As the authorities in the UAE continue to ramp up their efforts to improve the country's anti-money laundering (AML) and countering the financing of terrorism (CFT) capabilities, the UAE Ministry of Economy (MoE) recently announced the end of the extended grace period for the mandatory self-registration of Designated Non-Financial Businesses and Professions (DNFBPs) on the same goAML system, which regulated financial institutions already use to submit Suspicious Transaction Reports (STR's) to the UAE Financial Intelligence Unit (FIU).
It draws our attention to the purpose of submitting STR's (also referred to as Suspicious Activity Reports – SARs, or Suspicious Matter Reports - SMRs) which is to alert the authorities to transactions and activities that may involve money laundering, terrorism financing and related criminal activities.
However, not all firms perform this task effectively and the quality of STRs submitted is often not good enough. It’s a problem that FIUs face on a global basis and there appears to be significant room for improvement.
Examples of low quality STRs include those with incomplete or incorrect information, those that have not been thoroughly investigated prior to submission, content which uses jargon and acronyms, reports that are not submitted in a timely manner and defensive or inappropriate reporting.
This can have a number of adverse impacts including:
- More FIU time and resource may be required to fully assess the data provided and understand the situation the submission describes. This is important given that timeliness and completeness can be a critical factor, especially in cases relating to the financing of terrorism;
- Companies are likely to receive increased volumes of further information requests from authorities if a submission is incomplete or doesn’t tell the full story. Responding to these requests can incur significant cost and diverts resources away from other tasks; and
- Low quality STR's may shine a light on gaps in a firm's systems and controls, for example, weaknesses in KYC or screening processes and if a trend is identified, it can create a perception that a company isn’t fully committed or focused on the relevant controls in this area.
In response, more guidance is being issued by authorities aimed at improving the quality of submissions. For example, the Australian Transaction Reports and Analysis Centre (AUSTRAC) recently published guidance and provided examples of good and bad reports to illustrate the difference.
At a corporate level, there are a number of practical steps that can be taken to help improve the quality of STRs a company submits. These include:
- Increasing training and awareness around AML and CFT to help employees recognise what the indicators are. Where possible, this should be role specific so that examples are relevant to the day to day activities of individual employees.
- Providing regular reminders on how and when employees can report suspicions.
- Continually reinforcing the importance and the purpose of a company’s whistleblowing process and the confidential nature of any hotline.
- Emphasizing the importance of quality over quantity and explaining the problem with reporting defensively solely to hit STR volume targets.
- Developing STR guidelines for those that prepare and review submissions - this should set out the expectations with regards to content, completeness and timeliness and should include quality standards against which submissions can be measured. These measures should be monitored and reported at senior levels to help identify areas where improvements can be made.
With the exception of money launderers, criminals and terrorist financiers, improving the quality of STRs is in everyone’s interests.
If you’d like some help to assess and improve the quality of your suspicious transaction reports, please contact Neal Ysart, Lead Regulatory & Investigations Advisor at neal.ysart@clydeco.com / Tel: +971 55 138 9250 or your usual Clyde & Co point of contact.
The Ministry affirmed the continuation of its inspection campaigns on DNFBP sector to ensure that the companies have registered themselves in the two systems, and to monitor their compliance with other legal requirements, foremost of which are taking due diligence measures towards clients, identifying the true beneficiaries, reporting suspicious transactions.