The Dealers in Precious Metals and Stones (DPMS) in UAE must leverage specialised Know Your Customer (KYC) software to optimise their compliance operations and implement KYC methodology that includes customer identity data collection, verification, continuous monitoring, and reporting.
KYC Requirements for DPMS in the UAE
Conducting KYC accurately is the first step towards ensuring comprehensive AML/CFT compliance, which enables DPMS to achieve operational efficiency and protection against financial crimes.
In order to understand Know Your Customer (KYC) better, it’s important to understand the Customer Due Diligence (CDD) requirements as per UAE AML/CFT laws and regulations. CDD comprises several elements that are broadly classifiable into three categories: KYC, Risk Assessment, and Ongoing Monitoring.
KYC is a fundamental element of the CDD process, wherein DPMS are required to obtain and verify the identity of the customer, natural person or a legal entity using valid, independent and reliable documents prior to establishing a business relationship. This is called the Customer Identification Program (CIP) under UAE AML-CFT framework, based on which Customer Risk Assessment (CRA) measures are applied. Depending on the assessed risk level, adequate due diligence measures are applied. The stringency of due diligence measures applied dictates the periodicity at which KYC refresh or Re-CDD is to be conducted.
KYC compliance requirements for Dealers in Precious Metals and Stones in UAE requires identifying and verifying prospective customers before initiating any business relationship. This forms the basis for conducting further Customer Risk Assessment, which determines the customer’s risk category and the level of due diligence required. These KYC obligations for DPMS in UAE are briefly discussed as follows:
The first step DPMS must take in ensuring KYC compliance is to collect customer identification details such as:
Overall, DPMS must exercise caution while conducting KYC of natural persons and legal entities, as elements of KYC and KYB (Know Your Business) at the outset appear similar, but involve subtle yet important differences as discussed below:
A detailed understanding of KYB for DPMS in UAE includes core elements such as
As elaborated below:
For more information about Know Your Business requirements, refer to:
Additionally, DPMS must identify and verify the ultimate beneficial owners (UBOs) of a legal entity or a legal arrangement customer. The infographic here depicts the criteria for UBO identification in UAE.
The second step involves verifying the authenticity, validity, and veracity of all the information that has been collected in the identification step. Documents that help DPMS in verifying customer information are passports, Emirates ID, national ID cards, driving licenses, or any other government-issued documents, utility bills, property purchase or lease agreement and bank account details for verifying address for the purpose of AML due diligence. All the information obtained from the customer can be confirmed with the help of a government agency’s website or any reputable independent institution. Copies of these documents must be collected and maintained by DPMS to adhere to the record-keeping requirements under UAE AML/CFT compliance obligations.
Additionally, DPMS must stay cognisant of how criminals can misuse shell companies to further their illicit motives. DPMS must possess a foundational understanding of how shell companies operate and should be able to distinguish between legitimate and illegal shell companies.
CRA involves determining the risk level of existing & potential customers and assessing the ML, FT, and PF risks posed by each customer to the DPMS on the basis of the following factors:
Once the CDD process is complete and necessary decisions surrounding the risks identified have been made, ongoing monitoring of the customer’s risk profile is critical, as the customer information and risk scenarios are dynamic and may change or be updated with time, rendering the information collected and verified initially redundant. To mitigate this, DPMS must continuously monitor business relationships to track changes in customer details or behaviour and resultant impact on the risk rating assigned and due diligence measures deployed.
The final stage of the entire CDD process is to maintain the CDD-related records in accordance with the record-keeping requirements as prescribed under the UAE’s AML/CFT regulation. DPMS are required to maintain records of the methodology used, measures taken, database built and relied on for the purpose of KYC, maintaining KYC register, etc., for a duration of 5 years in the UAE mainland. DPMS must be mindful of the duration of record-keeping requirements in other free zones and financial free zones such as DIFC or ADGM to ensure systematic record-keeping and facilitate adherence to DPMS reporting obligations.
Learn more about AML/CFT Record-Keeping obligations in UAE by referring to:
Risks Hides in the Quiet Corner
Where Diligence is Absent, Danger Finds Room to Grow
An effective KYC process and software significantly enhance the quality and accuracy of CDD measures. When customer data is accurately collected and verified during customer onboarding, it ensures sanctions compliance and screening results are precise, reliable and error-free. This reduces the likelihood of false positives during sanctions screening, which improves overall AML/CFT regulatory compliance.
