GOAML

Anti-Money Laundering and Counter-Terrorist Financing

UAE has been working on strategies to combat Illegal funding of organizations and money laundering activities and comply with the standards (Financial Action Task Force). In its mission to achieve this objective, Financial Intelligence Unit (FIU) was established under CBUAE (Central bank of UAE) to regulate and monitor entities that are most likely to be impacted/involved directly or indirectly in aiding such activities in the economy.

In this effort, Federal Decree-law no. 20 of 2018 on Money Laundering, financing terrorism, and illegal organizations was introduced, which revoked previously issued Federal Decree-Law no. 4 of 2002.

Therefore, it is essential to note that all regulated entities, including financial institutions (FIs) and the Designated Non-Financial Businesses and Professionals (DNFBPs), must implement robust AML-CTF policies and controls within their activities and document them.

What is Money Laundering?

Money Laundering has three essential phases, and all regulated entities need to look for specific indicators that might hint towards an activity being suspicious and need monitoring/investigation.

According to the Ministry of economy, “Money laundering refers to any financial or banking transaction intended to cover up or disguise the source of illegally obtained funds, to avoid detection of them through the financial and banking systems and to re-buff and reinvest them.”

The three phases include:

1. Placement: Deposit Criminal proceeds into financial systems.
2. Layering: Conceal the criminal origin of proceeds.
3. Integration: Create an Apparent legal origin for criminal proceeds.

The Decree-Law defines a culprit of a money-laundering offense as any person who is aware that the money was originated from a felony or misdemeanor and intentionally commits one of the following acts:

1. Transmitting or carrying proceeds of crime with intent to cover up or mask its illicit source
2. Obscuring or cloaking the true nature, origin, location, way of disposition, movement, or rights related to any proceeds or the ownership thereof
3. Acquiring, possessing, or using such proceeds
4. Aiding the offender of the predicate offense to escape penance

Who should register with goAML system in UAE?

1. Financial Institutions (FIs)
2. Designated Non-Financial Businesses and Professionals (DNFBPs)

All FIs and DNFBPs registered in UAE have certain obligations which need to be fulfilled to avoid violation of laws and regulations enforced:

1. Firstly, it is essential to register on the goAML system.
   • FIU develops GoAML System to make suspicious transaction/activity reporting more convenient for the regulated entities.
2. Secondly, appoint an independent and qualified Compliance officer.
3. Develop strong internal controls, policies, and procedures and implement including:
   • Know your Customers (KYC)/Employees
   • Sanctions Screening
   • Training and monitoring
   • Customer due diligence
   • Risk management procedures
4. Reporting Suspicious transactions
5. Register in the automatic system for reporting sanctions list

Ministry will conduct regular inspections of all DNFBPs to assess how these obligations are fulfilled and measures to ensure compliance and violations are penalized.

The policies and procedures that should be implemented can be categorized as follows:

• Customer Acceptance Policies and Risk Assessment/Categorisation
• Know your Customer Policy: Due Diligence measures for identification and Verification
• Customer Screening against Sanction lists
• Monitoring Policy and Suspicious Transaction Reporting
• Know your employee Policy
• Staff Training Policy
• Compliance officer and Independent Internal audits

As we know, Control and planning need to be conducted side by side, as planning without Control is unlikely to be effective and Control without proper planning.

So DNFBPs are expected to plan appropriate controls and procedures to overcome the threat of money laundering or illegal financing activities and monitor them regularly to ensure they are implemented and updated whenever required.

Overview

Federal Decree No. 20 of 2018 on Anti-Money Laundering and Countering the Financing of Terrorism was issued to establish a legal framework for complying with international standards on anti-money laundering and countering the financing of terrorism. Primarily, it describes the legal requirements the government must observe to comply with international standards. In addition, it capitalizes on the legal and institutional framework’s efficacy in implementing procedures and interventions that help anti-money laundering efforts and fight terrorism and criminal organization financing.

The UAE conducted its first national risk assessment on money laundering and terrorist funding in 2018, with broad participation from all relevant authorities. According to the assessment, money laundering and terrorist funding are high risks in various regions. FATF (Financial Action Task Force) reviewed the UAE in compliance with international standards in 2019 and discovered a range of areas that would benefit from a national structure to tackle money laundering and terrorist funding.

The goAML System Registration

The Ministry of Economy (MoE) announced the launch of an awareness and monitoring campaign to enable registered Designated Non-Financial Business and Professions (DNFBPs) in the UAE to register with the Financial Intelligent Unit (goAML) system. Similarly, it encourages targeted groups to write in the design of the Committee on Goods Subject to Import and Export Control (Automatic Reporting System for Sanctions Lists) and to take action in relation to both the provisions of Federal Law No 20 of 2018 on the fight against money laundering crimes and the funding of terrorism and criminal organizations and the legislation and related decision-making rules and regulations.

