Our Compliance, AML & CFT

1. Our Commitment

At Zuato Financial Services, compliance is not just a regulatory obligation—it is a fundamental pillar of our business operations. We are committed to maintaining the highest standards of integrity, transparency, and regulatory compliance in all our activities.

As a licensed payment acquirer regulated by the Central Bank of the UAE, we operate under strict guidelines designed to protect our merchants, their customers, and the broader financial ecosystem from financial crimes including money laundering, terrorist financing, fraud, and other illicit activities.

Our comprehensive compliance program is designed to:

  • Prevent the use of our platform for money laundering or terrorist financing
  • Ensure all merchants and transactions are legitimate and lawful
  • Protect the integrity of the financial system
  • Maintain trust with our partners, regulators, and stakeholders
  • Meet or exceed all applicable regulatory requirements

Zero Tolerance Policy
Zuato maintains a zero-tolerance policy towards money laundering, terrorist financing, and any form of financial crime. Any suspicious activity is immediately investigated and reported to the relevant authorities.

2. Regulatory Framework

Our compliance program is built upon a robust regulatory framework that incorporates local, regional, and international standards.

Regulation / Standard Scope
UAE Federal Law No. 20 of 2018 Anti-Money Laundering and Combating Financing of Terrorism
UAE Central Bank Regulations Payment Service Provider licensing and operational requirements
FATF Recommendations International standards on combating money laundering and terrorist financing
PCI-DSS Payment Card Industry Data Security Standards
UAE Cabinet Resolution No. 10 of 2019 Implementing regulations for AML/CFT Law
OFAC / UN Sanctions International sanctions compliance

We continuously monitor regulatory developments and update our policies and procedures to ensure ongoing compliance with evolving requirements.

3. KYC/KYB Verification Process

Before onboarding any merchant, we conduct thorough Know Your Customer (KYC) and Know Your Business (KYB) verification to ensure legitimacy and assess potential risks.

3.1 Merchant Onboarding Process

Step 1: Application Submission

Merchant submits application with required business and identity documents.

  • Trade License & Business Registration
  • Shareholder Emirates ID & Passport copies
  • Memorandum of Association (MOA)
  • Bank account details & statements

Step 2: Identity Verification

Automated identity verification through Shufti Pro for all shareholders and authorized signatories.

  • Document authenticity verification
  • Facial recognition & liveness detection
  • ID data extraction and validation
  • Cross-reference with submitted documents

Step 3: Sanctions & PEP Screening

All parties screened against global sanctions lists, PEP databases, and adverse media.

  • OFAC, UN, EU, and local sanctions lists
  • Politically Exposed Persons (PEP) databases
  • Global watchlists and criminal databases
  • Adverse media and negative news screening

Step 4: Business Verification

Comprehensive verification of business legitimacy and operations.

  • Trade license validation with authorities
  • Website and social media review
  • Physical premises verification (photos/visit)
  • Business model and transaction pattern analysis

Step 5: Risk Assessment

Comprehensive risk scoring based on business type, geography, and other risk factors.

  • Industry risk classification
  • Geographic risk evaluation
  • Transaction volume and pattern analysis
  • Overall risk score assignment

Step 6: Compliance Review & Approval

Final review by compliance team with decision on merchant onboarding.

  • Compliance officer review of all findings
  • Enhanced due diligence if required
  • Approval, rejection, or additional requirements
  • Risk-based monitoring tier assignment

4. AML/CFT Program

Our Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT) program is a comprehensive framework designed to prevent, detect, and report suspicious activities.

