A Comprehensive Guide to AML Customer Risk Assessment for DNFBPs in UAE

A Comprehensive Guide to AML Customer Risk Assessment for DNFBPs in UAE

As per UAE AML regulations and to cope with the ever-evolving financial landscape, the regulated entities – Financial Institutions, Designated Non-Financial Businesses and Professions (DNFBPs), and Virtual Asset Service Providers (VASPs) – are required to conduct Customer Risk Assessments. The Customer Risk Assessment is a critical AML measure focused on identifying the money laundering or financing of terrorism (ML/FT) risk posed by each customer.

In this article, we will discuss the significance of performing customer risk assessment for DNFBPs in UAE and the best practices to conduct the same to manage the risk and stay compliant with the UAE AML regulations.

Understanding the Importance of Customer Risk Assessment

UAE has introduced AML/CFT regulations, providing guidelines for regulated organizations to implement AML compliance programs and combat financial crimes like money laundering and terrorism financing. One of the AML measures provided under the UAE AML laws is the Customer Due Diligence (CDD) process.
CDD is a set of comprehensive measures to be applied while onboarding a customer. It includes Know Your Customer (KYC), aimed at identifying the customers and verifying their identity, including the Ultimate Beneficial Owners (UBOs). The name screening of the customers and UBOs also forms part of the CDD process. Additionally, the Customer Due Diligence measures also include customer risk assessment.

What is Customer Risk Assessment under AML Compliance Program?

Customer Risk Assessment plays a pivotal aspect in the AML program, as it assists in adopting the risk-based approach to deploy the resources and optimally manage the financial crime risks. It involves assessing the potential ML/FT risk the customer is expected to pose to the business, i.e., creating the customer risk profile or conducting the risk assessment.
By assessing the risk associated with customers, regulated organizations can determine the level of procedures to be performed and the controls to be applied to manage risk effectively.
The customer risk assessment is primarily based on customer identification information, the nature of business activities, the geographies they are associated with, the purpose of the business relationship, the expected transactions, the actual transaction pattern, etc. Evaluation of the risk basis of these factors, along with other relevant risk parameters, assists the business in determining the level of customer risk and accordingly deploying adequate AML measures.

Why is Customer Risk Assessment a significant part of the AML Compliance Program?

As an outcome of the Customer Risk Assessment, the customer’s risk profile is created and classified as either high, medium, or low risk for the business. It assists businesses in determining the level of due diligence measures to be applied. For example, enhanced due diligence measures are applied to manage the increased risk for customers categorized as posing a high risk to the business. The businesses may adopt simplified verification measures for customers with low ML/FT risk. Thus, it helps the organizations apply the risk-based approach in its true and use the resources optimally, with smooth customer onboarding in line with the risk profile.
It serves as the foundation to build the ongoing monitoring program to identify any unusual patterns or suspicious activities, allowing the businesses to prioritize the monitoring efforts toward high-risk customers.
A Comprehensive Guide to AML Customer Risk Assessment for DNFBPs in UAE
Moreover, the customer’s information and the activity profile keep evolving over time; thus, it is pertinent to ensure the customer’s risk assessment is updated to identify the level of risk associated with the customer and ensure appropriate mitigation measures are applied.
With a comprehensive customer risk assessment process, businesses can protect themselves from being exploited by financial criminals and ensure compliance with the AML regulatory landscape of the country.

How to conduct Customer Risk Assessment (CRA)?

Adopting the following steps will enhance the effectiveness of the Customer Risk Assessment:

