| | 1. | Financial institutions and designated non-financial businesses and professions shall apply the due diligence measures referred to in Article 64 of the Law in the following cases: | | |
| | | a. | prior to opening an account or establishing a business relationship; | |
| | | b. | prior to conducting a transaction for the benefit of a customer with whom they have no business relationship, whether such transaction is conducted only once or through multiple transactions where they appear to be linked; | |
| | | c. | prior to conducting a wire transfer for the benefit of a customer with whom they have no business relationship; | |
| | | d. | upon suspicion of a terrorism financing transaction, regardless of the amount; and | |
| | | e. | upon suspicion of the accuracy or adequacy of their customer’s particulars. | |
| | 2. | Financial institutions and designated non-financial businesses and professions shall, in the absence of suspicion of terrorism financing, apply due diligence measures based on the type and level of the risk posed by the customer or the business relationship associated therewith, in proportion to the specified risks. Due diligence measures shall be strengthened or mitigated depending on the levels of risks posed. In cases of suspicion of terrorism financing, enhanced due diligence measures shall be applied. | | |
| | 3. | Financial institutions and designated non-financial businesses and professions shall apply due diligence measures, including, at a minimum, the following: | | |
| | | a. | verifying the customer’s identity by using documents, data, or information from a reliable and independent source, as follows: | |
| | | | i. | for a natural person: obtaining and verifying his full name as stated in official records, residence address or registered national address, place and date of birth, and nationality. |
| | | | ii. | for a person with legal personality or subject to a legal arrangement: obtaining and verifying its name, legal structure, proof of incorporation, powers, names of directors and senior staff, registered official address, and the place of business, if different from the registered official address. |
| | | | iii. | requesting and verifying any additional information according to the risks posed by the customer. |
| | | b. | verifying that the person acting on behalf of the customer is authorized to act in such capacity and verifying his identity, in accordance with the procedures stipulated in paragraph (a) of this Article; | |
| | | c. | verifying the identity of the beneficial owner by using documents, data, or information from a reliable and independent source, as follows: | |
| | | | i. | verifying the identity of the person who owns or controls (25%) or more of the legal person. |
| | | | ii. | in the absence of ownership or controlling share as stipulated in paragraph (1) above, or suspicion that the controlling shareholder is not the beneficial owner, the identity of the natural person exercising control over the legal person shall be verified by all means possible. |
| | | | iii. | verifying the identity of the originator or administrator of the legal arrangement, the beneficiaries or classes of beneficiaries, and any other natural person exercising actual and ultimate control over the legal arrangement or holding a position similar to other types of legal arrangements. |
| | | d. | determining the purpose and nature of the business relationship and obtaining any additional information as needed. | |
| | | e. | determining the structure of ownership and control over the customer, whether a person having a legal personality or subject to a legal arrangement; and | |
| | | f. | any other measures imposed by the monitoring agency on financial institutions and designated non-financial businesses and professions. | |
| | 4. | To avoid any interruption of the normal conduct of business, financial institutions and designated non-financial businesses and professions may postpone the verification of the identity of the customer or the beneficial owner until after the establishment of the business relationship, provided the following are promptly taken: | | |
| | | a. | appropriate and effective measures to control risks of terrorism financing; and | |
| | | b. | taking appropriate risk management measures if the customer is permitted to benefit from the business relationship prior to the verification process. | |
| | 5. | Financial institutions and designated non-financial businesses and professions shall apply due diligence measures to all business relationships according to risk level, audit transactions conducted during the business relationship to verify their consistency with the customer’s information, activities, and the risks posed by him. They shall also verify that documents, data, and information gathered while exercising due diligence are relevant and up to date through auditing their records, particularly those relating to high risk customers, and applying measures of due diligence to current customers and beneficial owners at appropriate times based on their importance and the risks associated with them. | | |
| | 6. | Financial institutions and designated non-financial businesses and professions shall, in cases where application of due diligence measures is not feasible, take the following: | | |
| | | a. | refuse to open an account for a new customer, establish a business relationship with him, or execute any transaction for his benefit; and | |
| | | b. | terminate the business relationships they have with their customers or existing business relationships.
| |
