Compliance in the UAE: Sanctions Screening Guide

Economic sanctions are used by governments and international organizations to penalize illicit actors, to change target behavior or to prevent certain illicit activities. Sanctions lists continue to grow as countries rely on sanctions to disincentivize certain types of activity. Both individuals and entities are required to comply with sanctions regimes implemented by authorities in order to avoid the risk of fines, civil or criminal action, and reputational damage. 

The below compliance screening best practices apply to sanctions, PEPs and other watchlists with additional attention paid to UAE screening requirements. 

Why Are Sanctions Used?

Governments and international organizations use sanctions to penalize illicit actors, as penalties levied against targeted individuals and groups in order to change target behavior or to prevent certain illicit activities. Sanctions can take on many forms, including: asset freezes, embargoes, bans on short or long term loans, sectoral sanctions banning particular activities or investment from certain sectors, and trade restrictions. The most common sanctions are list-based targeted sanctions which forbid interactions with a specific party. The party can be an individual, entity, vessel, aircraft, crypto address or country.

The Importance of Sanctions Screening 

Sanctions screening is important to avoid civil and criminal liability arising from sanctions violations or violations of KYC (Know Your Customer) and AML (Anti-Money Laundering) regulations. Importantly, sanctions screening is pertinent to safeguard your business from being vulnerable to criminal and financial risk. Though KYC and AML screening requirements often target financial institutions that are traditionally the focus of money laundering, fraud, or terrorist financing enforcement, KYC requirements and screening from an AML perspective is increasingly being applied to new industries. Various governments have made sanctions screening mandatory for certain industries that are more exposed to financial crime risks such as money laundering and terrorism financing. Non-compliance with screening requirements result in large monetary penalties against businesses. To avoid such staggering financial penalties, businesses must regularly screen their clients and financial activity against various sanctions lists during the sanctions screening process.

Screening is the practice of checking individuals, entities, and companies against the subjects listed on government watchlists lists such as US OFAC’s SDN sanctions list, EU sanctions list, and local sanctions lists. Sanctions and PEPs screening allows companies across all sectors to evaluate the risks of conducting business with particular entities and individuals. With the continually changing sanctions landscape and drastic increase in sanctions used globally, sanctions screening is an essential practice for organizations maintaining compliance. 

UAE Sanctions Screening Guide

Sanctions screening entails several elements. Castellum.AI’s sanctions screening guide covers all components that organizations must consider when screening against sanctions lists. Organizations must be familiar with which lists need to be screened, what information needs to be screened and when, and how the sanctions screening process occurs. 

Which Sanctions Lists Should be Screened?

The government of the UAE maintains the Local Terrorist List, designating individuals and entities. This sanctions list is maintained by the UAE’s Executive Office for Control and Non-Proliferation.

Apart from the Local Terrorist List, the UN Consolidated List is essential for sanctions screening, as UAE is a member of the United Nations and has committed to implementing UN sanctions regimes. All natural and legal persons in the UAE are required to screen their clients and business partners against this Local Terrorist List as well as the UN Consolidated List to effectively implement Targeted Financial Sanctions (TFS) regulations. 

Additionally, if a company has overseas operations, is involved in international trade, or handles transactions in foreign currencies (particularly the US Dollar), foreign sanctions regimes also need to be screened. 

A few critical international sanctions sources include:

1. US OFAC SDN: All US citizens, and corporate entities must adhere to OFAC sanctions. Entities that have US affiliates, trade in US dollars, and/or use US services must also comply with OFAC regulations.

2. EU sanctions: EU sanctions are applicable to all EU citizens and corporate entities operating in any of the 27 EU member states.

3. UK sanctions: UK citizens and all individuals/entities located within the UK must comply with HM Treasury OFSI (Office of Financial Sanctions Implementation) sanctions. Foreign branches of entities established under UK law must also adhere to HMT sanctions. 

Sanctions Screening Example: A Company in the UAE

A company registered in Dubai would have to comply with the UAE’s local sanctions list (the Local Terrorist List), as mandated by the Cabinet Decision No. 74 of 2020 and the UN Consolidated List. This Cabinet Decision, read with United Nations Security Council Resolutions (UNSCRs), requires all UAE-based companies, including financial institutions, Virtual Assets Service Providers (VASPs), and Designated Non-Financial Business Professionals (DNFBPs) to comply with targeted financial sanctions.

