DFSA Publishes Thematic Review on Targeted Financial Sanctions Compliance in the Insurance Sector
This review was part of the DFSA’s ongoing efforts to ensure that DIFC firms effectively manage risks related to TFS and Proliferation Financing (‘PF’). The process involved desk reviews, on-site inspections, and interviews with firms.
The review identified both strengths and areas for improvement in the sector’s approach to these risks. Key recommendations were made in areas such as risk assessments, governance, screening practices, training, and audit procedures.
Key Findings
AML Business Risk Assessment (‘ABRA’)
Firms typically rated their residual risk as low, but many did not adequately address sanctions-related risks within their ABRAs. These assessments often did not sufficiently consider risks associated with underwriting, transactions involving grey-listed jurisdictions, or dealings with sanctioned entities.
Recommendations:
- Tailor ABRAs to incorporate sanctions risks, especially related to underwriting and jurisdictions with elevated sanctions risks.
- Include dual-use goods in risk assessments and document the measures taken to mitigate related risks.
Customer Risk Assessment (‘CRA’)
Most firms did not fully integrate TFS and PF risks into their CRA, especially when intermediaries were involved. The assessments often failed to consider potential sanctions exposure from clients, including risks posed by sanctioned entities.
Recommendations:
- Integrate sanctions risks explicitly into CRAs, particularly when engaging with intermediaries or clients in high-risk jurisdictions.
- Regularly update the CRA with information from relevant sanctions lists and underwriting activities.
Policies & Procedures (‘P&P’)
While firms generally had policies and procedures in place, many lacked specific references to UAE sanctions obligations. Firms often relied on Group-level screening systems, which did not always align with local requirements and failed to explicitly address dual-use goods and notifications from the EOCN.
Recommendations:
- Update P&Ps to address UAE-specific sanctions obligations clearly and integrate dual-use goods screening.
- Ensure that EOCN and other relevant sanctions lists are incorporated into the firm’s compliance procedures.
Screening Obligations
Screening was largely performed using a combination of manual and automated systems, but firms did not consistently check the names of related parties (such as beneficial owners) for sanctions compliance. Additionally, while firms received EOCN notifications, they did not always cross-check these against other key sources such as United Nations (‘UN’) sanctions lists
Recommendations:
- Screen all relevant parties (including beneficial owners) at onboarding and on an ongoing basis for sanctions compliance (e.g. all names on the slip).
- Triggers in place if dual use goods are present for additional screening.
- Implement proactive screening of additional sanctions lists (e.g., UAE, UN) alongside EOCN notifications.
Governance and Oversight
There was significant variance in the degree of senior management oversight across firms. While underwriting firms were more actively engaged, many lacked comprehensive Management Information (‘MI’) reporting on TFS performance, often focusing only on exception reporting.
Recommendations:
- Formalise senior management oversight of TFS compliance and ensure MI reporting includes more than just exception reports.
- Implement robust quality assurance mechanisms, ensuring screening results are reviewed at both local and Group levels.
- Intra group services to be documented.
Audit
The review revealed that only a small percentage of firms had undergone an audit of their TFS compliance in recent years. The frequency of audits varied and was often based on the perceived risk profile of the firm, with many firms undergoing audits every 3-4 years.
Recommendations:
- Firms should conduct regular audits of their TFS compliance at least every two years, in line with AML Rule 9.4.
- Ensure audits specifically assess compliance with UAE-specific sanctions obligations.
Training and Awareness on TFS Compliance
While AML training was generally provided to relevant employees (76% promptly upon hire and 93% annually), many firms’ training materials lacked detail on UAE TFS obligations and sector-specific risks. The training content was often too generic, with limited focus on PF and sanctions evasion red flags.
Recommendations:
- Revise training programs to include UAE TFS requirements and red flags specific to the insurance sector.
- Incorporate case studies and real-world examples of sanctions evasion and proliferation financing.
How Waystone Can Help
As a leading provider of compliance services, Waystone can support your organization in addressing the gaps identified during the DFSA’s thematic review. These insights are not just relevant to insurance firms but also provide valuable lessons for other industries. Our expertise includes comprehensive gap analysis, policy & procedure development or review, and tailored training programs.
Gap Analysis:
We can conduct a thorough gap analysis to assess your current TFS compliance framework against UAE regulations and DFSA requirements. Our review will identify specific compliance gaps and provide actionable recommendations for improvement.
Policy & Procedure Creation or Review:
Our team will help you design and implement comprehensive policies and procedures that align with UAE TFS obligations and incorporate best practices for screening, governance, and reporting. We will ensure that your policy & procedures are up-to-date, compliant with Cabinet Decision No 74 of 2020, and tailored to the unique risks associated with your sector.
Training Programs:
We offer bespoke training programs covering UAE TFS regulations, sanctions evasion red flags, and sector-specific compliance risks. Our modules are designed to ensure that all staff members—including those involved in underwriting, risk assessments, and compliance—understand their roles and responsibilities.
By partnering with Waystone, your organization can strengthen its TFS compliance, reduce exposure to sanctions violations, and ensure full alignment with DFSA and UAE regulatory requirements. Our tailored solutions will help you navigate local and international regulations effectively, safeguarding the integrity of your business and the DIFC.