Effective KYC enables the identification of suspicious behavior, allowing DPMS to promptly file Suspicious Activity Reports (SARs) through the goAML portal within the prescribed timeframe. For deeper insight, Refer to Suspicious Activity Reporting (SAR) for DNFBPs and VASPs, An Ultimate Guide to Investigating Suspicious Transactions, and Transforming Suspicious Transaction Reporting with AI to understand regulatory reporting requirements in UAE.
An efficient KYC conducted by a KYC Analyst, facilitates the commencement of screening customers against relevant lists by Screening Analyst, CRA by Risk Analyst, and continuous monitoring the customers by Transaction Monitoring Analyst, as the situation demands. A structured distribution of tasks within the compliance team allows for efficient workflow.
A user-friendly KYC process and easy-to-understand customer onboarding procedure streamline and improve customer experience, especially when it is supported by efficient eKYC software with an integrated Self-KYC functionality, which further enhances the overall customer journey. For implementation strategies, refer to Enhancing Customer Experience and Ensuring KYC Compliance for detailed insights.
The Backbone of Every Operation
Effective KYC Channels the Flow of Data, Decisions, and Trust
KYC process, be it manual or automated, poses multiple challenges for DPMS in the UAE.
These challenges can be segregated into three categories: challenges faced during manual KYC, challenges faced when using a hybrid or automated KYC tool, and some of the common pain points faced.
1. Operational pain points faced while relying on the manual KYC process, also known as the traditional KYC process, are discussed as follows:
The traditional KYC process requires DPMS’ KYC Analyst, or any other employee entrusted with KYC responsibilities, to manually enter customer details into the KYC forms and fill out KYC questionnaires by obtaining physical copies of customer information and government-issued identification documents. These documents need to be verified by comparing them with original government-issued identification documents and verifying the authenticity, validity, and veracity of these documents through publicly accessible government-published databases. This manual process of conducting KYC leads to the following pain points:
Traditional KYC processes are inherently time-consuming as every detail collected from the customer must be entered into the KYC forms and client questionnaires manually, which consumes substantial man-hours and places substantial strain on the compliance teams, thereby impacting overall operational productivity and diminishing customer experience due to delayed customer onboarding.
Given the diversity in the geography of clients and high-value transactions involved with the clients of a DPMS, DPMS firms are particularly vulnerable to emerging money laundering and terrorist financing typologies. Thus, the identity and document verification element of KYC is susceptible to the risk of identity theft, spoofing, or impersonation.
The need for manual intervention, largely owing to manual verification efforts, particularly when conducting KYC, increases the likelihood of human error. Examples of such human errors include:
Also, when manual human-driven processes are supported by adequate controls, checks or audit trails, the risk of becoming an unintentional accomplice to fraud increases drastically.
2. Operational Pain Points faced by DPMS when relying on hybrid, legacy, as well as KYC Automation tools
Use of legacy KYC tools or a partially automated KYC process may give a sense of security, but a DPMS must recognise that merely deploying KYC software does not guarantee data accuracy or adequacy in regulatory compliance. Some of the operational challenges faced by DPMS while relying on KYC software are discussed below:
With the increased uptake of new KYC software in the UAE, the element of customisability to meet the unique needs of DPMS is lacking due to KYC software developers’ lack of understanding of the nuances involved in the Precious Metals and Stones Sectors’ customer base and regulatory obligations. The KYC software should be customisable to meet the needs of any DPMS based on available and projected workforce capabilities, as it enables the DPMS to determine, control, and configure the number of users, access, permissions, workflows, and escalations apart from the presets and defaults built into the software. The lack of customisability of KYC software leads to reverse engineering of the compliance team’s core competencies to meet the technological needs of the KYC software deployed, which is detrimental to the efficient implementation of KYC software.
Read MoreThe rising threats that deepfakes pose during online identity verification highlight critical vulnerabilities in the KYC compliance process. With the increase in innovative technological solutions and rising dependence on the use of AI, the risk of Cyber-Enabled Fraud impacts the KYC software and eKYC tools.
