Financial Crime and Banking Regulations: Chapter UAE

While economic growth has been somewhat muted over the past year, the top 10 UAE banks have enjoyed a healthy surge of 11.5% in net profits. This occurred in the wake of the replacement of IAS 39 with IFRS 9 at the beginning of 2018. It transformed banks’ approach to the assessment of impairments in their loan portfolios and added another capital conservation buffer. Higher current provisions and more stringent Liquidity Coverage Ratio and Net Stable Funding Ratio calculations seem to have led to a spike in the cost of liquidity. IFRS 9 adjustments were passed through retained earnings, which in turn triggered an adverse impact on the Capital Adequacy Ratio and Return on Equity. Despite a promising financial year, financial institutions must contend with an incursion of new regulations and a burgeoning demand for innovative new products and systems to meet consumer demands in a market that is increasingly digitally enabled. Across the banking sector, companies have embraced innovation teams. However these can suffer from limited authority, lack of resources, and inadequate support from senior stakeholders. A structured management process, and a more open-minded approach to solving problems may help drive the innovation agenda. Improved communication and collaboration between departments and with regulators will help banks remain agile in the face of the gamut of technological advances like fintech. With the advent of the digital revolution, many banks are turning to customer identity and access management (CIAM) to build stronger relationships with their customers. CIAM’s features facilitate addressing numerous customer needs, delivering personalized experiences, intelligent solutions, protection against cyber fraud and ease of digital interaction. The success of implementing CIAM, however, will depend on factors like the ability of a vast variety of stakeholders to work together, and how readily users embrace learning new software. Meanwhile, risk functions of banks must exercise constant vigilance to cope with an influx of challenges: the London Interbank Offered Rate (LIBOR) is being phased out, gradually being replaced with alternatives such as risk-free rate (RFR) benchmarks. There are likely to be operational issues in the early stages, and banks will need to reduce LIBOR exposures and build demand for RFR-linked products. Information asymmetries will require a clear client communication strategy, and outstanding hedge relationships and other agreements may need to be amended. Along with changes to valuation tools and risk models, banks would be well advised to consider the interaction between LIBOR transition and the implementation of the Fundamental Review of the Trading Book (FRTB). Operational risk is becoming an increasingly significant area of focus. Headwinds may take the form of cyber threats, third-party concerns, trading, conduct and culture issues, anti-money laundering fines and sanctions, or stress-testing requirements.

In 2018, the Central Bank of the UAE (CBUAE) published a number of regulations as well as a ‘Standards’ release which stipulates what banks should be doing to achieve best practice. It points out the main areas for banks to focus on are: governance, identification and assessment, control and mitigation, business continuity management, information technology and systems, and reporting. To an extent, a specific subset of risk, financial crime risk, can be reduced via a step-by-step method. This would involve reviewing the compliance risk assessment framework and the monitoring program, to validate the annual compliance plan, transaction monitoring and know your-customer procedures. Technological developments like machine learning could be leveraged to maximize operating efficiencies, and risk mitigation measures designed and implemented to ensure compliance with the regulatory provisions on AML and sanctions. The UAE is anticipating its Financial Action Task Force (FATF) Mutual Evaluation to be held in 2019, and independent evaluations of local banks’ AML and sanctions compliance frameworks have been undertaken to prepare for this. The waxing crescent of the Islamic financial market is becoming systemically important as the GCC consolidates its position as a globally significant economic hub. The growth of Islamic finance may be sustained by addressing some key points. These include the ‘form over substance’ debate and the need for harmonization of standards. There is a pressing need for greater transparency, more Islamic banking experts, and strengthening the public’s confidence in the Shari’ah compliance of the products and services being offered.