4.1 Program Components

  • Policies and Procedures: Documented policies covering all aspects of AML/CFT compliance, regularly reviewed and updated
  • Risk Assessment: Ongoing assessment of ML/TF risks at the institutional, customer, and transaction levels
  • Customer Due Diligence: Robust KYC/KYB processes for all merchants and beneficial owners
  • Transaction Monitoring: Real-time and periodic monitoring of transactions for suspicious patterns
  • Sanctions Screening: Continuous screening against global sanctions and watchlists
  • Reporting: Timely filing of Suspicious Transaction Reports (STRs) and other required reports
  • Training: Regular AML/CFT training for all relevant staff
  • Independent Audit: Periodic independent review of the AML/CFT program

4.2 Compliance Officer

Zuato has appointed a dedicated Money Laundering Reporting Officer (MLRO) responsible for:

  • Overseeing the AML/CFT compliance program
  • Reviewing and filing Suspicious Transaction Reports
  • Liaising with regulatory authorities and the Financial Intelligence Unit
  • Ensuring staff training and awareness
  • Reporting to senior management and the Board

5. Identity Verification Technology

We leverage advanced identity verification technology to ensure accurate, reliable, and efficient verification of all merchants and their stakeholders.

Powered by Shufti Pro

We partner with Shufti Pro, a globally recognized identity verification provider, to deliver state-of-the-art KYC, AML, and fraud prevention solutions. Their AI-powered platform enables real-time verification with industry-leading accuracy.

AI-Powered Verification 3000+ ID Documents 230+ Countries Real-time Processing

5.1 Verification Capabilities

Document Verification

AI-powered verification of identity documents including passports, Emirates ID, driving licenses, and more. Checks for authenticity, tampering, and data consistency.

Facial Recognition

Biometric face matching to verify that the person presenting the document is its rightful owner. Includes liveness detection to prevent spoofing.

Business Verification

Verification of business registration documents, trade licenses, and corporate structures to ensure legitimacy of merchant entities.

AML Screening

Real-time screening against global sanctions lists, PEP databases, watchlists, and adverse media sources.

6. Sanctions Screening

We maintain a robust sanctions screening program to ensure compliance with international and local sanctions requirements.

6.1 Screening Coverage

All merchants, beneficial owners, and related parties are screened against:

  • OFAC: U.S. Office of Foreign Assets Control sanctions lists
  • UN Security Council: United Nations consolidated sanctions list
  • EU Sanctions: European Union consolidated sanctions list
  • UK HMT: Her Majesty's Treasury financial sanctions
  • UAE Local Lists: UAE designated persons and entities lists
  • PEP Databases: Global Politically Exposed Persons databases
  • Adverse Media: Negative news and media screening

6.2 Screening Frequency

  • Onboarding: All parties screened before merchant activation
  • Daily Batch: All active merchants rescreened against updated lists daily
  • Real-time: Transaction-level screening for high-risk scenarios
  • Trigger Events: Rescreening upon material changes or alerts

Match Handling
Any potential match against sanctions or watchlists triggers an immediate alert. The merchant account is placed on hold pending investigation by our compliance team. Confirmed matches are reported to authorities and result in account termination.

7. Transaction Monitoring

We employ sophisticated transaction monitoring systems to detect and investigate potentially suspicious activities in real-time and through periodic reviews.

7.1 Monitoring Approach

Real-time Monitoring

Every transaction is analyzed in real-time against predefined rules and machine learning models to detect anomalies and suspicious patterns.

Behavioral Analytics

AI-powered analysis of transaction patterns to identify deviations from expected behavior and emerging risk indicators.

Link Analysis

Detection of relationships and connections between merchants, cards, and transactions to uncover potential fraud networks.

Periodic Reviews

Regular review of merchant portfolios to identify trends, outliers, and merchants requiring enhanced due diligence.

7.2 Key Monitoring Indicators

Our monitoring systems track various indicators including but not limited to:

  • Unusual transaction volumes or values compared to merchant profile
  • High velocity transactions in short time periods
  • Excessive refunds or chargebacks
  • Transactions from high-risk geographies
  • Structuring patterns to avoid thresholds
  • Mismatches between business type and transaction patterns
  • Multiple failed transaction attempts
  • Dormant accounts with sudden high activity

8. Risk Assessment

We employ a risk-based approach to compliance, applying enhanced measures to higher-risk merchants while maintaining efficient processes for lower-risk ones.