Deliberate abuse of deepfakes and generative AI to impersonate and circumvent the biometric verification step underscores the need to support the responsible use of new technologies. An example of deepfakes to bypass the liveness check to commit account takeover fraud is a potential consequence of relying on technology without adequate security infrastructure.
Professional Money Laundering (PML) enablers or PML Organisations or Networks (PMLO/PMLN), and CEF syndicates heavily rely on emerging technology to recruit money mules and use innovative social engineering techniques to commit CEF to launder illicit proceeds through various techniques, including but not limited to:
. Online trading fraud
. Employment fraud
. Online romance fraud
. Business Email Compromise (BEC) fraud
A KYC software with permeable or weak cybersecurity protocols and firewalls is prone to exposing DPMS customers to the risk of being unwitting/unwilling participants in CEF or PMLN schemes.
DPMS's reluctance to invest in the KYC software stems from the difficulty in integrating it with the legacy systems and/or the regulated entity’s technical capacity to use the tool appropriately and effectively. The risk of the KYC tool becoming outdated would lead to DPMS having to additionally invest in newer solutions in order to meet the regulatory expectations and avoid AML/CFT compliance failures. These KYC tools are not compatible with the other software or tools, such as Name Screening Software, Case Management Software or any other software that a DPMS may be using already. This lack of integration capability is a critical pain point for DPMS due to inefficiency in assigning tasks promptly which are of high priority, workflow overlapping, and a lack of skills to navigate multiple tools for different CDD requirements, significantly impacting workforce productivity and operational efficiency.
Read MoreWhile the use of new technologies to comply with the CDD obligations under the AML/CFT regulatory framework of the UAE for DPMS could enhance customer experience, the risks and unintended consequences of digitalisation must be considered before adopting and implementing these tools. In the era of digitalisation, where customer data is the product and key source of both information and revenue, criminals can gain illegal access to databases or servers where the customer data is stored if the KYC software is built without having secure infrastructure in place. The risk of data being stolen, sold to third-party vendors, or used to coerce DPMS into aiding criminals to further their financial or personal motives increases. Potential privacy violations, data breaches if the data security framework is not adequate, may lead to AML/CFT regulations violations as prescribed in the UAE, thus necessitating the need to implement a KYC software that not only automates but also alleviates DPMS’s concerns related to data security and data privacy.
Read More
After onboarding a customer, the ongoing monitoring must be done for all existing business relationships for which the KYC documentation must be periodically reviewed and updated based on risk scores assigned. It can expose DPMS to potential financial crime risks if KYC refresh measures are neglected and lead to regulatory non-compliance.
Evolving AML/CFT compliance framework needs DPMS to stay afoot with the regulatory changes and updates in CDD obligations. This could become a pain point for Dealers in Precious Metals and Stones if outdated methodology is followed to conduct KYC causing non-compliance and inadequate KYC measures.
Ongoing monitoring becomes challenging for DPMS when there is a lack of clarity about whether the customer is occasional or continuous in nature, which leads to improper implementation of continuous monitoring measures.
Traditional KYC processes, either manual, hybrid or through KYC software is cost-intensive, which means DPMS must allocate a portion of their earning in meeting the compliance obligations which for DPMS small size firms are limited and could lead to compliance failures if DPMS does not perform cost-benefit analysis of the KYC DPMS it intends to use.
The nature of activities that DPMS are associated with usually requires them to engage in cross-border and high-value transactions. Some of them have multi-jurisdictional presence. DPMS has to ensure compliance with the UAE’s AML/CFT law and compliance with the regulatory requirements of the country in which they are operating.
Your KYC Tool Doesn’t Need a Tool Belt
When Your So-Called Automation Needs Constant Babysitting, Is It Really Automation
Operational pain points consequently have a significant impact on the DPMS’s ability to ensure compliance with AML requirements. Awareness of the immediate impact points for DPMS is essential to ensure robust KYC compliance. Some of the key impact points are discussed below for the benefit of DPMS.
Manual or legacy models for fulfilling KYC obligations slow the customer onboarding process due to manual human intervention, impacting overall customer experience. The productivity of the AML compliance team is diminished due to the repetitive nature of filling out KYC forms and questionnaires while maintaining KYC registers for the DPMS.
