Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Current »

 MENU

Version

1.0

Publication Date

Classification

Public

These AML and Fraud Guidelines are provisional and subject to change.

1. AML and Fraud Management Components

LFIs and TPPs must follow rigorous procedures to detect, prevent, and manage AML / fraud effectively.

  • AML / Fraud Monitoring and Prevention - covers monitoring transactions for risk indicators, identifying unusual patterns, and educating customers on fraud prevention

  • AML / Fraud Detection Process - involves identifying suspicious transactions, verifying activities with customers, and collecting supporting documentation

  • AML / Fraud Response - includes freezing transactions, conducting investigations, resolving issues, and reporting to authorities

  • Liability for Fraud - addresses determining liability according to standards and ensuring proper record retention

2. Monitoring and Prevention

2.1 Monitoring Transactions for Risk Indicators

  • LFIs should continuously monitor transactions for potential AML / fraud indicators

  • Conduct standard screening for payments, including assessing risk based on the provided transaction data, OF Risk Data Block, customer behavior, and device information

2.2 Key Risk Indicators

  • Unusual transaction patterns or amounts

  • Transactions from new or unverified devices

  • High-risk locations or merchants

2.3 Data Points to be Monitored

  • Transaction Data: ID, date and time, location, type, LFI name, TPP name, amount, merchant, receiving bank, authentication method, status

  • Customer/Account Data: Account holder name, account number, contact information, device type

2.4 Customer Education

  • Promote customer awareness  about potential fraudulent activities (e.g., not to share OTPs with third parties)

3. Detection Process

3.1 Initial Detection

  • Both LFIs and TPPs should identify suspicious transactions using automated systems and manual reviews

  • Verify unusual activities with customers directly

3.2 Verification Steps

  • Confirm recent activity patterns with the customer

  • Verify device information and other authentication methods

3.3 Supporting Documentation

  • Collect receipts of invoices and proof of service delivery from the customer

  • Request user agreements and other relevant documents

  • Request source of funds (for AML)

4. Response

4.1 Immediate Actions

  • Freeze the suspicious transactions and accounts

  • Notify the customer and involved parties about the potential fraud

4.2 Investigation

  • Conduct a detailed investigation using the collected data and supporting documents

  • Collaborate with other LFIs and TPPs to gather more information if necessary

4.3 Resolution

  • Identify the liable party for fraudulent transactions

  • Resolve the issue by reversing fraudulent transactions in case the customer is not liable

  • Update the customer and involved parties on the resolution status

4.4 Reporting

  • Report the fraud case to the relevant authorities and regulatory bodies

  • Document the entire process for future reference and compliance

  • For TPPs retain appropriate records with customer and transaction data, including customer consent

5. Liability

5.1 General

  • LFI's and TPP's liability in case of fraudulent transaction is determined according to the liability model developed as part of the Open Finance standards and available on Confluence

5.2 Additional TPP's Responsibility

  • TPPs must provide the listed fraud indicators to the LFI as part of the risk/fraud assessment process

  • If a TPP fails to provide the necessary indicators and the indicators are part of the LFI's risk/fraud assessment process, the TPP will be liable in the event of fraud

  • No labels

© CBUAE 2025