs must ensure that they adequately adhere to the record-keeping requirements specified in the AML laws and regulations, which differ according to the supervisory authorities.

1.Document Collection and Retention:

DNFBPs should ideally collect the organisation chart, information about individuals who own 25% or more shares/voting rights, and all the other related corporate documents that should be gathered and filed in connection with the UBO’s identifications and verifications.

DNFBPs can retain documents or charts that give clarity as to the ownership structure of a business and the lines of direct and indirect ownership that link owners of the legal entity with the legal entity. The diagrams make it possible for the concerned people of the AML compliance team to have a clear picture of the ownership structure.

2.Records of UBO Verification and Identification:

DNFBPs should maintain comprehensive files that explain the process of UBO’s identification and verification. Direct and indirect ownership analysis, whether they have the right to vote and their ownership percentage. The AML/CFT and CPF policies and procedures must provide for retention policy and methodology for the UBO records.

3.Change Management Records:

It is also advisable for DNFBPs to monitor and keep records of any alterations made to UBO information, for instance, changes in the organisation structure, ownership, or control. Activities undertaken to request UBO record updates must be retained for compliance purposes.

4.Review and Audit:

The DNFBPs need to retain documents for conducting a review and internal audit of AML compliance measures; these records include the records of the UBO register and database that help with an internal audit to determine the area for improvement and ascertaining if the UBO records management procedure is in line with the regulatory requirements.

Conclusion

The businesses in UAE must implement efficient and effective UBO compliance. Adhering to AML/CFT and CPF regulations involves DNFBPs having to fulfil regulatory requirements, detect and verify UBOs, keep records up to date, perform reporting, go through periodic reviews, and train their personnel dealing with clients and handling UBO information. By following this strategy, DNFBPs can implement sound AML/CFT and CPF compliance, minimise ML/FT and PF risks, and maintain a high level of integrity in their business relations, giving rise to a transparent and credible business in the UAE.

Picture of Pathik Shah
Pathik Shah

Pathik is a Chartered Accountant with over 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise-Wide Risk Assessments to implementing robust AML compliance frameworks. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Pathik's expertise extends to guiding businesses in navigating complex regulatory landscapes, ensuring adherence to FATF and other international standards, and mitigating financial crime risks. He is a recognised thought leader in AML/CFT, frequently sharing insights on emerging compliance challenges on various platforms.

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Join our Waitlist