With the arrival of a number of new local and international regulations, the scope of the compliance function is broadening, requiring skills that can consider risks facing the banks more holistically. Internal Audit’s (IA) role is also becoming wider, with banks required to publish their IA charter and review it every three years (as per CB UAE Internal Controls, Compliance and Internal Audit Standards 161/2018, Article 4.14). Self-evaluation of the board committee’s effectiveness will assist those charged with governance in the bank to formulate a clear plan of action to bring its operations in line with best practice, a process which may be aided by the appointment of an independent facilitator. In conjunction with a strong control environment and robust regulatory procedures, equally vital is management’s approach to corporate culture, in particular: power distance, uncertainty avoidance, individualism versus collectivism and masculinity versus femininity. The UAE is home to a colorful mélange of nationalities, with 88.5%2 of its population composed of expatriates. Resolving differences and having open conversations to build a respectful and productive environment becomes key in such an ethnically diverse milieu. Finally, as banks internationally now include certain performance measures beyond key financial indicators, sustainability reporting is emerging as an essential consideration within the UAE. While there may be some regulatory and policy gaps, banks are beginning to include environmental and social data to exhibit greater responsibility towards their stakeholders. Sustainability disclosures may help banks access new markets, and implement more rounded risk management processes. Stakeholders tend to no longer want their banks to simply exceed their financial targets, but to formulate a canny, forward-looking strategy for the long term. 

Financial institutions in the UAE are preparing for the country’s FATF Mutual Evaluation later in 2019. The publication of the results would be critical for the image and reputation of the country’s financial services sector, as the outcome is likely to play a profound role in determining the way the UAE’s anti-money laundering (AML) regime is perceived globally. In pursuit of ensuring that the financial services sector is ready when the FATF evaluators arrive, the Central Bank of the UAE (CBUAE) mandated an independent evaluation of their AML and sanctions-compliance frameworks. First for the national banks in 2017, and subsequently the branches of foreign banks and the exchange houses in 2018. Having completed the assessments for multiple financial institutions between 2017 and 2018, Most financial institutions performed well in terms of governance, training and assurance, and two areas were highlighted for potential improvement: risk assessment and monitoring. The reality is that Compliance functions have been striving to strike a balance between ensuring effective management of regulatory developments and reducing compliance cost. This appears to be turning into an increasingly challenging task, as the cost of compliance is rising exponentially with the accelerating pace of regulatory change. A step-by-step method The question arises how organizations can simultaneously prepare for the FATF evaluators, meet strategic compliance objectives, minimize compliance cost and effectively manage financial crime risk. The answer may lie in a threefold approach: a) Remediate the areas for development identified through the recent assessment of the AML program. Hence, in view of the outcome of the assessments, financial institutions should prioritize a review of: i) the compliance risk assessment framework aimed to ensure it covers all business areas and enables them to identify and adequately prepare for money-laundering risks. These are continuously evolving with the entry of new financial products and players in the competitive market, as well as with Fintech developments such as digital finance and cryptocurrency As the UAE gears up for the Financial Action Task Force (FATF) Mutual Evaluation, One should contemplate how banks can build more robust anti-money laundering and sanctions compliance frameworks, through the effective use of technology. Mitigating financial crime risk ii) the monitoring program in order to validate that the annual compliance plan, transaction monitoring and know-your customer (KYC) processes address regulatory requirements and are aligned with the firm’s risk profile b) Achieve operating efficiencies through, for example, integration of intelligent automation and innovative technology into the existing technology infrastructure. Compliance leaders could explore and leverage new technology capabilities to automate their compliance activities alongside similar transformations being undertaken by their business counterparts. For instance, robotic process automation (RPA) can assist in retrieving data for money-laundering investigations and scanning public databases for changes to laws, rules and regulations. Machine learning may be used to identify risks using public information and historical outcomes of previous investigations. Meanwhile, cognitive technology may be used, capable of mimicking aspects of human judgment to, for example, interpret transaction activity. c) There should be a greater focus on effectiveness by ensuring that key risks are clearly understood, and mitigation measures are designed and implemented to ensure compliance with the regulatory provisions on AML and sanctions.

