AML / CFT Notice
Guardian Middle East LLC operates a comprehensive AML/CFT framework as a QFC-licensed firm under QFC Licence 03870. The framework is built on QFC AML/CFTR 2019, Qatar AML Law No. 20 of 2019, QFC General Rule 8A on Beneficial Ownership, and the Financial Action Task Force (FATF) Risk-Based Approach. Customer Due Diligence (CDD) and where indicated Enhanced Due Diligence (EDD) are conducted on every prospective client. Suspicious Transaction Reports (STRs) are filed with the Financial Information Unit (FIU) of Qatar where required. Tipping-off restrictions apply.
Defined Terms
Term | Meaning |
AML / CFT | Anti-Money Laundering and Combating the Financing of Terrorism — the body of legal, regulatory, and operational obligations to prevent, detect, and report financial crime. |
AML/CFTR 2019 | The Anti-Money Laundering and Combating the Financing of Terrorism Rules 2019 issued by the Qatar Financial Centre Regulatory Authority. |
Qatar AML Law | Qatar Law No. 20 of 2019 concerning Anti-Money Laundering and Combating the Financing of Terrorism. |
CDD | Customer Due Diligence — identification and verification of the customer, beneficial ownership, and the purpose of the business relationship. |
EDD | Enhanced Due Diligence — additional verification, senior management approval, and ongoing enhanced monitoring applied to higher-risk engagements. |
PEP | Politically Exposed Person — a natural person entrusted with prominent public functions, family members, and known close associates. |
Beneficial Owner | The natural person(s) who ultimately own or control the customer or on whose behalf a transaction is conducted. |
STR | Suspicious Transaction Report — a report filed with the Financial Information Unit (FIU) of Qatar regarding suspected money-laundering, terrorist-financing, or related predicate offences. |
FATF | The Financial Action Task Force — the inter-governmental body that sets international AML/CFT standards. |
MLRO | Money Laundering Reporting Officer — the named individual within Guardian responsible for AML/CFT oversight, with reporting authority to the Senior Executive Function (SEF) and the FIU. |
FIU Qatar | The Financial Information Unit of Qatar — the national body to which STRs are submitted. |
Regulatory Framework
Qatar National Framework
Qatar Law No. 20 of 2019 concerning Anti-Money Laundering and Combating the Financing of Terrorism is the primary national legislation. It establishes:
- Predicate offences (the underlying crimes from which laundered funds derive).
- Customer due diligence obligations on regulated firms.
- Suspicious Transaction Reporting obligations to FIU Qatar.
- Tipping-off restrictions.
- Records retention obligations.
- Penalties for non-compliance.
QFC Framework
Within the Qatar Financial Centre, the QFC Regulatory Authority’s Anti-Money Laundering and Combating the Financing of Terrorism Rules 2019 (AML/CFTR 2019) apply. AML/CFTR 2019 is consistent with Qatar AML Law and provides QFC-specific operational requirements:
- Risk assessment framework.
- Customer due diligence standards.
- Enhanced Due Diligence triggers.
- Senior management approval requirements.
- Ongoing monitoring obligations.
- Internal policies, procedures, and controls.
- Training and awareness obligations.
- Records retention.
- Reporting obligations.
Beneficial Ownership
QFC General Rule 8A (Beneficial Ownership) requires QFC firms to identify and verify their beneficial owners and to maintain registers and records of beneficial ownership. Guardian Middle East LLC is fully compliant with QFC General Rule 8A in respect of its own beneficial ownership and applies the equivalent identification and verification approach to its clients as part of CDD.
International Framework
Guardian operates within the international AML/CFT context shaped by:
- FATF Recommendations — the international standards on combating money laundering, terrorist financing, and proliferation financing.
- FATF Mutual Evaluations — the periodic assessments of Qatar’s AML/CFT regime that inform national policy.
- United Nations Security Council Resolutions — sanctions resolutions binding on Qatar and reflected in national sanctions law.
- OFAC, EU, and UK sanctions regimes — applicable where engagements involve cross-border or multi-jurisdictional dimensions.