Outdated policies and repeated negligence to poorly customised KYC forms and questionnaires, when KYC Analysts end up spending time to fill out materially irrelevant information increases compliance costs due to escalated operational costs, compliance gaps and diminished customer experience. Learn more about AML Non-Compliance: An Unaffordable Cost.
The direct consequence of tick-box approach are severe consequences of non-compliance, fines, imprisonment or even business licence revocation. The imposition of regulatory fines and penalties for non-compliance with the AML/CFT regulations in the UAE goes beyond direct financial burden, and also carry significant intangible costs such as reputational damage, loss of trust and business disruption which can impact DPMS firms’ long-term viability.
The tick-box approach mentality towards KYC compliance, when the KYC Analysts and Screening Analysts are rushed into meeting deadlines, results in errors and causes DPMS to miss out on accurately implementing a risk-based CDD, where every detail about the customer has to undergo a ‘four-eye review’ and carefully, CRA needs to be carried out. This leads to substantial strain on compliance teams and resources, resulting in flawed CDD.
DPMS are, in general, prone to high ML/TF and PF risks due to the inherent vulnerabilities of the nature of business activities DPMS are involved with, which further aggravates when AML/CFT and CPF control measures deployed are inefficient. The DPMS are unable to alleviate the pain points such as multi-jurisdictional compliance, ongoing monitoring difficulties due to the diversity in the nature of customers, data privacy, and cybersecurity threats. Due to a lack of, or poor implementation of control measures such as Enhanced Due Diligence, Transaction Monitoring, etc., DPMS are more at high risk of ML/TF & PF as well.
Refer:
Your First Risk Isn’t the Client, It’s Your Process
Delayed Onboarding. Poor Risk Grading. Soaring Costs.
RapidAML comes with a comprehensive platform designed to simplify the specific needs of a DPMS and presents itself with a unique AML compliance software to help manage DPMS KYC obligations effectively. This simplification of the KYC process takes place in 8 steps, as elaborated.
RapidAML leverages AI algorithms and machine learning to extract insights from customer data and for systematic analysis and maintenance of customer information. It makes use of latest technological advancements in the field of digital ID assurance and CDD data reliability and independence.
RapidAML enables KYC Analysts of DPMS to make use of its IDV features, which can be accessed by every customer, whether an individual or a linked entity’s profile. Through the centralised dashboard observations and findings about each customer’s details could be entered and easy verification of the documents uploaded.
RapidAML makes use of document authentication and verification systems and provides an option to integrate the customer onboarding process with UAE PASS to verify customers’ identities which helps in enhancing the customer onboarding experience for the specific client base.
RapidAML, to mitigate cyber-enabled fraud (CEF) risks, facilitates 2-factor authentication (2FA) for accessing and validating customer profiles. It emphasises on secure storage of customer information and the 2FA component makes it difficult for fraudsters and financial criminals to misuse customer information stored on RapidAML.
RapidAML helps optimise the customer onboarding process while ensuring that compliance requirements are taken care of. RapidAML KYC Software facilitates the KYC declaration by obtaining customers’ OTP-based confirmation.
The major USP of RapidAML KYC software is customizable KYC questionnaires tailored to fit the specific business needs of DPMS and risk profiles. RapidAML has a built-in variety of KYC templates from which a DPMS can choose and customise to unique DPMS vulnerabilities.
RapidAML KYC software can integrate with third-party solutions to capture information from the pre-filled KYC forms, reducing the duplication of effort and saving time and costs. Making use of pre-filled or auto-fetched key identifier details helps with saving time.
RapidAML KYC software provides DPMS with multiple channels to onboard customers, such as obtaining customer information through the Self-KYC functionality, which can be accessed by customers online through the use of a cell phone.
Learn more about KYC Automation Strategies in UAE
Refer to: Why is eKYC a Game-Changer?
Complicated KYC? Not With RapidAML
No Delays, No Manual Chase-Ups, Just Seamless DPMS Compliance
RapidAML KYC software is unlike any other KYC software as it is built to incorporate UAE’s AML/CFT and TFS obligations imposed upon DPMS, which mitigates the pain points and resultant challenges that DPMS face. The distinguishing features of RapidAML KYC software are expanded below to assist DPMS in UAE to understand how opting for RapidAML is the answer to all their KYC problems.