In the past year, GCC countries have reiterated they, like many other countries around the world, are serious about combatting money laundering, terrorism financing and other financial crimes.

Companies that ignore this shift will do so at their peril. Recent local and global economic, legal and political developments - ranging from new regulations and stronger enforcement authorities to the re-imposition of sanctions by the United States (US) against Iran - will have a significant impact on the risk exposure of companies operating in the region for the foreseeable future.

There is ever increasing scrutiny into financial crime. In the UAE, the newly enacted Anti-Money Laundering (AML) Law contains important improvements over the prior legal framework, notably, the inclusion for the first time of digital currencies and online money laundering within the scope of the law and the introduction of "controlled delivery" (a form of "sting operation") which allows a money laundering activity to proceed in order to investigate and apprehend the suspects. In 2018, the anti-bribery and anti-corruption provisions of the UAE Criminal Penal Code was amended, among other things, to include bribery committed by foreign public officials and, for the first time, expressly providing for extra-territorial reach of the criminal act.

In Saudi Arabia, fundamental changes to the AML counter-terrorism financing (CTF) regime and robust measures to detect financial crime have been introduced, taking into account the recommendations of the Financial Action Task Force (FATF), the intergovernmental organization that combats money laundering and terrorism financing. These changes bring the AML regimes of these countries closer in line with international standards.

Following its withdrawal from the Iran nuclear deal, the US’ unilateral re-imposition of sanctions has had a marked impact on companies doing business with Iran, and has increased the scrutiny into Iran-related transactions. For example, the flow of funds between Iran and the UAE has been disrupted even through traditional, more established banking channels. The UAE does not have a blanket prohibition on doing business with Iran, while Qatar has in fact increased its commercial ties with Iran.

The UAE authorities are also enhancing cooperation with foreign law enforcement bodies. For example, the UAE is working more closely with the US Treasury Department, notably through its partnership within the Terrorist Financing Targeting Center. This has led to the imposition of specific sanctions across the GCC countries and several highly visible joint enforcement actions, shutting down currency trading operations that had links to Iran.

Heightened accountability and enforcement authority are reflected by recent major senior appointments at the financial regulators in the UAE financial free zones. In addition, the Dubai Financial Services Authority and the Financial Services Regulatory Authority have enhanced the DIFC’s and ADGM’s AML regimes respectively, requiring the registration of Designated Non-Financial Professions and Businesses (including law firms, real estate brokerages and accounting firms) among other marked changes. These are clear signals that the regulators are likely to take a more active approach to enforcement and a renewed commitment to the financial safety and soundness of these financial hubs, particularly in advance of the FATF’s overall evaluation of the UAE financial system that will be undertaken later this year.

The KSA underwent a FATF assessment in 2018, achieving good results and uncovering some areas of focus such as pursuing large scale money laundering and confiscating assets. Investigations have increased in the Kingdom in recent years due in large part to the government’s anti-corruption campaign.

Businesses will be facing greater regulatory scrutiny and operating in a more compliance-focused environment than ever before. The UAE is likely to share investigation intelligence information more transparently going forward, and actively implement joint enforcement actions with foreign law enforcement agencies. Governments in GCC countries are also likely to adopt a more liberal approach to extradition requests and greater transparency in bribery cases, such as the recent disclosure of financial irregularities in public procurement contracts by the Anti-Corruption Department within the UAE's State Audit Institution.

These developments will have a profound effect on the business environment in the GCC. Companies can no longer approach compliance casually - it now needs to be on the agenda of boards and management teams to help them make effective strategic business decisions that will both protect and drive commercial growth.

Now more than ever, companies will need to reassess their compliance policies and risk exposure and focus on developing robust compliance systems and controls as well as training employees to ensure that these systems ultimately withstand regulatory scrutiny.

Businesses that make appropriate adjustments and corrective actions now in light of these developments are better placed to continue operating successfully in the future.