Skip to main content

B. Policies and Procedures

1. VASPs will establish and implement policies and procedures to comply with all AML/CFT requirements and existing applicable laws, regulatory requirements and guidelines, including but not limited to—
 
  a. the Federal AML-CFT Laws;
  b. the Financial Action Task Force’s [FATF] 12-Month Review of the Revised FATF Standards on Virtual Assets and Virtual Asset Service Providers [June 2020];
  c. FATF’s Second 12-Month Review of the Revised FATF Standards on Virtual Assets and Virtual Asset Service Providers [July 2021];
  d. FATF’s Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers [October 2021];
  e. the International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, The FATF Recommendations [March 2022];
  f. Cabinet Resolution No. [74] of 2020 regarding the Terrorist List System and The Implementation of Security Council Resolutions Related to Preventing and Suppressing Terrorism and its Financing, Counter of Proliferation and its Financing, and the Relevant Resolutions;
  g. the UAE Executive Office for Control & Non-Proliferation [EOCN] Guidance on Counter Proliferation Financing for FI’s, DNFPBs, and VASPs [March 2022]; and
  h. the EOCN’s Local Terrorist List, as may be amended from time to time.
 
2. To ensure compliance with the Federal AML-CFT Laws, such policies and procedures must establish courses of action allowing VASPs to—
 
  a. refrain from opening or conducting any financial or commercial transaction under an anonymous or fictitious name or by pseudonym or number, and maintaining a relationship or providing any services to it;
  b. ensure prompt application of the directives when issued by the competent authorities in the UAE for implementing United Nations Security Council Resolutions relating to the suppression and combating of terrorism, terrorist financing and proliferation of weapons of mass destruction and its financing, and other related directives, as well as compliance with all other applicable laws, regulatory requirements and guidelines in relation to economic sanctions;
  c. notwithstanding all relevant requirements in this Compliance and Risk Management Rulebook, maintain all records, documents, and data for all transactions, whether local or international, and make this information available to VARA upon request; and
  d. ensure full compliance with any other AML/CFT requirements and applicable laws, regulatory requirements and guidelines as may be promulgated by VARA, UAE federal government bodies, FATF or the Middle East and North Africa Financial Action Task Force from time to time.
 
3. VASPs shall establish adequate risk rules to screen clients, UBOs, Virtual Asset transactions and VA Wallet addresses to—
 
  a. identify potential illicit activities, potentially adverse information in higher risk situations [e.g. criminal history] and applicability of targeted or other international financial sanctions; and
  b. alert operation and compliance teams to impose relevant restriction and conduct further investigation.
 
4. All policies and procedures established and implemented pursuant to Rule III.B.1 of this Compliance and Risk Management Rulebook must be attested by a competent third party and shall be submitted to VARA in the licensing process and no more than twenty-one [21] calendar days after any changes coming into effect.