Distinguishing Features that RapidAML KYC Software Offers for DPMS in UAE
RapidAML comes with the functionality to add as many users as required by the DPMS firm which facilitates operating in a multi-organisational environment when performing KYC or Self-KYC, ultimately making AML compliance scalable. When a DPMS expands into new geographies, scalable software helps Dealers in Precious Metals and Stones focus on business expansion, while RapidAML aids DPMS by taking care of KYC obligations prescribed under the UAE AML/CFT regulations.
RapidAML is developed using state-of-the-art technology and simplifies the task of KYC Analysts and compliance officers, boosting the compliance team’s performance by providing relevant information in no time.
RapidAML’s integration capability with existing systems makes implementation and deployment process smoother and takes least amount of time. RapidAML’s integration capability and built-in templates help reduce overlapping of task thus reducing manual intervention needs.
RapidAML KYC software’s team is not only equipped to resolve KYC software-related issues faced while using the RapidAML KYC software, but also provides valuable insights regarding establishing a watertight KYC/KYB process for DPMS that also addresses components such as:
1. Training and Awareness
2. KYC/KYB Software Implementation
3. KYC/KYB Questionnaire
4. KYC/KYB Policies and Procedures
5. AML/CFT/CPF Program
RapidAML KYC software helps DPMS balance KYC compliance with enhanced customer experience through proven strategies such as:
1. Ensuring Data Privacy and Security
2. Using Self KYC Functionality
3. Conducting Adequate Reviews and Audits
4. Ensuring Timely Communication
5. Providing Adequate KYC Support and Guidance
6. Adopting a Risk-Based Approach
Learn more about Enhancing Customer Experience and Ensuring KYC Compliance.
RapidAML’s KANBAN board helps users within DPMS firm, especially KYC Analysts and AML Compliance Officers to easily navigate through contacts created and track case files, upcoming KYC document expiries, and check onboarding status of their prospective and existing customers on a single screen, eliminating the need to navigate through unending lists in the Contact Register as well as KYC Register. This helps in a 360-degree analysis of a customer’s profile.
RapidAML KYC software comes with the functionality to tailor KYC templates and makes the tasks accessible role-wise to complete KYC checks such as document collection, verification and self-KYC verification. It facilitates selecting among different KYC questionnaires for a wide range of services opted for.
RapidAML helps DPMS to access and download screening registers concerning individuals and corporates, batch screening registers for both individuals and corporates, combining screening registers, and sanctioned prospect reports to help the easy escalation of cases to the AML Compliance Officer. These reports are easily available through RapidAML, which helps the AML CO to analyse relevant cases and decide whether regulatory reporting is required or not.
RapidAML KYC software is designed to facilitate remote customer onboarding through its Self-KYC functionality, obtaining consent and an electronic signature necessary to meet compliance requirements.
Refer to our blog for more information on Remote Customer Onboarding and ML/TF Risk Mitigation.
RapidAML KYC software facilitates document verification and authentication by relying on government-approved databases.
RapidAML enhances DPMS ability to establish a robust audit trail by enabling download of comprehensive reports and registers in few seconds. These documents that generated on RapidAML portal are essential as they provide real-time documentary evidence, which are indispensable for internal and independent AML audits. Further, RapidAML KYC software logs each and every action performed by the user to ensure that it knows who did what and when.
RapidAML KYC software simply requires DPMS to have an internet connection and access to a laptop/computer to start using RapidAML KYC software, as it is cloud-based software that can be used by logging into the user account from anywhere. RapidAML is a cloud-based software, making its use as easy as logging into a social media account from the user’s personal computer and it does not require much from DPMS in terms of infrastructural or logistical prerequisites.
RapidAML KYC software is built on a strong bedrock of information privacy and cybersecurity best practices. RapidAML comes with data privacy and data security requirements built in through design at the development stage, robust compliance with these requirements is now just a natural outcome in the normal course of use.
RapidAML KYC software helps DPMS in the UAE to implement RBA through its KYC automation software, as it helps with risk-centric configuration of re-KYC through the risk-scoring assigned, configuring re-KYC triggers, and generating timely notifications for KYC document expiry and re-KYC.
RapidAML KYC software enables DPMS to conduct ongoing monitoring of business relationships. It identifies any material changes in customer information and upcoming KYC document expiries, which trigger alerts and notifications to DPMS users, and the customer concerned so that necessary steps can be initiated.
