How to Prevent Money Laundering

By Alia Noor, FCMA, CIMA, MBA, Oxford fintech programme, GCC VAT Comp Dip,COSO Framework.
Associate Partner Ahmad Alagbari Chartered Accountants, UAE 
Founder xpertsleague


The UAE had implemented Anti Money Laundering/Countering the Financing of Terrorism measures as per the Financial Action Task Force (FATF) standards and is taking correct and strict measures that all businesses comply with the local as well as international guidelines for operating genuine businesses.Please read my article on UAE crackdown for AML non compliance click here

In September 2018, UAE introduced Federal Decree-law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism, and related Regulations were issued under the Cabinet Decision No. 10 of 2019 in February 2019.


In order to stay in the game, businesses in the Emirates need to be compliant with laws to avoid hefty fines, maintaining stakeholders’ trust in their companies and prevent any reputational damages.

5 Pillars of a Successful Anti-Money Laundering Program

An anti-money laundering compliance program is designed to adhere to AML policies and regulations, expose and react to money laundering, terrorist financing, and fraud-related risks.Businesses have to follow a set of requirements to do so.

There are five pillars of anti-money laundering that help an organization to reach AML compliance. They are:

1- Designate a AML Compliance Officer  (Please read my article on MLRO click here)

2- Create written Internal Policies, Procedures and Controls

3- Ensure continous AML program Training for Employees

4- Provide a Independent Review by third party

5- Do Customer Due Diligence (CDD)


In this article we will discuss the fifth pillar Customer Due Diligence (CDD) .

In line with Anti-Money Laundering (AML) regulations Financial institutions and DNFBPs are required to perform Customer Due Diligence (CDD) to prevent money laundering and other financial crimes. CDD requirements demand that organizations identify and report suspicious activity to the relevant authorities.It is a mandatory process which can result in significant fines for non-compliance.


What is Customer Due Diligence (CDD)


Customer Due Diligence (CDD) is Process of identifying or verifying the information of a Customer or *Beneficial Owner, whether a natural or legal person or a legal arrangement, and the nature of its activity and the purpose of the business relationship and the ownership structure and control.


The FATF and The UAE cabinet decision defines a beneficial owner as;

*Beneficial owner the natural person who ultimately owns or exercises effective control, directly or indirectly, over a Customer or the natural person on whose behalf a Transaction is being conducted . It includes the natural person who exercises effective ultimate control over a legal person or Legal Arrangement.”

Four Core Elements to Customer Due Diligence (CDD)

There are four core elements of a customer due diligence program.

  1. Customer identification and verification.
  2. Beneficial ownership identification and verification.
  3. Understanding the nature & purpose of customer relationships to develop a customer risk profile.
  4. Ongoing monitoring for reporting suspicious transactions and, on a risk basis, maintaining and updating customer information.


Financial Institutions and DNFBPs should, as the case may be, undertake CDD measures in the following cases , As per Section 3 ,Customer Due Diligence (CDD), Article (6)

  • Establishing the business relationship;
  • Carrying out occasional transactions in favour of a Customer for amounts equal to or exceeding AED 55,000, whether the transaction is carried out in a single transaction or in several transactions that appear to be linked;
  • Carrying out occasional transactions in the form of Wire Transfers for amounts equal to or exceeding AED 3,500.
  • Where there is a suspicion of the Crime.
  • Where there are doubts about the veracity or adequacy of previously obtained Customer’s identification data.


Simplified Due Diligence (SDD)


The Regulations  allows you to carry out simplified due diligence (SDD) where you’re satisfied that the business relationship or transaction presents a low risk of money laundering or terrorist financing.


The measures to apply in case of simplified CDD includes following;

(a) Verifying the identity of the Customer and Beneficial Owner after establishing the business relationship.
(b) Updating the Customer’s data based on less frequent intervals.
(c) Reducing the rate of ongoing monitoring and transaction checks.
(d) Concluding the purpose and nature of the business relationship based on the type of transactions or the business relationship that has been established, without the need to gather information or performing specific procedure.


Enhanced Due Diligence (EDD)


Enhanced Due Diligence (EDD) must be applied when the risk of money laundering is high.

The Regulation sets out a list of circumstances in which enhanced due diligence (EDD) measures must be applied. It includes any transaction or business relationship involving:

  • A person established in a high-risk third country
  • A politically exposed person (PEP) or a family member or known associate of a PEP
  • Any other situation that presents a higher risk of money laundering or terrorist financing


Enhanced CDD requires following  measures to be applied to manage high risks once identified.

  1. Additional information of Customer and Beneficial Owner identity .
  2. Additional information  purpose of the business relationship or reasons of the transaction.
  3. Updating the CDD information of the Customer and Beneficial Owner more systematically.
  4. Identify the source of the funds of the Customer and Beneficial Owner.
  5. Additional ongoing monitoring procedures to identify  unusual or suspicious transactions.
    Obtaining approval of senior management to commence the business relationship.


Exceptions to Client Identification Requirements


Public companies are subject to regulatory disclosure requirements, therefore it isn’t necessary to seek to identify and verify the identity of any shareholder.

Financial Institutions and DNFBPs shall be exempted from identifying and verifying the identity of any shareholder, partner, or the Beneficial Owner, if such information is obtainable from reliable sources where the Customer or the owner holding the controlling interest are as follow as per Article (10).

1. A company listed on a regulated stock exchange subject to disclosure requirements through any means that require adequate transparency requirements for the Beneficial Owner.
2. A subsidiary whose majority shares or stocks are held by the shareholders of a holding company.


Be Aware of Hidden Beneficial Owners

A customer who wishes to launder money may use one of a number of structures to obscure or disguise the beneficial ownership of assets. Here are some of the methods that could be used:

  • Shell company – a company without any activity or that has no significant assets or operations
  • Front company – using a legitimate business to hide criminal activity and create legitimate funds
  • Double invoicing – sending funds from an offshore company that is actually repatriating already smuggled cash
  • Trusts – assets are placed into a trust for a beneficiary which can be paid without requiring a justification for a source of wealth
  • Bearer bonds, securities and cheques – where ownership is by physical possession, and can be cashed at any time
  • Charities and non-profits – cash intensive organisations that can take deposits without arousing great suspicion under the guise of using funds for a legitimate purpose



  • Performing customer due diligence is a skill that every compliance officer should have. A typical investigation of a potentially suspicious transaction should start with the CDD. 
  • Identification of Ultimate Beneficial Owner (UBO) is the Key preventive measure of the Customer Due Diligence (CDD) Rule.
  • Each business needs to specially tailor its own CDD process


Compliance Risks: What You Don’t Contain Can Hurt You