AML Compliance Guidelines: Qatar

Qatar is one of the wealthiest countries with the fastest-growing economy in the region. The country has successfully placed itself as a regional financial hub of growing importance. Significant oil reserves and 3rd largest natural gas reserves have been fueling its growth for decades.

However, the 2022 Football World Cup spurred economic activity in the non-hydrocarbon sector and tourism industry. The country also has one of the highest expat workforce consisting of 85% of its population.

While Qatar has one of the lowest domestic crime rates, its exposure to financial crimes is elevated by factors such as smuggling of legal goods (e.g., cash, gold, tobacco, alcohol), risk of exploitation of expat workforce primarily from developing countries, and the likelihood of trade-based ML.

Though Qatar has implemented a robust anti-money laundering and countering financing of terrorism (AML/CFT) framework, banks, exchange houses, precious metals, and non-profit organizations are still the most vulnerable sectors.

Qatar has introduced a series of reforms across its legal framework, law enforcement, and supervisory approach to align it with Financial Action Task Force (FATF) standards and fight AML financial crimes.

Qatar AML Relevant Authorities

National Anti-Money Laundering and Terrorism Financing Committee (NAMLC)

The NAMLC is the highest level of committee that consists of representatives from all government authorities concerned with AML/CFT. It develops and oversees the implementation of a national AML/CFT and counter-financing of the proliferation of weapons of mass destruction. Its other core functions include conducting and coordinating the National Risk Assessment (NRA) and a national training program and facilitating and ensuring interagency cooperation and information sharing.

Qatar Financial Information Unit (QFIU)

The primary authority responsible for receiving suspicious transaction reports (STRs) from financial institutions (FIs) and designated non-financial businesses and professions (DNFBPs), analyzing these reports, and disseminating financial intelligence to national competent authorities like Public Prosecution, State Security and supervisory authorities.

Qatar Financial Centre Regulatory Authority (QFCRA)

Qatar Financial Centre (QFC) Regulatory Authority is an independent regulator of QFC. It authorizes and regulates firms and individuals operating within or from QFC. It also supervises and ensures regulated entities fulfill their AML/CFT obligations. In addition to state legislation, AML/CFT Rules 2019 are applicable to entities operating in QFC.

Qatar Central Bank (QCB)

The QCB regulates financial institutions including the banking sector. It ensures through onsite/offsite inspections that FIs under its supervision, comply with their obligations under AML/CFT Law by following QCB instructions and guidelines.

Ministry of Commerce and Industry (MOCI)

The MOCI monitors the implementation of AML checks in the DNFBP sector in line with FATF recommendations and best practices and proposes legislative amendments in doing so. It supervises chartered accountants, auditors, dealers in precious metals and stones, and trust and company service providers (TCSPs). The MOCI also drafts rules, guidelines, recommendations, and instructions for the DNFBP sector supervised by the Ministry.

Key AML and Sanctions Legislations in Qatar

Qatar’s AML and sanctions framework is primarily based on state laws and guided by the rules and regulations drafted by the supervisory authorities. Below are the key laws and regulations governing AML and sanctions compliance in Qatar:

Law No. 20 of 2019 on Combating Money Laundering and Terrorism Financing

Law No. 20 of 2019 is the primary legislation that lays the foundation of the AML/CFT framework and Qatar Financial Information Unit (QFIU), for preventing, detecting, and prosecuting money laundering and terrorist financing offenses. It also contains provisions for FIs and DNFBPs for customer due diligence and reporting suspicious transactions. Additionally, it provides for penalties like fines and imprisonment for non-compliance.

Implementing Regulations of Law No. 20 of 2019

The Council of Ministers Resolution No. (41) of 2019 also known as Implementing Regulations of AML/CFT Law provides for detailed guidance and procedures to implement measures outlined in the primary law. These AML regulations are applicable to both FIs and DNFBPs and provide for rules to identify, record-keeping and reporting obligations. It also details the responsibilities and powers of supervisory authorities and QFIU.