Risk-Based Approach
Guardian Middle East LLC applies a Risk-Based Approach (RBA) consistent with FATF Recommendation 1 and QFC AML/CFTR 2019. Under the RBA, the depth and intensity of AML/CFT measures are calibrated to the assessed risk of each engagement and of the firm overall.
Firm-Wide Risk Assessment
Guardian conducts a documented firm-wide AML/CFT risk assessment covering:
- Customer types served (sectoral, geographic, structural).
- Geographic exposure of the client base.
- Products and services offered (certification, inspection, attestation tiers).
- Delivery channels (direct, partner-issued via TNV, Third-Party CB).
- Other risk factors identified through experience and external intelligence.
The firm-wide risk assessment is reviewed at least annually and updated when material new risks emerge. The output informs the risk model applied to individual client engagements.
Customer Risk Assessment
Each client engagement is assessed across multiple risk dimensions:
Risk Dimension | Inputs |
Customer risk | Customer type, ownership structure complexity, PEP exposure, sanctions exposure, regulatory standing, reputation indicators. |
Geographic risk | Jurisdiction of registration, jurisdictions of beneficial owners, sites in scope, sourcing markets — assessed against FATF, EU, OFAC, and UK lists of higher-risk jurisdictions. |
Product/service risk | Specific certification or inspection scope, sectoral risk per IAF MD 11, ISO 13485 medical device exposure, financial-services context. |
Delivery channel risk | Direct engagement vs partner-issued, remote elements per IAF MD 4, third-party introducer involvement. |
Other factors | Adverse media, past compliance issues, urgency of engagement, atypical fee arrangements. |
Risk Outcomes
- Low risk — standard CDD; standard ongoing monitoring; periodic review at recertification cycle.
- Medium risk — standard CDD with additional verification points; periodic interim review.
- High risk — Enhanced Due Diligence (EDD); senior management approval; more frequent ongoing monitoring; documented justification for engagement.
Customer Due Diligence
Standard CDD is conducted on every prospective client at Step 2 of the certification process. CDD comprises four pillars per QFC AML/CFTR 2019:
Customer Identification
Identification of the customer through reliable, independent source documents, data, or information:
- Legal entity name, registered address, commercial registration / trade licence number.
- Articles of association / memorandum.
- Date of incorporation.
- Authorised signatories with specimen signatures.
- Tax registration.
Beneficial Ownership Identification & Verification
Under QFC General Rule 8A, identification of natural-person beneficial owners is mandatory:
- Full name, date of birth, nationality, residential address.
- Identification document type and number (passport, national identity card).
- Source of funds declaration.
- Where corporate shareholders exist, the chain is unwound until natural-person beneficial owners are identified.
- Where nominee shareholders or directors are involved, the underlying nominator is identified.
- Verification through reliable independent source documents.
Purpose & Intended Nature of Business Relationship
Understanding the engagement context:
- Certification or inspection scope.
- Standard(s) covered.
- Expected duration (3-year cycle for management system standards).
- Expected fee profile.
- Any ancillary services.
- Stakeholder context (e.g., public-sector tender requirement, supply-chain requirement).
Ongoing Monitoring
Throughout the engagement:
- Re-screening against sanctions and PEP lists at agreed intervals.
- Review of material changes notified by the client (beneficial ownership, directors, scope).
- Periodic review of the risk classification.
- Review of any unusual patterns in fee arrangements or operational behaviour.
- Refresh of CDD records at recertification.
Enhanced Due Diligence
Enhanced Due Diligence is triggered where the standard CDD identifies higher-risk indicators. Triggers include:
- Higher-risk jurisdiction — beneficial ownership, registered office, or significant operations in jurisdictions identified as higher-risk per FATF, EU, OFAC, or UK guidance.
- PEP status — beneficial owner, director, or authorized signatory who is a foreign PEP, domestic PEP, or PEP of an international organisation, or a family member or close associate.
- Complex or opaque ownership structures— multi-layered corporate structures, jurisdictional asymmetry, nominee arrangements that obscure ultimate ownership.
- Sectoral risk indicators— cash-intensive sectors, sectors with high corruption indices, sectors subject to specific FATF or international guidance.
