Anti-Money Laundering, Counter-Terrorist and Sanctions Policy
This Policy sets out our principles and standards for compliance and management of risks associated with financial crime. The Directors (assisted by the Compliance Manager and legal advisers) have overall responsibility for compliance and management of risks associated with financial crime in the business.
This document is referred to as the Anti-Money Laundering (AML), Counter-Terrorist Financing (CTF) and Sanctions Policy. The purpose of this Policy is to:
- comply with any legal requirements to prevent any part of our business from being used for financial crime
- ensure we take the most appropriate action to mitigate the risks associated with financial crime.
This Policy outlines some of the legal requirements related to financial crime, as well as internal measures which we have established. Our business does not fall within the definition of "Financial Institution" (FI) nor within any of the categories of "Designated Non- Financial Businesses and Professions" (DNFBPs) nor as Virtual Asset Service Providers (VASPs) under any applicable legislation. Therefore we are not legally required to have this policy or procedures. However, we aim to ensure compliance with this policy as a matter of best practice even if not legally required.
This policy is subject to copyright and may not be copied or used or adapted for use by anyone else without written licence from us. We may use search tools to check for unlicensed copies of our materials.
"We" "our" or "us" refers to Alta International DMCC, a company registered as a free zone company in DMCC, United Arab Emirates with company registration number DMCC192113 and licensed address at Unit No: 2704, JBC3, Plot No: JLT-PH2-Y1A, Jumeirah Lakes Towers, Dubai, United Arab Emirates.
We are responsible for this website. You can contact us via Contact Us.
This policy applies to everyone when working for us, with us or on our behalf in any capacity, including employees at all levels, directors, officers, owners, licensees, agency or seconded workers, interns, agents, contractors, consultants, service providers, third-party representatives and business partners.
This Policy is not only aimed at complying with any relevant legal requirements, but also to mitigate and reduce the potential risk to the business of anyone using any part of our business, services, documentation or assets to launder the proceeds of illegal activity, fund terrorist activity or conduct prohibited financial sanctions activity (these offences are "financial crime").
The need for anti-money laundering, counter-terrorist funding and sanctions measures is an international issue. Therefore we aim to comply where practical with international guidelines that may be applicable to us as well as with locally applicable legislation. Some of the legislation to bear in mind if relevant (this depends not only on our location in the UAE but also on the location of the source of any funds or funder) can include FATFC from the USA, UK anti-money laundering regulations and guidelines, UAE Decree Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations and its associated regulations and guidelines, EU Directive on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing. These are just a few examples. It is important to refer to relevant government websites for updated guidance and references.
For sanctions, it is also important to refer to updated lists as they change. Some that may be relevant depending on the nature and location of a transaction include:
- UAE sanctions list;
- The UK HM Treasury (HMT), Office of Financial Sanctions Implementation, "consolidated list of targets";
- The United Nations (UN) Security Council consolidated sanctions list;
- The EU's consolidated list of persons, companies and entities;
- The US Department of the Treasury, Office of Foreign Assets Control (OFAC) sanctions lists:
- The US Department of the Treasury, Financial Crimes Enforcement Network (FinCEN) list.
In broad terms, across different legislation:
Money laundering is the process that criminals use to make illegal economic gains or the proceeds of criminal activities appear legal, or to conceal its true origin or ownership.
Terrorist financing relates to the raising or holding or providing of funds (directly or indirectly) with the intention that those funds should be used to carry out activities defined as acts of terrorism.
Sanctions (which can take various forms including financial, trading or other sanctions) are measures imposed by national governments and multinational bodies which seek to alter the behaviour and decisions of other national governments or non-state actors that may threaten national or international security or violate international norms of behaviour (such as human rights violations).
As a responsible business we are committed to supporting both domestic and international efforts and initiatives aimed at combating money laundering and the financing of terrorism in addition to implementing such internal measure as may be deemed necessary. In addition, we are committed to complying with all applicable sanctions in accordance with legislation applicable to us.
This policy together with the implementation and operation of the procedures and controls in it, reflects our commitment in this regard. We are willing to co-operate as part of any effort in combating money laundering and / or the financing of terrorism to the extent required and permitted with:
- Government agencies
- Free zone authority
- Recognized law enforcement agencies, domestic or foreign
We will use a "Risk Based Approach" which refers to the assessment of financial crime and implementation of measures to reduce or mitigate the risk of financial crime. As a result, we will allocate and prioritise resources according to where the most effective risk mitigation is required.
Responsibility of all employees. All personnel must comply with this policy and with any processes, procedures, checks, communications or instructions from senior management or the Compliance Officer in relation to the topics covered by this Policy. An employee's failure to comply with this policy may result in disciplinary sanctions, including suspension or termination. It is therefore the responsibility of everyone to understand and comply with this policy.
Compliance Manager. The Compliance Manager is responsible, in collaboration with legal advisers and supported by the directors, for:
- Administering the AML / CTF programme;
- Helping personnel implement the AML / CTF programme and related best practices;
- Planning, developing, and prescribing AML / CTF policies, processes, checks, systems, standards, and procedures;
- Reviewing and reconciling this Policy with other policies of ours for example to ensure that data protection and privacy policies are also followed (although data protection and privacy may not be used as a reason not to comply with legal requirements in relation to AML / CTF);
- Providing or arranging guidance, training, monitoring and updating in relation to this policy.
Identity of Compliance Manager. We have designated the General Manager as the Compliance Manager, but if they are not available then the Compliance Manager role is covered by any of our directors or senior managers.
