Federal Decree-Law 30 of 2024: KYC Digital Platform.

The Federal Decree-Law No. (30) of 2024 represents a significant leap forward in the UAE’s commitment to financial transparency, digital innovation, and regulatory compliance. Promulgated by President Mohammed Bin Zayed Al Nahyan, this Decree-Law establishes a unified “Know Your Client” (KYC) digital platform, aimed at enhancing client identity verification processes while strengthening the nation’s financial infrastructure.

This blog delves into the provisions of the Decree-Law, its objectives, scope of application, and implications for stakeholders in the UAE’s financial ecosystem.

Table of Contents

Objectives of the KYC Digital Platform

The primary aim of this legislation is to streamline and secure the processes involved in client identification and data sharing. It strives to:

Develop Financial Infrastructure: Foster digital transformation in alignment with the UAE’s vision for technological advancement.
Enhance Transparency: Provide users with accurate and timely KYC data to bolster transparency in financial transactions.
Regulate Data Management: Establish robust mechanisms for the collection, storage, analysis, and use of KYC data.
Combat Financial Crimes: Facilitate the exchange of information to support the fight against money laundering, terrorism financing, and other financial malpractices.
Ensure Compliance: Verify client identity against regulatory and legislative frameworks applicable within the UAE.

These objectives underscore the UAE’s dedication to maintaining its position as a global leader in financial and technological innovation.

Scope of Application

The provisions of this Decree-Law apply to:

The KYC Company: An entity established under this law to develop and manage the platform.
Data Providers: Entities such as federal and local authorities, private sector companies, and financial institutions that supply KYC data.
Clients: Individuals or entities consenting to the processing of their KYC data.
Users: Authorized parties accessing KYC reports for lawful purposes.

By encompassing all participants in the KYC data lifecycle, the law ensures comprehensive governance and accountability.

The Establishment of the KYC Company

A key provision of the Decree-Law mandates the creation of a company responsible for developing and operating the KYC platform. This company is to:

Possess Legal Personality: Operate with full legal capacity under Federal Decree-Law No. (32) of 2021 concerning commercial companies.
Governance Structure: Be managed by a board of directors comprising 7 to 11 members, chaired by a Central Bank representative.
Activities and Responsibilities: Oversee platform operations, including data collection, storage, analysis, and the issuance of KYC reports, in compliance with state cybersecurity policies.

The company’s establishment reflects a structured and regulated approach to managing sensitive financial data.

Obligations of the KYC Company

The Decree-Law imposes several obligations on the company to ensure the integrity and security of the KYC platform:

Data Confidentiality: Prohibit unauthorized disclosure or use of KYC data.
Advanced Systems: Employ modern technologies for data processing and emergency response.
Compliance: Adhere to regulations issued by the Central Bank and the Executive Regulations of the Decree-Law.
Violation Reporting: Notify the Central Bank of any breaches or violations.

These stringent requirements underscore the emphasis on safeguarding client data.

Client Rights and Access

The Decree-Law empowers clients by granting them:

Access to Reports: The right to view their KYC reports and request amendments as necessary.
Informed Consent: Control over who can access their data through explicit approval mechanisms.

This client-centric approach enhances trust and aligns with global best practices in data privacy.

Relationship with Data Providers and Users

The company must establish formal agreements with data providers to regulate the provision and use of KYC data. Providers are obligated to supply accurate data at no financial cost to the company. Users, on the other hand, are required to secure client approval before requesting reports, except under judicial directives.

Prohibited Uses and Confidentiality

A cornerstone of the Decree-Law is the prohibition of unauthorized trading, exchange, or use of KYC data. This provision safeguards against misuse and ensures that data is utilized solely for lawful purposes outlined in the Decree-Law and its Executive Regulations.

Legal and Compliance Implications

The KYC platform’s regulatory framework is rooted in existing UAE laws, including the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and the Anti-Money Laundering Law (Federal Decree-Law No. 20 of 2018). It integrates cybersecurity standards, risk assessment tools, and dispute resolution mechanisms to maintain the highest levels of compliance.

Conclusion

The Federal Decree-Law No. (30) of 2024 represents a transformative step in the UAE’s digital and financial landscape. By establishing a centralized KYC platform, it not only enhances regulatory compliance and transparency but also fortifies the nation’s defenses against financial crimes. Stakeholders across the financial and private sectors must align with this new framework to reap its benefits while ensuring adherence to its stringent provisions.

Having said that, Contact Khairallah Advocates & Legal Consultants and benefit from our free 30-min legal consultation.

*Disclaimer: our blogs, law updates and FAQ’s are freely distributed for educational purposes and to showcase recent updates and regulations in the UAE’s framework.

If you have any questions and need assistance, contact us at our number or book an appointment online.

KYC