Identifying and evaluating the risk factors

The first step in CRA is identifying the risk factors that expose the business to ML/FT vulnerabilities. These risk factors can include the following:
  • nature of the customer
  • customer’s country of residence, business, nationality, and birth
  • occupation and employer details of the customer
  • nature of the proposed transaction
  • transactional parameters like nature of product, services
  • mode of payment
  • person’s background (adverse media, connection with sanctioned persons, or past incidence of reporting suspicious transactions)
  • customer’s source of funds and wealth
For example, the customer working with an industry connected with ML/FT typologies, such as precious metals and stones or real estate, is treated as a high-risk customer. Further, the customer whose proposed payment mode is cash or virtual assets without any business rationale may trigger a suspicion warranting to classify the customer as high-risk.
The customer associated with a country on the FATF Grey List or jurisdiction notorious for higher risk of money laundering poses a higher risk to the business than the customer with a jurisdiction having strong AML regulations.
The comprehensive and combined evolution of these factors helps the business determine the risk associated with each customer and create its risk profile.
The evaluation of the risk factors to help identify the inherent ML/FT risk the customer poses and the level of AML/CFT measures are required to mitigate this inherent risk. For instance, regulated organizations must perform additional verification checks and obtain documents for high-risk customers to establish the legitimacy of the customer’s source of funds and wealth. Moreover, senior management approval must also be sought to establish a business relationship with such a customer.
Adopting appropriate mitigation measures significantly reduces the ML/FT risk, ensuring an inherent level of risk is brought within the business’s risk appetite to conduct a transaction with such a customer.
The factors considered for the risk assessment, the methodology adopted and the outcome of the CRA must be well-documented to demonstrate AML compliance.

Periodic review and reassessment

The customer risk profile is not a static one, i.e., once a customer is classified as high-risk would not necessarily pose such increased ML/FT risk to the business. The risk exposure changes as the customer’s profile is updated, the business activities change, the relevant country’s AML regulatory framework changes, etc. Further, the evolving AML regulations and emerging risk typologies also impact the customer’s risk profile.
Thus, the regulated entities must ensure that the customer’s risk assessment is dynamic, updated as and when there is any movement in the risk factor.

Empowering the team

Well-crafted AML/CFT procedures and controls are of no use without having a well-trained team to implement the same effectively. The regulated entities must impart adequate AML training to their employees around the performance of customer risk assessment and its impact on the nature of AML/CFT measures to be applied. The factors to be considered for risk assessment and the methodology to be adopted must be discussed during the AML training program.

How can the use of tools and techniques improve the effectiveness of the Customer Risk Assessment?

When assessing customer risk, regulated entities can deploy a wide range of tools and techniques to obtain accurate and real-time results. These tools and techniques would be both – manual as well as automated using technology.

Use of emerging technology in performing Customer Risk Assessment

With the use of developing technologies, businesses can improve the effectiveness of the risk assessment process. The automated software and tools can process a large volume of customer data to assess the level of risk and provide insights into the customer’s risk profile.
Leveraging these technological tools can speed up the processes, providing real-time assessment of the customer risk upon every transaction executed with the customer, without worrying about remembering the requirement to reassess the customer risk.
Moreover, these solutions use the initially assessed risk level as a base and can promptly identify any unusual patterns and suspicious activities inconsistent with the customer’s profile.

Use of manual techniques for assessing customer risk

Though deploying technology for customer risk assessment is one of the best alternatives, the power of manual techniques can’t be ignored. Small and medium-sized businesses can use sophisticated Excel-based methods to assess the risk, including manually verifying customer documents and information.
With the human touch, businesses can assess the risk by interviewing the customer, studying their behavior, involving third parties to evaluate the customer’s financial position, etc.
When the manual techniques are combined with technological tools, the comprehensiveness of the CRA measures enhances, ensuring that tool-based assessment is supported by manual verification and no potential risk exposure goes unnoticed.

Let Niyeahma help you design your Customer Risk Assessment Program

As the risk factors and AML regulations in UAE keep advancing, the methodologies of conducting customer risk assessment also change. Seek professional help from AML experts like Niyeahma to develop your customer risk assessment policies and program, ensuring you appropriately determine the customer’s ML/FT risk and apply necessary mitigation measures.
Niyeahma, with its diversified experience and subject knowledge, can assist the regulated entities in customizing the AML framework in accordance with the nature and risk exposure of the business while staying AML compliant and managing the risks effectively.
Whichever way you go – technological or manual – Niyeahma can help you either by identifying and assisting in implementing the right AML software for CRA or designing the manual techniques and processes to create customer risk profiles effectively.
With Customer Risk Assessment, manage your ML/FT risks effectively!

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.