Further, if this company processes any transactions in US dollars or is working with customers in the US, they would similarly be required to screen their customers and suppliers against US OFAC sanctions. It is necessary to screen other foreign sanctions list, like the UK or EU, if they are transacting in British pounds or euros as well. 

What Information Should be Screened Against Sanctions? 

• Names: Customer’s or other counterparty’s legal names (as well as aliases) should be screened against sanctioned lists. This includes the names of individuals, companies or other legal persons, and vessels.  

• Date of Birth: If available, dates of birth can be used to increase screening accuracy and minimize false positives, particularly for common names.

• Nationality: With the nationality of the person known, sanctions screening will provide more accurate results. 

• Location: A counterparty's address –including their street address, city of residence, province, and country–may be screened to verify a customer’s identity. 

• ID: Government-issued ID, including passport numbers for individuals or business registration or tax numbers for corporate entities should be screened. These unique identifiers similarly increase screening accuracy and reduce false positive rates.  

When Should Information be Screened Against Sanctions?

Sanctions should be screened:

1. Before formalizing a business relationship with a counterparty (client, vendor, partner, employee)

2. On a daily basis for all existing relationships

3. For all transactions and payments, before execution or processing

4. Upon change in a customer’s identification information

5. Upon an update in the sanctions database, all counterparties should be immediately re-screened

With the growth of sanctions lists and sanctions use, many lists change multiple times a week and sometimes multiple days in a row.  Sanctions screening means integrating Know Your Customer (KYC) checks into your customer onboarding process, your vendor management system, your customer relationship management system and more.

The Executive Office for Control & Non-Proliferation provides that screening shall be conducted regularly and on an ongoing basis.

For financial institutions facilitating transactions, screening requirements may include real time transaction screening which typically involves screening both originators and beneficiaries against sanctions and other government watchlists. In the UAE, Virtual Asset Service Providers (VASPs) providing crypto or other decentralized finance (DeFi) services are also required to comply with transaction screening, as mentioned above.

How to Screen Against Sanctions 

Sanctions can be screened using several different processes, depending on an organization’s screening volume and frequency of screening. An organization can complete sanctions screening via the Castellum.AI screening platform by: 

• Manually entering a customer’s name into an online search platform   

• Uploading batch files to screen multiple names simultaneously

• Automatically screening names using an API

• Integrating sanctions data into an existing platform using regularly updated watchlist files

Matches found within the screening process should be dealt with immediately. Any transaction made between an organization and a client who shows up as a sanctioned entity must be rejected and the funds frozen, if any are available.

All US businesses must report rejected transactions to OFAC within 10 days where “engaging in the transaction” would violate OFAC sanctions. All businesses must suspend the transaction with the sanctioned party and shall report the party to the Financial Intelligence Unit (FIU) within 5 days by filing a Fund Freeze Report via the FIU’s goAML Portal. Further, in case you found a potential or partial match with the sanctions but could not definitively conclude the identity of the person, such person must also be reported to the FIU by filing a Partial Name Match Report within 5 days and all transactions with the matched person shall be suspended until receipt of further instructions from the FIU.

Reporting matches in a timely manner avoids further involvement with sanctioned parties and helps organizations avoid the financial penalties associated with overlooking sanctions compliance. 

About Castellum.AI 

Castellum.AI automates compliance screening by providing watchlist screening solutions across an online platform, API, and bulk data. Castellum.AI obtains global sanctions information directly from authorities issuing sanctions, and then proceeds to standardize, clean and enrich the data, extracting key information like IDs and addresses from text blobs. Castellum.AI enriches as many as fifteen separate items per entry. 

The database consists of over 1,000 watchlists, covering over 200 countries and eight different categories (sanctions, export control, law enforcement most wanted, contract debarment, politically exposed persons, regulatory enforcement, delisted, and elevated risk). Castellum.AI checks for watchlist updates every five minutes directly from issuing authorities.