- Inconsistencies— between application data and independent verification sources.
- Sanctions hit — whether or not subsequently cleared.
- Adverse media findings— credible reports linking the customer, beneficial owner, or related party to financial crime, corruption, or other AML/CFT-relevant matters.
- Other indicators— identified through Guardian’s risk model or external intelligence.
EDD Measures
- Additional verification — corroborating beneficial ownership through additional independent sources.
- Source of funds enquiry — understanding the legitimate origin of the funds underlying the engagement.
- Source of wealth enquiry — for higher-risk individual beneficial owners, understanding the origin of accumulated wealth.
- Senior management approval — engagement approved at SEF / MLRO level after EDD review.
- Enhanced ongoing monitoring — more frequent re-screening, more granular review of operational behaviour, more frequent CDD refresh.
- Documented justification — documented rationale for accepting (or declining) the engagement following EDD.
EDD does not automatically result in declined engagement. Many EDD cases resolve with a fully-evidenced clean profile and proceed normally. EDD ensures the firm has appropriate visibility on higher-risk profiles to make informed engagement decisions.
Sanctions Screening
All prospective clients, beneficial owners, directors, and authorised signatories are screened against:
- United Nations Security Council Consolidated List of designated persons and entities.
- Qatar national sanctions lists as published by the relevant Qatari authorities.
- OFAC SDN List (United States Department of the Treasury Office of Foreign Assets Control Specially Designated Nationals and Blocked Persons List) — particularly for cross-border or multi-jurisdictional engagements.
- EU consolidated sanctions list — for engagements with EU exposure.
- UK sanctions list — for engagements with UK exposure.
Screening Process
- Initial screening — at onboarding, before engagement approval.
- Periodic re-screening — at agreed intervals during the engagement (typically aligned to surveillance audit cycle).
- Event-driven screening — when material changes are notified (new directors, change of beneficial ownership, change of authorised signatories).
- Real-time screening — for any new individuals or entities introduced during the engagement.
Hit Resolution
- False-positive identification — confirmed name match without identity match (e.g., similar names of unrelated individuals) — resolved through additional verification and documented.
- True hit — confirmed identity match with a sanctioned individual or entity — typically results in declined engagement and may trigger Suspicious Transaction Report obligations.
- Hit subject to delisting / deceased / licence-based exemption — resolved with documented evidence; engagement may proceed subject to legal review.
Politically Exposed Person (PEP) Framework
Guardian operates a comprehensive PEP framework consistent with FATF Recommendation 12 and QFC AML/CFTR 2019.
PEP Categories Identified
- Foreign PEPs — individuals entrusted with prominent public functions in jurisdictions other than Qatar.
- Domestic PEPs — individuals entrusted with prominent public functions in Qatar.
- PEPs of international organisations — senior management of intergovernmental organisations.
- Family members of PEPs — including spouses, children, parents, siblings, and equivalent.
- Close associates of PEPs — known business partners, beneficial owners of legal entities held jointly with a PEP, and individuals with close personal or business relationships with PEPs.
PEP Treatment
PEP status is not a barrier to engagement. PEP identification triggers Enhanced Due Diligence including:
- Senior management approval of the engagement.
- Source of funds and source of wealth enquiry.
- Enhanced ongoing monitoring.
- Documented justification for the engagement decision.
- More frequent CDD refresh during the engagement.
Suspicious Transaction Reporting (STR)
Where Guardian Middle East LLC has reasonable grounds to suspect that funds, transactions, or activities are linked to money laundering, terrorist financing, or predicate offences, the firm files a Suspicious Transaction Report (STR) with the Financial Information Unit (FIU) of Qatar.
19.1 — Internal Reporting
- Any Guardian personnel who identifies a suspicion reports promptly to the Money Laundering Reporting Officer (MLRO).
- The MLRO investigates and determines whether the suspicion meets the threshold for external reporting.
- Internal reports and investigations are documented per AML/CFTR 2019.
19.2 — External Reporting
- Where the threshold is met, the MLRO files an STR with FIU Qatar in the prescribed format and within the prescribed timeframe.