8.1 Risk Categories

Low Risk

Standard Due Diligence

Established businesses in low-risk industries with straightforward ownership and predictable transaction patterns.

Medium Risk

Enhanced Monitoring

Businesses with moderate risk indicators such as higher transaction volumes, complex structures, or certain industry types.

High Risk

Enhanced Due Diligence

Businesses in high-risk industries, with complex ownership, or other elevated risk factors requiring ongoing enhanced scrutiny.

8.2 Risk Factors Considered

  • Industry Risk: Nature of business and associated ML/TF vulnerabilities
  • Geographic Risk: Country of incorporation, operations, and transaction origins
  • Customer Risk: Type of customers served by the merchant
  • Product/Service Risk: Types of products/services offered
  • Channel Risk: Sales channels and payment methods accepted
  • Transaction Risk: Expected volumes, values, and patterns
  • Ownership Risk: Complexity of ownership structure, presence of PEPs

9. Reporting Obligations

We fulfill all regulatory reporting obligations promptly and accurately, working closely with the UAE Financial Intelligence Unit and other relevant authorities.

9.1 Suspicious Transaction Reports (STRs)

When suspicious activity is identified, we file Suspicious Transaction Reports with the Financial Intelligence Unit (FIU) in accordance with UAE regulations. Our process includes:

  • Initial detection through monitoring systems or staff reports
  • Investigation and documentation by the compliance team
  • Review and approval by the MLRO
  • Filing with the FIU through the goAML portal
  • Ongoing monitoring of the reported party

9.2 Other Regulatory Reports

  • Currency Transaction Reports: Reports for cash transactions exceeding thresholds
  • Sanctions Match Reports: Immediate reporting of confirmed sanctions matches
  • Periodic Compliance Reports: Regular reports to the Central Bank as required
  • Annual AML Return: Annual compliance certification and statistics

Tipping Off Prohibition
It is strictly prohibited to inform any person that an STR has been or will be filed, or that an investigation is underway. Tipping off is a criminal offense under UAE law.

10. Record Keeping

We maintain comprehensive records of all customer due diligence, transactions, and compliance activities as required by regulation.

10.1 Retention Periods

Record Type Retention Period
Customer identification records Minimum 5 years after relationship ends
Transaction records Minimum 5 years from transaction date
STRs and related documentation Minimum 5 years from filing date
Correspondence with regulators Minimum 5 years
Training records Minimum 5 years
Risk assessments Minimum 5 years

Records are maintained in a secure, retrievable format and can be made available to regulatory authorities upon request.

11. Training & Awareness

We invest significantly in ensuring all staff understand their AML/CFT obligations and can effectively identify and report suspicious activities.

11.1 Training Program

  • Induction Training: All new employees receive AML/CFT training within their first week
  • Annual Refresher: Mandatory annual training for all staff
  • Role-Specific Training: Enhanced training for compliance, onboarding, and customer-facing teams
  • Regulatory Updates: Ad-hoc training when regulations or procedures change
  • Case Studies: Regular review of typologies and real-world scenarios

11.2 Training Topics

  • Overview of money laundering and terrorist financing
  • UAE AML/CFT legal and regulatory framework
  • Customer due diligence requirements
  • Red flags and suspicious activity indicators
  • Internal reporting procedures
  • Sanctions and PEP requirements
  • Record keeping obligations
  • Consequences of non-compliance

Compliance Culture
We foster a strong compliance culture where every employee understands their role in preventing financial crime. Staff are encouraged to raise concerns and report suspicious activities through confidential channels.

12. Compliance Contact

If you have any questions about our compliance program, wish to report a concern, or need to contact our compliance team, please use the information below.

Compliance Department

Our compliance team is available to address any regulatory or compliance-related inquiries.

compliance@zuato.com
+971 4 555 1234
Dubai, United Arab Emirates

To report suspicious activity or concerns confidentially, please email mlro@zuato.com. All reports are treated with strict confidentiality.