Law No. 27 of 2019 on Combating Terrorism

This law complements the AML framework by criminalizing terrorism and its financing and providing measures to prevent the funding of terrorism. It created the National Counter-Terrorism Committee (NCTC) to coordinate anti-terrorism efforts, fulfill international obligations, and oversee the implementation of targeted financial sanctions. Additionally, it establishes a Sanctions List and includes provisions for freezing assets and prohibiting transactions with individuals or entities involved in terrorism.

Who is Regulated Under AML Laws?

Entities and individuals subject to AML Laws in Qatar include:

• Banks and credit institutions
• Insurance companies and intermediaries
• Investment management companies
• Money service businesses and exchange houses
• Real estate agents and developers
• Dealers in precious metals and stones
• Legal professionals, accountants, and auditors
• Trust and company service providers (TCSPs)
• Non-profit organizations (NPOs)

Penalties for Non-Compliance

Administrative penalties: Supervisory authorities may issue warnings, suspend or revoke the license, or impose fines up to QAR 1 million per violation or a maximum of 100 million on an FI or DNFBP for violating a provision of AML Law or its implementing regulations.

Criminal Penalties: A legal person may face a financial penalty of up to QAR 8 million if convicted for any offense under AML/CFT Law. A person convicted of terrorism financing may face up to 20 years in prison or up to QAR 10 million in fines. Whereas a person convicted of money laundering in Qatar may face 10 years in prison or up to QAR 5 million in fines.

Key Sanctions and AML Requirements

Risk Assessment

Risk assessment is the fundamental pillar of a risk-based approach. An FIs or DNFBPs is required to identify, assess, and document ML/TF risks it will be exposed to when carrying out their business activities. The risk assessment process should be monitored and updated on a regular basis. Risk assessment should also take into account risks identified at the national or sectoral level. Additionally, it should take into account the risk of new products and technologies before use. AML screening plays a crucial role in the risk assessment process by providing actionable intelligence on new or existing customers.

Risk based approach

FIs and DNFBPs should develop, document, and implement policies, procedures, and controls to effectively mitigate the risks identified in the risk assessment process and it should correspond to the size and nature of the business. AML procedures and controls should be enhanced where the risks are higher and simplified or less stringent where risks are lower.

Customer Due Diligence (CDD)

FIs and DNFBPs should apply CDD checks when

• Establishing a business relationship
• When carrying out a certain occasional transaction
• When carrying out certain wire transfers
• When ML/TF risks are identified
• There are doubts about the accuracy and adequacy of existing customer identification data

Customer due diligence includes applying measures to identify customers and verify their identities using reliable, independent source documents, data, or information. These measures also extend to the following:

• Identify any person (e.g. agent or attorney, etc.) acting on behalf of a customer, verify their identity, and if such person is really authorized to represent the customer
• Identify beneficial owners and verify their identities using prescribed methods
• Assess and obtain information on the nature and intended purpose of the business relationship or opening an account
• If a customer is a legal person or arrangement, assess and obtain information on its nature of business, ownership, and control structure

Enhanced Due Diligence (EDD)

FIs and DNFBPs are obliged to verify the background and purpose of all transactions that are unusual or complex or lack apparent economic or legal purpose. The verification should be up to the extent possible and reasonable.

Additionally, FIs and DNFBPs must apply Enhanced due diligence measures and enhanced ongoing monitoring of business relationships where ML/TF risks are higher, including customers, FIs, or DNFBPs from the countries identified as high risk by the FATF. For enhanced due diligence following measures should be part of the CDD checklist:

• Obtaining additional information on customers, such as occupation, volume of assets
• Obtaining information available in public databases or open sources
• Obtaining additional information on the  intended nature of the business relationship
• Obtaining information on the  source of funds and wealth of customer
• Inquiring on the purpose of performed or intended transactions
• Obtaining senior management approval to establish or continue business relationship
• Requiring first payment from the customer’s own bank account

Politically Exposed Persons (PEPs)

FIs and DNFBPs should have procedures in place to identify if any of their customer or beneficial owner is a politically exposed person, a family member, or a close associate of such PEP and take the following additional CDD measures:

• Obtaining senior management approval to establish a business relationship or continue an existing one
• Establishing the source of funds and wealth
• Enhanced ongoing monitoring of business relationship

A family member of a PEP is any natural person relative by blood or marriage up to second degree. Whereas a close associate is any natural person having a mutual ownership stake in a legal entity with a PEP, or beneficial owner of a legal entity controlled by a PEP, or linked to PEP through a close business or social relationship.