- STRs are filed regardless of the size of the transaction or the perceived materiality — the threshold is suspicion, not materiality.
- The MLRO retains records of the STR and supporting analysis per AML/CFTR 2019 retention obligations.
19.3 — Tipping Off
Under Qatar AML Law No. 20 of 2019, Guardian Middle East LLC is restricted from disclosing to a customer, beneficial owner, or any third party that an STR has been or may be filed, or that an investigation is or may be underway. This restriction:
- Is a legal requirement to preserve the integrity of any subsequent investigation.
- Is not a violation of customer rights — it is a legal obligation.
- Applies even where the customer makes direct enquiries about their CDD status.
- Does not prevent Guardian from declining or terminating an engagement on broader compliance grounds — but Guardian does not state STR-filing as the reason.
19.4 — No Liability for Good-Faith Reporting
Under Qatar AML Law, Guardian and its personnel are not liable for any disclosures made to FIU Qatar in good faith and in compliance with the law. This statutory protection ensures that compliance with reporting obligations does not expose the firm or its personnel to legal claims.
Records Retention
Records relating to AML/CFT compliance are retained per QFC AML/CFTR 2019:
Record Type | Minimum Retention | Notes |
CDD documentation | 7 years from end of business relationship | Beneficial ownership records, identification documents, verification evidence. |
Risk assessments | 7 years from review | Customer-level risk assessments and the firm-wide risk assessment. |
STRs and supporting analysis | 7 years from STR filing | Filed STRs, internal reports, MLRO analysis records. |
Sanctions screening records | 7 years from screening | Screening hits, hit resolution documentation, false-positive identifications. |
Training records (AML/CFT) | 7 years | Personnel training in AML/CFT framework. |
Internal communications relating to AML/CFT decisions | 7 years | MLRO determinations, senior management approvals. |
Some records may be retained longer where Guardian’s Quality Manual specifies a longer retention or where litigation hold applies. AML/CFT retention obligations may override otherwise-applicable PDPPL deletion requests as detailed in the Privacy Notice.
MLRO & Governance
Money Laundering Reporting Officer (MLRO)
The MLRO is the named individual within Guardian responsible for AML/CFT oversight. Responsibilities include:
- Operational oversight of the AML/CFT framework.
- Receipt and assessment of internal suspicious-activity reports.
- Filing of Suspicious Transaction Reports (STRs) with FIU Qatar where appropriate.
- Liaison with FIU Qatar, QFCA, and QFCRA on AML/CFT matters.
- AML/CFT training and awareness within Guardian.
- Periodic reporting to the SEF and the firm’s governance bodies.
Governance
- SEF (Senior Executive Function) — ultimate accountability for AML/CFT compliance.
- MLRO — operational oversight and reporting authority.
- Compliance Function — supports the MLRO in framework operation, training delivery, and monitoring.
- All personnel — accountable for following the framework and reporting suspicions promptly.
Client Cooperation Obligations
Clients are required to cooperate with Guardian’s AML/CFT framework as a condition of engagement:
- Provide complete and accurate identification information for the customer and beneficial owners.
- Provide refresh information on a timely basis when CDD refresh is requested.
- Notify Guardian of material changes in beneficial ownership, directors, or organizational structure.
- Provide source of funds documentation where requested.
- Provide source of wealth documentation for higher-risk profiles where requested.
- Permit ongoing monitoring including periodic re-screening.
Failure to cooperate with CDD or ongoing monitoring is grounds for declining engagement, suspending an active engagement, or in serious cases, terminating the certification contract. These requirements form part of the client’s contractual obligations. The cooperation obligation is part of the certification contract executed at Step 2. Clients may use the appropriate channel for how to raise concerns about AML/CFT-related handling.
USE OF GUARDIAN APPROVED SCHEME MARK
Conformity-assessed organizations may use the Guardian Approved Scheme Mark on documents, marketing, websites, tender submissions, governance reports — subject to Guardian’s Use of Marks Policy. The mark must clearly indicate ‘Guardian Approved Scheme’ — not ‘accredited certification’ or ‘IAF MLA recognized’.
