Digital ID for Customer Due Diligence: New AML Requirement in the UAE

The Licensed Financial Institutions (LFI) are required to comply with the new guidance issued by the Central Bank of the UAE (CBUAE) on anti-money laundering and combatting the financing of terrorism (AML-CFT). The guidance takes effect immediately and discusses the use of digital IDs for customer due diligence (CDD). AML consultants in Dubai can offer you more insights into the use of digital IDs for CDD.

The use of digital ID systems in CDD enables remote customer identification and verification supports remote financial transactions and facilitates non-face-to-face business relationships and transactions. Read ahead to know further about the new guidance on the use of digital IDs for CDD in the UAE:

Applicability of the New AML-CFT Requirement in the UAE

The new guidance from the CBUAE applies to all the natural and legal persons that are licensed and /or supervised by the CBUAE. The following entities come within the scope of the new guidance:

  • National banks, branches of foreign banks
  • Exchange houses, finance companies, issuers
  • Providers of stored value facilities
  • Licensed retail payment service providers
  • Card schemes
  • Registered hawala providers and other LFIs
  • Insurance companies, agencies and brokers

Definition of Digital ID Systems in the New Guidance

As per the new CBUAE guidance, digital ID systems use electronic means to assert and prove a person’s identity online and/or in in-person environments, including through the use of

  • Electronic databases, including distributed databases and/or ledgers, to obtain, confirm, store, and/or manage identity evidence
  • Digital credentials to authenticate identity for accessing mobile, online, and offline applications Biometrics to help identify and/or authenticate individuals
  • Digital application program interfaces (“APIs”), platforms, and protocols that facilitate online identification and the verification and authentication of identity

Requirements for National-Level Digital ID Systems

As per the new guidance, the LFIs must understand and utilize national-level identification systems and processes currently in place or under development in the UAE, such as the UAE Pass, Emirates ID and Emirates Facial Recognition. While verifying an Emirates ID card, LFIs are required to use the online validation gateway of the Federal Authority for Identity and Citizenship and keep a copy of the Emirates ID and its digital verification in their records. Consult with AML advisors in Dubai for further information.

Key Component of the Digital ID Systems

Digital ID systems involve two basic components and an optional third component. They are:

1. Identity Proofing and Enrolment

This component answers the question: “Who are you?” It involves the collection, validation and verification of the identity evidence and information about a person. This component also involves the establishment of the identity account and binding the individual’s unique identity to authenticators possessed and controlled by this person.

2. Authentication and Identity Lifecycle Management

This component of the Digital ID system answers the question: “Are you the person who has been identified and verified?” This component establishes that the person asserting the identity is the same person whose identity has been proofed and enrolled.

3. Portability and Interoperability Mechanisms

This enables the proof of identity to be portable so that an individual’s digital ID credentials can be used to prove identity for new customer relationships at unrelated private-sector or governmental entities, without their having to obtain and verify personal data and conduct customer identification and verification each time. However, this is an optional component of any digital ID system.

Use of Digital ID Systems for Customer Due Diligence

The new CBUAE guidance for the LFIS describes how to use digital ID systems for CDD in the UAE. Putting the guidance into practice would be easier if you consult with the best AML consultants in Dubai. Below are the key instructions for LFIs to use the Digital ID systems for CDD:

Customer Identification and Verification

Article 8 of the AML-CFT Decision requires the LFIs to identify each customer and verify their identity using documents, data, or any other identifying information from a reliable and independent source. In the digital ID context, reliable and independent means that the digital ID system used to conduct CDD relies upon technology, adequate governance, processes, and procedures that provide an appropriate level of confidence that the system produces accurate results. Provisions under the Article 8 are technology neutral and permit LFIs to use documentary as well as non-documentary sources (i.e., information or data) when performing identification and verification.

Ongoing Due Diligence on the Business Relationship

As per Article 7 of the AML-CFT Decision, LFIs must subject all customers to ongoing monitoring throughout the business relationship. Carrying out ongoing monitoring is necessary to ensure the account or other financial service is being used in accordance with the customer profile developed through CDD during onboarding, and that transactions are normal, reasonable, and legitimate. LFIs using digital ID systems to authenticate the identity of their existing customers should use the data generated by authentication and related information to support ongoing due diligence and transaction monitoring.

Third-Party Reliance and Provision of Digital ID Services

In the case of third-party reliance relationships, an LFI depends on the customer identification and verification measures already undertaken by another regulated entity on an existing customer of that entity. In such a relationship, the third party will usually already have a business relationship with the customer that is independent of the relationship to be formed by the customer with the relying institution.

Typically, a prospective customer will assert an identity to the relying LFI using a digital ID system. At this point, the third party will be prompted by the system to authenticate the person’s identity and immediately provide relevant identification and verification information to the relying LFI. However, in all reliance relationships, the ultimate responsibility for CDD measures remains with the LFI which depends on the third party.

Consult with the Best AML Consultants in Dubai

The landscape of AML compliance in the UAE is dynamic and organisations may experience compliance failure if they fail to keep track of the new regulatory updates. The use of digital ID systems in CDD is a new requirement that LFIs need to meet to ensure AML compliance in the UAE. AML consultants in Dubai such as Jitendra Chartered Accountants (JCA) can advise you on how to meet the new requirement. JCA is one of the top providers of AML consulting services in Dubai with a dedicated in-house compliance team. Our highly qualified team of AML consultants in Dubai is dedicated to ensuring you comply with the AML Law without incurring any penalty.