The clients and other parties to transactions that we deal with are based internationally, in particular in the UK. Where property transactions are involved, or large sums of money, there is an enhanced risk of financial crime. Therefore the Compliance Manager must regularly undertake a business-wide risk assessment on financial crime describing the inherent financial crime risks of the business, the control environment to mitigate such risks, and the residual financial crime risk.
The business-wide risk assessment on financial crime represents an important measure for us to meet the requirements of the risk based approach.
There are tools that all of us can use to assess, including guidances from government authorities and industry bodies. These can include for example national property industry associations as well the UAE office for AML and CTF and the UK government websites. These sources should be checked regularly, and any processes or measures recommended should be implemented.
We will not accept either natural person or legal entities as clients or suppliers if they are subject to sanctions that prohibit this. In order to comply with sanctions regulations, we must be able to verify the identity of our clients (see later section) and must review and check the applicable sanctions lists.
We must discontinue the relationship and any services with anyone who is an existing client or supplier if they later become subject to applicable sanctions.
We will take all relevant steps to discontinue the provision of products and services to anyone (natural persons or legal entity) where we suspect that they will use our products or services or our business and its systems for financial crime.
We need to conduct due diligence on clients, often referred to as "Know Your Client" or "KYC". We do not have formal legal obligations to do this, but should follow best practice where possible, whilst weighing up the processes with data protection and privacy.
The Compliance Manager or directors will notify you of the processes to bring on new clients or to conduct due diligence on other interested parties to a transaction. This will be based on our risk-based approach.
We must endeavour to clarify the ultimate beneficial ownership and control of legal entities. In cases where controls and/or ownership exceeds 25%, the identity of those beneficial owners must be verified.
We must comply with guidelines and legislation in the UAE and in the DMCC free zone in relation to client due diligence / KYC which may include (as examples only) verifying identity, addresses, visas, passports, government ID, source of funds, beneficial ownership and contact details.
Screening of politically exposed persons
In order to ensure that all natural persons defined as politically exposed persons (PEPs) are identified and registered in our systems as such, a PEP screening process should be conducted when natural persons are brought in as a client and then checked on a regular basis. There are useful guidelines and summaries on the Law Society website of the UK on how best to manage this process and with relevant links.
We must perform enhanced due diligence and on-going due diligence measures proportionate with the risk scoring of a client. PEPs should be categorised as high risk clients. High risk clients will be subject to enhanced due diligence and annual on-going due diligence. On-going due diligence processes should also be applied to all existing clients.
Our IT systems and cloud solutions and workflows must be designed to ensure that robust internal controls of client due diligence are maintained.
This requires strong data quality and, where possible, automatic on-going due diligence between public registries and our IT systems in relation to client data. Data quality should be measured and reported as a key performance indicator.
We apply a risk-based approach to transaction monitoring. You should evaluate whether the activities of a client (their transactions and / or their general behaviour) is consistent with the stated nature and intent of their relationship. As part of the transaction monitoring, we must investigate further any activities that are deemed to be "unusual" with regard to the stated position of the client.
You must report any unusual or potentially suspicious transactions to the Compliance Officer.
The Directors must determine key performance indicators and develop management information requirements and processes to gain insight into and satisfaction with the effectiveness of the AML / CTF framework and processes.
The Compliance Officer will report on our AML, CTF and sanctions compliance measures and on compliance with this policy on an annual basis (as a minimum) to the Directors.
The foundation for a robust internal control environment towards client due diligence and enhanced due diligence requires electronic retention of the material received for the purposes of client due diligence, on-going due diligence and / or enhanced due diligence. The archiving must be completed in a manner making it available to all employees having appropriate access to the client in question (within the our existing IT solution). We implement measures for other accepted electronic ways of verifying identities which may include outsourced services
Documentation must be kept during the lifetime of the client's relationship with us and at least five years after termination of the client relationship. This needs to be balanced with data protection and privacy requirements and must always be subject to information security measures.
You should notify any unusual or suspicious activity or transactions to the Compliance Officer. The Compliance Officer, supported by the directors and potentially by legal advisers, will assess whether the described activities or transactions are genuinely suspicious and warrant the filing of a "suspicious activity report" (SAR) or other notification to the relevant local authorities or police.
In the UAE, we do not fall within the category of business that is required to have the AML measures and registration on the "goAML" system Therefore, if the Compliance Officer decides that a formal report needs to be made, it should be done by email to iec@uaeiec.gov.ae
In the UK, we do not fall within the category of business that is required to have money laundering supervision or that makes use of the government's online SAR system operated by the National Crime Agency (NCA). Therefore if the Compliance Officer decides to make a report or disclosure about an incident, they should do this by making a Suspicious Activity Report ("SAR") to the HMRC Fraud Hotline.
For any other relevant territory, official government websites should be consulted for the correct procedure and mechanism for making a SAR.
We do not tolerate any breach of the requirements of this Policy or related procedures. Any material or systemic breaches or suspected breaches should be reported to the Compliance Manager. No one reporting any such suspected breach will be subject to adverse consequences as a result of the report.
We keep this Policy under review. The date that it was last updated is set out below. As a result of our reviews, we reserve the right to make changes to this Policy. The current version of this Policy is the one published at the relevant time on our internal portal or is distributed to personnel or is in a handbook.
© Alta International DMCC 2023 - no copying permitted
Version Date: 01.07.23
