Skip to content Skip to Search
Skip navigation

Anti-money laundering order in UAE to tackle stolen IDs

Cybercrime in the UAE has risen over the past 12 months Creative Commons/Sebastian Sikora
Cybercrime in the UAE has risen over the past 12 months
  • Focus on digital ID and customer due diligence
  • Cybercrime on the rise in UAE
  • Fintechs will be most affected by new guidance

The UAE’s latest anti-money laundering guidance aims to tighten up rules related to digital IDs.

While it will have little impact for traditional banks, it may weed out some of the weaker players in the fast-growing fintech sector.

The advice issued by the Central Bank of the UAE (CBUAE) last week focused on the use of digital ID systems and the increased level of customer due diligence obligations expected of licensed financial institutions (LFIs), including banks, finance companies, exchange houses and insurance companies. 

“LFIs should take adequate measures to address the inherent technology and security challenges presented by digital ID systems,” the CBUAE said in a statement issued by UAE state news agency WAM.

“LFIs should implement and enforce necessary safeguards to reduce identity proofing and enrolment risks, including cyber attacks, security breaches and use of stolen, falsified or synthetic ID details, given the increasing complexity and severity of cyber breaches.”

Shankar Garg, managing director of StatusNeo, a technology consultancy firm which works with banks and exchange houses in the UAE, said the new guidance “applies to all the financial institutions that basically manage money for you in any way”.

Garg said the heightened restrictions aim to clamp down on cybercriminals attempting to transfer large sums of money through the financial system using fake or fraudulent IDs, in a bid to run under the radar of anti-money laundering protocols.

“It is prevalent in third world countries,” he said. “There is money moving around in the system, but on someone else’s name. If you want to move $10 million it is good for you to move $10,000 for 1,000 people.”

In July last year, LexisNexis Risk Solutions, part of the global data analysis firm, surveyed 834 risk and fraud executives in retail, e-commerce and financial services in Europe, the Middle East and Africa.

It found that an average of one in 10 financial transactions in the UAE are malicious attacks carried out by cybercriminals, with the number rising over the past 12 months.

Thirty-nine percent of respondents in the UAE said the number of malicious bot attacks on their online services had increased in the last year.

Heightened security around digital IDs should help to prevent this, according to Khaled Mohamed Balama, governor of the CBUAE.

“The Central Bank is working closely with the Licensed Financial Institutions to ensure their full compliance and understanding of the guidances that we issue regularly,” he was quoted as saying by WAM. 

“This guidance on the use of digital ID for Customer Due Diligence obligations will enhance anti-money laundering and combat the financing of terrorism framework, and will mitigate the potential risks in order to safeguard the UAE’s financial system.”

However, Garg pointed out that the new rules are unlikely to cause much disruption in processes for traditional banks, due to the introduction of the UAE Pass system four years ago.

Launched during Gitex Technology Week 2018 as a joint initiative between the Telecommunications and Digital Government Regulatory Authority, Abu Dhabi Digital Authority and Smart Dubai, the UAE Pass is described as the first secure national digital identity for citizens and residents.

The pass will enable them to access thousands of online services across various sectors, sign and authenticate documents and carry out transactions safely.

“UAE Pass has your photo, has your fingerprints,” Garg said. “You can’t do a transaction now unless you get a notification on UAE Pass app.

“So that means no one else can use your name etc to do those smaller transactions.

“It’s not that you have to write fully-fledged new systems, most of the banks in some shape or form are already integrated with UAE Pass.”

While the new guidance may not have too much of an affect on banks, Garg said it may impact fintech firms, a sector which has enjoyed high levels of investment and growth in recent years.

“The third point that’s mentioned in that order is that the LFI needs to choose a platform which has enough security protocols,” he said. “Is it safe from cyberattacks? Is it safe from security breaches?

“So it will lead to a lot of innovation within the fintech ecosystem and the fittest will survive. That’s ultimately good for the entire ecosystem.”

Moves such as these will be welcomed by those who have been critical of the rise of fintechs.

“We have seen an increase in fintech companies, but it is still early days, and they are not the answer to everything,” Keren Bobker, a Dubai-based independent financial advisor and senior partner at Holborn Assets, told AGBI in September.

“For many, this is just another money-making bandwagon and while it can be tempting to use an app on your phone for apparent convenience, this is not the best way to handle all transactions.

“While convenience is obviously useful, proper safeguards and your money being secure should be bigger considerations.

“Many fintech companies sell themselves on cost but, as with anything in life, price isn’t everything and you will often get what you pay for.

“Technology has made many transactions cheaper but cutting corners can be about the company saving, or making, money, and not always for the benefit of the customer.”