DHS Exchange is committed to protecting the integrity of the financial system by preventing money laundering, terrorist financing, and other illicit activities. Our framework is aligned with VARA regulations, UAE Federal Decree Law No. 20 of 2018 (AML Law), and Federal Decree Law No. 2 of 2019 (Data Protection Law – DPL).
1. Purpose
This policy establishes DHS Exchange's standards for identifying, monitoring, and reporting suspicious activity, while safeguarding client data responsibly.
2. Scope
This policy applies to:
All DHS Exchange operations, staff, and contractors.
All clients, counterparties, and transactions.
All data processing activities related to AML/CTF obligations.
3. Core AML / CTF Measures
Customer Due Diligence (CDD): All customers undergo identity verification (KYC) before accessing services. Enhanced due diligence (EDD) is applied for high-risk clients.
Ongoing Monitoring: Transactions are continuously monitored to detect unusual patterns.
Sanctions Screening: All clients and counterparties are screened against international sanctions and watchlists.
Suspicious Activity Reporting (SARs): Any suspected money laundering or terrorist financing is reported promptly to UAE authorities and VARA.
Training & Awareness: Staff receive ongoing AML/CTF and compliance training.
4. Data Protection & Privacy Commitments
In line with Federal Decree Law No. 2 of 2019 (DPL) and internal compliance requirements, DHS Exchange commits to:
Data Minimization: Collect only data necessary for AML/CTF compliance and operational purposes.
Consent: Obtain clear client consent before storing or using personal data.
Encryption & Backup: Secure all sensitive data using encryption and maintain secure backups.
Access Control: Restrict internal access to personal data strictly on a need-to-know basis.
Regular Updates: Review and update privacy notices and data policies regularly.
Breach Response: Maintain protocols for timely detection, response, and reporting of data breaches.
Vendor Compliance: Evaluate all software and service providers for compliance with UAE law and VARA standards.
5. Data Retention & Storage Limitation
Duration: Personal data will be retained only for as long as necessary to fulfill AML/CTF obligations, as required under UAE law.
Purpose Limitation: Data will be used solely for the purpose for which it was collected (compliance, risk management, regulatory reporting).
Transparency: Clients will be informed of what data is retained, how it will be used, and how long it will be stored.
Data Categories: Different types of data (identity, financial, transactional, communication) will be subject to retention policies specific to business needs and regulatory requirements.
6. Governance & Oversight
Compliance Officer: Responsible for AML/CTF monitoring and reporting.
Board Oversight: The Board reviews AML/CTF controls annually.
Policy Review: This policy is reviewed at least once per year, or sooner if required by changes in law or VARA guidance.
