Anti-Money Laundering (AML) Audits in UAE

The Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations (the “AML-CFT Decision”) under Decree-Law No. (20) of 2018 specifies particular AML/CFT obligations. Moreover, UAE federal laws impose obligations on auditors concerning the nature and content of their duties regarding the auditing of accounts and the reporting of crimes detected while carrying out those duties. 

The AML-CFT Law and the AML-CFT Decision require both Financial Institutions and Designated Non-Financial Businesses and Professions (DNFBPs) to fulfill certain obligations, which include the basis of an effective risk-based AML/CFT program. These include:

  • Identifying and assessing money laundering/ financing of terrorism (ML/FT) risks
  • Establishing, documenting, and updating policies & procedures to mitigate the identified ML/FT risks
  • Maintaining adequate risk-based customer due diligence (CDD) and ongoing monitoring procedures
  • Identifying and reporting suspicious transactions 
  • Establishing a sufficient AML/CFT governance framework, which includes hiring an AML/CFT Compliance Officer and making sure that employees are appropriately screened and trained

Risk Identification and Assessment for Auditors

Auditors have a distinctive role as they address the legal requirements for identifying and assessing risks and the specific factors to consider from two different perspectives. The first perspective concerns the identification and assessment of their own ML/FT risks. The second perspective concerns the auditor’s responsibilities concerning the client’s ML/FT risk identification and assessment obligations. The second responsibility will often depend on the specific role of the auditor in the business relationship with the client. 

Auditor’s ML/FT Risk Identification and Assessment

Auditors perform various tasks or activities related to their activities. They perform

  • Financial audits 
  • Operational audits
  • Compliance audits

Client’s ML/FT Risk Identification and Assessment 

When conducting audit functions related to the evaluation of a client’s internal controls and/or AML/CFT program,  auditors have to take into account the following:

  • Appropriate risk factor considerations 
  • Implementing a risk-based approach effectively.
  • Formulation, documentation, and consistent use of proper risk assessment methodology
  • Involvement of AML/CFT compliance officer, senior management, risk managers, or other resource persons as appropriate to the nature and size of the client’s business
  • Procedure for periodically reviewing and updating both the risk assessment and its methodology.

Note: Auditors in UAE should document their methods (along with the justification for their use) and apply them consistently to all related business activities. This applies to both themselves when it comes to risk identification and assessment and their clients when it comes to auditing their internal controls and/or AML/CFT programs.

Auditing AML/CFT Internal Controls, Policies and Procedures, and Governance

When conducting an audit, auditors in the UAE should focus primarily on carefully examining the client’s AML/CFT internal controls, policies and procedures, and governance structures. In this regard, auditors should consider these:

  • Involvement of appropriate resources in the formulation, approval, and implementation of relevant internal controls, policies, and procedures related to AML/CFT
  • Ensuring that the organization’s stated risk appetite aligns consistently with relevant policies and procedures.
  • The pertinent internal controls, policies and procedures, and governance structures must comply with the AML-CFT Law, Decision, and related rules and regulations.
  • Implementing a risk-based strategy represented in internal controls, rules, and procedures, as well as in the suitability and proportionality of ML/FT mitigation measures with the inherent risks that have been recognized, following the organization’s size and type.
  • Maintaining records, applying regular reviews and changes, and documenting pertinent internal controls, policies, and procedures.

Who needs to do AML Compliance Services in UAE?

AML regulations apply to several businesses in the United Arab Emirates, including banks, exchange houses, money service providers, insurance companies, and real estate brokers. These companies must implement AML policies and procedures, perform due diligence on customers, and alert law enforcement to suspicious activity. 

ADEPTS AML Compliance Services in UAE

At ADEPTS, to combat the financing of terrorism (CFT) and anti-money laundering (AML), we offer the following services: 

  • AML Compliance Policy & Procedures
  • Risk Assessment & Risk Profiling
  • AML/CFT/KYC Health Check
  • Documentation & Transactions
  • Compliance Assistance
  • AML Audit & Reporting
  • Anti-Corruption & Financial Fraudulence