According to the Ministry of Economy, the last date to register in the goAML system was April 30, 2021. However, registrations are still being accepted by the MoE. Further Anti-Money Laundering (AML) violators may face administrative fines ranging from AED 50,000 to 1,000,000.

What is the goAML System?

The goAML system is an integrated digital platform through which financial institutions, designated non-financial businesses, occupations, and the relevant authorities can send Suspicious Transaction Reports (STRs) and Suspicious Activity Reports (SARs). The Financial Intelligence Unit uses it to collect, evaluate and distribute suspicious transaction information rapidly and effectively.

What is Committee for Commodities Subject to Import and Export Control (Automatic Reporting System for Sanctions Lists)?

By registering in this system, financial institutions and designated non-financial undertakings and professions will be able to receive timely updates when individuals are added or removed to the local or UN list of targeted financial sanctions. In addition, the system automatically sends e-mail notifications to all registered establishments and authorities.

Which Businesses are treated as Designated Non-financial Businesses and Professions (DNFBPs)?

A DNFBP is anyone who engages in the following trade or business activities:

1. When brokers and real estate agents complete transactions for the benefit of their clients in the purchase and selling of real estate.
2. Precious metals and precious stone dealers carry out a single cash transaction or multiple transactions that tend to be connected or exceed more than AED 55,000.
3. Attorneys, notaries, and other independent legal practitioners, as well as independent accountants, when planning, performing or executing financial transactions for their clients:
   • Purchase and sale of real estate.
   • Management of funds owned by the Customer.
   • Management of bank accounts, saving accounts, or securities accounts.
   • Contributions for the establishment, operation, or management of companies.
   • Creating, operating, or managing legal persons or Legal Arrangements.
   • Selling and buying commercial entities.
4. Providers of corporate services and trusts when they perform or execute a transaction on behalf of their customers in the following areas: Acting as an agent in the creation or establishment of legal persons;
   • Working as or equipping another person to serve as a director or secretary of a company, as a partner, or in a similar position in a legal person.
   • Provide a registered office, work address, residence, correspondence address, or administrative address of a legal person or Legal Arrangement.
   • Performing work or equipping another person to act as a trustee for a direct Trust or conduct a similar function in favor of another form of Legal Arrangement.
   • Working or equipping another person to act as a nominal shareholder favors another person.
   • A decision of the Minister shall determine other professions and activities

According to the Ministry of Economy, the targeted establishment must take three key measures to protect its enterprises against money laundering threats. As follows, the three steps are:

1. Appointment of a facility compliance officer with responsibility for the registration and follow-up of the two systems;
2. Exercising due diligence on customers by checking the identity of the client and the beneficial owner before forming a business relationship or opening an account and other information listed in the implementing regulations; and
3. Registration in the ‘goAML’ system, filing of suspicious transaction reports through it, registration in the Automatic Reporting System For Sanctions Lists of the Committee for Commodities Subject to Import and Export Control, and alignment of their commercial operations with the lists produced on an ongoing basis by that system.

The Ministry of Economy (MoE) has stated that it will organize field inspection campaigns to track the scope of the dedication of the target establishments to the registration and implementation of relevant measures in both systems. Such initiatives will also help raise awareness of federal law requirements and punishments for violations and ensure they are committed to its provisions.

UAE Central Bank issues updated guidance on AML/CTF

By including the Financial Action Task Force (FATF) standards in the updated guidance, which came into effect on the 1st of August-2022, LFIs will understand risks better and ensure they are meeting their statutory obligations in terms of Anti-Money laundering and counter-terrorism financing.

According to the newly issued guidance some of the key preventive measures that should be implemented by LFIs to mitigate the money laundering and the financing of terrorism risks relating to payments include, but not limited to, the following:

1. Risk-based Approach should be taken when managing the risks involved.
2. Should Conduct Regular Risk Assessments to cover all the payment products, services, relationships, and exposure to domestic and foreign payment sector participants.
3. Conduct Regular Due diligence on customers, monitoring all transactions processed or conducted through the LFIs.
4. Reporting suspicious transactions to the UAE’s Financial Intelligence Unit.
5. Put in place a sanctions compliance program with operational systems that appropriately screen transactions and transmit required information throughout the payment cycle.
6. In correspondent relationships, LFIs should not process any payments for a correspondent unless they are entirely confident that the correspondent conducts appropriate screening.

What if a business in UAE fails to Register in goAML?

It is mandatory for all Designated Non-Financial Businesses and Professions (DNFBPs) to register on goAML portal. Under Federal Decree Law No (20) of 2018 and Article 20(2) of Cabinet Decision No (10) of 2019, it is obligatory to have procedures in place to report suspicious transactions to manage anti-money laundering (AML).