AML/CFT Rules 2019 mandates that FIs and DNFBPs must have a system to identify PEPs, and it may include searching publicly available information, requesting information from customers, and having access to a PEP screening solution (commercial electronic database of PEPs).

Record-Keeping

FIs and DNFBPs must maintain all records, documents, and files related to customers, transactions, and due diligence activities for a period of at least 10 after a business relationship ends or an occasional transaction is executed.

Reporting Suspicious Transactions

FIs and DNFBPs must immediately file a suspicious transaction report (STR) with the QFIU, if they know or have reasonable grounds to suspect an operation or transaction is associated with, or involves the proceeds of a crime or may be used for terrorism financing. If an STR is filed, it should also be notified to the respective supervisory authority. Any information related to ongoing investigations or STR must not be disclosed to the customer.

Employee Training

FIs and DNFBPs should have an ongoing training program to ensure the employees are aware of their roles and sufficiently equipped to discharge their responsibilities to detect and prevent ML/TF threats.

Money Laundering Reporting Officer (MLRO)

Firms should appoint a management-level officer responsible for AML/CFT compliance. The money laundering reporting officer is responsible for the development of appropriate policies, procedures, and controls as well as overseeing its implementation to mitigate ML/TF risks.

AML Best Practices

While adverse media screening is not required by primary legislation, it is a crucial component that provides intelligence on the background and reputation of a prospective or existing client for risk assessment and ongoing monitoring. Many businesses in Qatar utilize adverse media screening and PEP screening to identify high-risk clients and transactions in order to ensure AML compliance and safeguard their reputation.

Sanctions Compliance

FIs and DNFBPs should have appropriate risk management systems to implement targeted financial sanctions (TFS). The AML/CFT program should have policies, procedures, and controls that enable effective implementation of TFS. Entities and individuals operating in Qatar must comply with the UN Sanctions as well as designation on local lists maintained by the National Counter Terrorism Committee (NCTC).

AML obliged institutions are also obligated to file feedback reports within 48 hours to the NCTC after any new designations to sanctions lists are announced or there are updates to existing ones. MOCI Circular No. (3) of 2022 on National and UNSC Sanctions obligates auditors, dealers in precious metals, and TCSPs to file feedback reports about any exact matches and value of assets frozen. It is important to note that obligated entities are also required to file feedback reports confirming screening has been done even where no matches between their clients and designations were found.

All FIs and DNFBPs must have an effective electronic system (e.g., sanctions screening software) that can deal with customer databases and transactions simultaneously to ensure the following:

• Real-time financial transaction monitoring
• Screening names of all parties in a transaction
• Screening customers and beneficial owners during and before establishing a business relationship
• Screening the names and relevant details of all customers against the Sanctions List
• Reporting validated exact matches to QFIU without delay and notice of the same to NCTC and supervisory authority within 48 hours

Moreover, asset freezing measures for new designations must be implemented without delay within 24 hours of such designation by the UN Security Council and within 8 hours for Local designation after notification by NCTC. These notifications are also circulated by QFCRA, QCB, and MOCI to the MLROs of their supervised institutions, however, this doesn’t relieve firms from their regulatory obligation to keep current with relevant information issued by any relevant body.

Penalties for Violations

Violating designation orders, either willfully or through gross negligence, may result in severe administrative or criminal penalties. Criminal penalties may reach as high as 3 years imprisonment, or a fine up to QR 10 million, or both. Moreover, contravening the requirement of preventive measures for TFS may result in administrative penalties from a supervisory authority, from issuing a warning or revoking a license to staggering financial penalties.