11-2.1. General requirements

(1) If a Digital Asset Service Provider conducts a Digital Asset transfer referred to in Chapter 11-1, the Digital Asset Service Provider will be exposed to money laundering and terrorist financing risks associated with the institution which may be the ordering institution, intermediary institution or beneficiary institution involved in the Digital asset transfer (“Digital Asset transfer counterparty”).

(2) To avoid sending or receiving a Digital Asset to or from illicit actors or designated parties that had not been subject to appropriate CDD and screening measures of a Digital Asset transfer counterparty and to ensure compliance with the Travel Rule, a Digital Asset Service Provider must conduct due diligence on the Digital Asset transfer counterparty. A Digital Asset Service Provider should identify and assess the money laundering and terrorist financing risks associated with the Digital Asset transfer to or from the Digital Asset transfer counterparty and apply the appropriate risk-based anti-money laundering and countering financing terrorism measures.

(3) A Digital Asset Service Provider must conduct due diligence measures on a Digital Asset transfer counterparty before conducting a Digital Asset transfer or making the transferred Digital Assets available to the recipient.

(4) A Digital Asset Service Provider does not need to undertake the Digital Asset transfer counterparty due diligence process for every individual Digital Asset transfer when dealing with Digital Asset transfer counterparties that it has already conducted counterparty due diligence on previously, unless there is a suspicion of money laundering and terrorist financing.

(5) A Digital Asset Service Provider must undertake reviews of the Digital Asset transfer counterparty due diligence records on a regular basis or upon trigger events (e.g., when it becomes aware of a suspicious transaction or other information such as negative news from credible media, public information that the counterparty has been subject to any targeted financial sanction, money laundering and terrorist financing investigation or regulatory action).

(6) Based on the Digital Asset transfer counterparty due diligence results, a Digital Asset Service Provider must determine if it should continue to conduct Digital Asset transfers with, and submit the required information to, a Digital Asset transfer counterparty, and the extent of anti-money laundering and countering financing terrorism measures that it should apply in relation to a Digital Asset transfer with the Digital Asset transfer counterparty on a risk-sensitive basis.

Guidance

Digital Asset transfer counterparty due diligence may involve the following non-exhaustive procedures:

(a) determining whether a Digital Asset transfer is or will be with a Digital Asset transfer counterparty or a self-hosted digital wallet;

(b) where applicable, identifying the Digital Asset transfer counterparty (e.g., by making a reference to a list of licensed or registered Digital Asset Service Providers or financial institutions in different jurisdictions); and

(c) assessing whether a Digital Asset transfer counterparty is an eligible counterparty to deal with and to send the required information to.

11-2.2. Digital Asset transfer counterparty due diligence measures

A Digital Asset Service Provider must apply the following Digital Asset transfer counterparty due diligence measures before it conducts a Digital Asset transfer with a Digital Asset transfer counterparty:

(a) determining if the respondent entity is licensed or registered;

(b) collecting sufficient information about the Digital Asset transfer counterparty to enable it to understand fully the nature of the Digital Asset transfer counterparty’s business;

(c) understanding the nature and expected volume and value of a Digital Asset transfer with the Digital Asset transfer counterparty;

(d) determining from publicly available information the reputation of the Digital Asset transfer counterparty and the quality and effectiveness of the anti-money laundering and countering financing terrorism regulation and supervision over the Digital Asset transfer counterparty by authorities in the relevant jurisdiction;

(e) assessing the anti-money laundering and countering financing terrorism controls of a Digital Asset transfer counterparty and ensure that they are adequate and effective;

(f) assessing whether the Digital Asset transfer counterparty is subject to the Travel Rule similar to that imposed under Chapter 11-1 in the jurisdiction in which the Digital Asset transfer counterparty operates or is incorporated;

(g) assessing the adequacy and effectiveness of the anti-money laundering and countering financing terrorism controls that the Digital Asset transfer counterparty has put in place for ensuring compliance with the Travel Rule;

(h) assessing whether the Digital Asset transfer counterparty can protect the confidentiality and integrity of personal data (e.g., the required originator and recipient information), taking into account the adequacy and robustness of data privacy and security controls of the Digital Asset transfer counterparty; and

(j) obtaining approval from its senior management.

Guidance:

(1) While a relationship with a Digital Asset transfer counterparty is different from a cross-border correspondent relationship referred to in Chapter 10, there are similarities in the due diligence approach which can be of assistance to a Digital Asset Service Provider. By virtue of this, the Digital Asset Service Provider should conduct due diligence measures in Chapter 10, with reference to the requirements set out in AML 10.2.

(2) When assessing money laundering and terrorist financing risks posed by a Digital Asset transfer counterparty, a Digital Asset Service Provider should take into account the relevant factors that may indicate a higher money laundering and terrorist financing risk. Examples of such risk are where a Digital Asset transfer counterparty:

(i) operates or is incorporated in a jurisdiction posing a higher risk or with a weak anti-money laundering and countering financing terrorism regime;
(ii) is not (or yet to be) licensed or registered and supervised for anti-money laundering and countering financing terrorism purposes in the jurisdiction in which it operates or is incorporated by the relevant authorities;
(iii) does not have in place adequate and effective anti-money laundering and countering financing terrorism systems, including measures for ensuring compliance with the Travel Rule;
(iv) does not implement adequate measures or safeguards for protecting the confidentiality and integrity of personal data; or
(v) is associated with money laundering and terrorist financing or other illicit activities.

Note: Chapter 11-2. comes into operation 12 months after the commencement date of the AIFC Rules on Digital Asset Activities.