The failure to register on goAML is a failure on a company’s part to put necessary procedures in place for the STR filing.

A failure to file STR is a criminal offence under the UAE Laws and includes administrative penalties but is not limited to a financial penalty of AED 50,000 and no more than AED 5,000,000 for each violation.

Required Documents

• Authorisation letter from the institution you represent
• A copy of your passport, resident visa, and Emirates ID
• A copy of the commercial trade license (for companies)
• Download the ‘Google Authenticator’ application on your phone. (This application contains the password for the SACM protection system, which will change every minute)

What should I do if I do not receive an email OTP for my goAML pre-registration request?

1. First thing first, check your junk emails and ask your IT team to whitelist webmaster@eservices.centralbank.ae
2. Send out an email to goaml@cbuae.gov.ae requesting them to resend the email OTP.

UAE goAML Registration Type

There are three goAML registration types as prescribed by the UAE Financial Intelligence Unit (FIU):

• Reporting Entity
• Stakeholder
• Supervisory Body

DNFBPS have to carry out their goAML registration with the  UAE Financial Intelligence Unit as Reporting Entities

goAML pre-registration phase guide

1. Required Documents
   • goAML Registration Authorisation Letter. Click here to download goAML Registration Authorisation Letter Template.
   • Valid Passport Copy
   • Valid Residency VISA Copy
   • Valid Emirates ID
   • Valid Commercial Trade License
2. Merge the above documents into one single pdf file
3. Download and Install Google Authenticator
4. Go to: SACM - UAE Financial Intelligence Unit (uaefiu.gov.ae) and select REGISTRATION
5. Complete all mandatory information indicated with *
6. Select Reporting Entity as Registration Type
7. Select Ministry of Economy as Supervisory Authority
8. ID No/Reg No is your Firm License No as per your Trade License
9. Complete remaining particulars accurately. Phone number and email address must be entered accurately to receive OTPs
10. Upload all your supporting documentation in one PDF file
11. Tick the block that you have read the goAML Portal Service Terms and Conditions
12. Submit your application
13. Check your inbox for a mail to click on a link to verify your email address.
14. Check your inbox for a mail to click on a mail to enter email and SMS OTP to obtain your Username and Secret Key. OTPs are valid for 24 hours
15. Scan the barcode from the email received using Google Authenticator

What are the steps to register on goAML portal in UAE?

goAML two-stage registration process:

It is pertinent to note that the goAML registration consists of two stages:

Stage 1 – SACM Registration: Register in the protection system (SACM) of goAML portal and get a username.

Stage 2 – goAML Registration: Get the password from the Google Authenticator app and use it to access the goAML portal for main registration.

1. Access the system using https://services.uaefiu.gov.ae/
2. Select Systems and then select Production/Live option
3. To login, use your Username received from the pre-registration phase AND the code from your google authenticator as the password (this code changes every few seconds so ensure a valid one is used)
4. Select “Register a New Organization”
5. Complete all mandatory particulars accurately as per the same information used for the pre-registration phase
6. Upload supporting documentation as per the pre-registration phase (ensure the validity of the documents)
7. Submit your application
8. Check your email for a reference number (you may use this for any queries)
9. You will receive an email to notify you of the approval or rejection of your application
10. If your application is rejected, please re-complete your application starting from the pre-registration phase.
11. Assistance: For all IT and technical related issues, please send an email to :goAML@uaefiu.gov.ae

Stage:1:

Stage:2:

goAML Login UAE

You need to follow the below-mentioned steps for goAML Login in UAE:

1. Navigate to https://services.uaefiu.gov.ae/ to login to goAML UAE portal
2. Click on Systems
3. Click on goAML
4. You will now see the following screen:

1. Provide the Username as received from webmaster@eservices.centralbank.ae and the Google Authenticator Passcode as the Password
2. Click Sign In
3. You will now be redirected to goAML homepage
4. Click the Login button
5. You now need to provide goAML Login credentials to login to the UAE goAML portal

Subsequent Access to UAE goAML Portal

For accessing the goAML portal, the registered entities are required to first access the service page of the UAE FIU, using the username and the passcode popped up in the Google Authenticator Application.

Once successfully accessed the UAEFIU's service page, goAML Portal's login box shall be popped up.

The entire process of 2-step access has been summarised hereunder, for the ease of reference:

1. Visit https://services.uaefiu.gov.ae/ >> GOAML
2. Login using username received from webmaster@eservices.centralbank.ae &

Google Authenticator Passcode as the password

3. Login using the username and password created at the time of registering on goAML Portal

goAML Registration Approval

goAML Registration is approved by the respective supervisory authority in the UAE.