Permitted: Letterhead, marketing materials, websites, tender submissions, governance reports, regulator communications.
PROHIBITED: CRITICAL — Use that implies IAF MLA accredited certification, UAF/IAS/QS accreditation, or equivalence with accredited certification is STRICTLY PROHIBITED. Use that implies regulatory approval beyond CMS scope · Continued use after suspension/withdrawal.
Full Use of Marks Policy is available at: → Use of marks
GET STARTED — CONTACT GUARDIAN
Guardian Middle East LLC | Serving the Middle East
QFC Licence 03870 · Doha, Qatar
Location: Abo Hamour Area, Doha, Qatar
P.O. Box: 23277, Doha, Qatar
Mobile: +974 7770 2602 | +974 7213 7770
Email: info@guardian.qa
Website: www.guardian.qa
Or submit an enquiry: → Contact
Frequently Asked Questions
As a QFC-licensed firm under QFC Licence 03870, Guardian Middle East LLC is subject to QFC AML/CFTR 2019 and Qatar AML Law No. 20 of 2019. These laws apply to all client engagements regardless of the nature of the service provided. The requirement is statutory, not discretionary.
The Risk-Based Approach (RBA) is a core principle of FATF Recommendations and QFC AML/CFTR 2019. Under the RBA, the depth and intensity of AML/CFT measures are calibrated to the assessed risk of each engagement and of the firm overall. Lower-risk engagements proceed through standard CDD; higher-risk engagements trigger Enhanced Due Diligence. The RBA does not reduce the obligation to do CDD — it ensures that effort is proportionate to risk.
Standard CDD requires identification documentation for the customer and beneficial owners, evidence of the legal structure, source of funds declaration, and information on the purpose and nature of the engagement. Higher-risk profiles require additional verification and source of funds documentation. Specific document checklists are issued in the Step 2 information pack — see /process/application-and-kyc/.
Beneficial ownership is the natural person(s) who ultimately own or control the customer or on whose behalf a transaction is conducted. Under QFC General Rule 8A, identification typically applies to natural persons holding a defined ownership threshold or otherwise exercising ultimate control. Corporate-shareholder structures must be unwound until natural-person beneficial owners are identified.
PEP status is not a barrier to engagement but triggers Enhanced Due Diligence — additional verification, senior management approval, source of funds and source of wealth enquiry, enhanced ongoing monitoring, and documented justification. Family members and close associates of PEPs are also identified. The framework reflects FATF Recommendation 12.
UN Security Council Consolidated List, Qatar national sanctions lists, OFAC SDN List, EU consolidated sanctions list, and UK sanctions list — particularly for cross-border or multi-jurisdictional engagements. Screening is performed at onboarding and periodically thereafter, with event-driven screening when material changes occur.
A sanctions hit triggers immediate review by the MLRO. Many hits are 'name match' false positives (similar names of unrelated individuals) which are resolved through additional verification. True hits typically result in declined engagement and may trigger STR obligations. Some hits resolve through delisting, deceased status, or licence-based exemptions — assessed case by case.
A Suspicious Transaction Report (STR) is filed with the Financial Information Unit (FIU) of Qatar where Guardian has reasonable grounds to suspect that funds, transactions, or activities are linked to money laundering, terrorist financing, or predicate offences. STRs are filed regardless of transaction size — the threshold is suspicion, not materiality. Tipping-off restrictions under Qatar AML Law prevent disclosure to the customer that an STR has been filed.
Tipping off is disclosing to a customer, beneficial owner, or any third party that an STR has been or may be filed, or that an investigation is or may be underway. Under Qatar AML Law No. 20 of 2019, this disclosure is prohibited — even where the customer makes direct enquiries. The restriction preserves the integrity of any subsequent investigation by competent authorities.
CDD records, risk assessments, STRs, sanctions screening records, training records, and internal AML/CFT communications are retained for a minimum of 7 years from the end of business relationship or relevant event, per QFC AML/CFTR 2019. Some records may be retained longer where Guardian's Quality Manual specifies or litigation hold applies. Retention may override PDPPL deletion requests as detailed in the Privacy Notice.