For a DPMS, the path of successfully implementing KYC software lies in adherence to the timeless best practices of having clear strategies, remedial measures, and commitment to ensure risk-based AML/CFT compliance. The best practices for achieving KYC software implementation success are as follows:
A DPMS in UAE intending to implement KYC software must have clarity of its own KYC obligations unique to itself, based on its ML, FT, and PF risk factors, which involves documenting requirements specific to PMS sector, understanding the nature of transactions, and identifying the potential customers and geographical risks. The KYC software must be chosen and configured according to the latest EWRA of the DPMS while ensuring alignment with its growth vision.
DPMS must carefully evaluate technical capabilities that need to be met when switching from manual or legacy KYC systems to RapidAML KYC software, which includes assessing the software’s scalability, performance in terms of speed and responsiveness, reliability and ease of integration with legacy systems. Meticulous data migration helps ensure the accuracy of existing customer and transaction records within the new system.
DPMS should select KYC software that helps them embed, replicate, and improve existing CDD/KYC workflows within the KYC software so that escalations and alerts are fine-tuned and configured accordingly. DPMS must test KYC software to check for loose ends within the workflow, and technical bugs and glitches, and ensure fine-tuning or re-tuning the KYC software to iron out any difficulties identified during the testing phase.
DPMS must balance the cost of compliance with the cost of non-compliance and must strive to convert its cost centre into a strategic advantage. DPMS must do a cost-benefit analysis to allocate resources for KYC software that identifies and verifies the authenticity of its customers' information, which eliminates the presence of fraudulent elements, eases sanctions screening, risk assessments and ensures timely regulatory reporting.
Role-based workflows ensure that compliance tasks are assigned and efficiently managed with clear escalation procedures set out that are mapped along the lines of their employees’ capabilities and their organisation’s structure. This can be executed by defining the users and configuring their roles in the KYC software to be implemented. This mapping activity is responsible for the success or failure of KYC software implementation.
DPMS must look into defining a methodology for UBO identification and verification through KYC software by defining requirements for gathering details about legal entities, their beneficial ownership analysis, and verification of the UBO information. This helps in risk-centred implementation of CDD measures. DPMS must develop a methodology to ensure that it links UBOs with legal entities concerned to derive a holistic CRA of business entities.
DPMS must ensure that they do not miss out on customising the features, functionalities, and escalation pathways of the KYC software and optimally utilising it. Configuring notifications, workflows, escalation pathways, and timelines are necessary actionable points for DPMS, making use of KYC software. When such actions are combined with good KYC software, they can help the DPMS achieve excellence in KYC compliance.
The successful adoption of a KYC Software is a testament to human and technology synergy, as advanced software will be only as effective as the employees trained to use it, and not if the internal control processes are not aligned with the software’s key capabilities. DPMS, in order to derive the most out of KYC software, should integrate the KYC software with other existing AML compliance software that the DPMS uses, to avoid task and effort overlaps, bringing down operational costs.
Continuous assessment of post-implementation outcomes is necessary to identify and analyse the causes of success or failure of the KYC software. This helps identify issues and devise corrective measures to remediate them. Instances of no alerts generated for document expiries or re-KYC should be looked into, as these types of issues defeat the purpose of having KYC software. It also helps identify the post-implementation scalability of the KYC software in a practical sense.
Fine-tuning or re-tuning the controls and configurations of KYC software and editing mandatory fields or questionnaires helps keep the KYC software relevant according to the regulatory changes, business expansion, FATF grey lists or blacklists updates. The documentation and implementation of such changes must trigger and be reflected within the latest editions of the AML/CFT Polices, Procedures, and Controls of a DPMS.
From Confusion to Clarity: Implement KYC Excellence
A Compliance Roadmap Tailored for DPMS Businesses in the UAE
RapidAML provides a unified compliance ecosystem which automates and streamlines the entire compliance lifecycle for DPMS by integrating all critical AML functions on a single platform with comprehensive coverage and precision. RapidAML simplifies KYC and KYB compliance for DPMS in the UAE by developing a thoroughly brainstormed KYC software implementation strategy. RapidAML’s software and consulting services go hand-in-hand, helping DPMS in the UAE navigate the complexities of AML/CFT and TFS compliance requirements, particularly concerning KYC obligations.
