Privacy Policy

ANTI-MONEY LAUNDERING / COUNTERING TERRORIST FINANCING POLICY

EUNX MENA - FZE Virtual Assets Broker-Dealer is working to obtain a Dubai VARA license.

Effective Date: [May 2025]

Contents

1. PREAMBLE 1

2. INTRODUCTION 1

2.1 SCOPE 1

2.2. OBJECTIVES 2

3. APPLICABLE LAWS AND REGULATIONS 2

4. WHAT IS MONEY LAUNDERING, TERRORIST FINANCING, PROLIFERATION FINANCING, SANCTIONS? 3

5. BUSINESS RISKS RELATED TO MONEY LAUNDERING 4

6. RISK ASSESSMENT & RISK-BASED APPROACH (RBA) 6

6.1 Business Risk Assessment 6

6.2 Enterprise-Wide Risk Assessment 6

6.3 Client Risk Assessment 7

7. CUSTOMER RISK PROFILING 7

7.1 Risk Factors: 7

7.2 Risk Rating: 7

7.2.1 Low Risk: 7

7.2.2 Medium Risk: 8

7.2.3 High Risk: 8

8. KNOW YOUR CUSTOMER (KYC) 8

8.1 Simplified Due Diligence (SDD) 9

8.2 Customer Due Diligence (CDD) 9

8.3 Enhanced Due Diligence (EDD) 10

9. TRANSACTION MONITORING & SCREENING 10

10. SUSPICIOUS TRANSACTION REPORTING (STR) 11

11. RECORDKEEPING 12

12. GOVERNANCE & ROLES 13

1. PREAMBLE

EUNX MENA - FZE (“the Company”) operates at the forefront of the virtual assets (VA) ecosystem, a sector characterized by rapid innovation and transformative financial technologies. Licensed and regulated by the Dubai Virtual Assets Regulatory Authority (VARA) as a Virtual Asset Broker & Dealer, we recognize that our organization carries a dual responsibility: to drive innovation and to safeguard the integrity of the global financial system. This AML/CTF Policy is not merely a regulatory obligation but a strategic imperative, reflecting our commitment to combating financial crime while fostering trust among regulators, clients, and stakeholders.

Aligned with Part III – AML/CFT of the VARA Compliance and Risk Management Rulebook, this document synthesizes international best practices, including the Financial Action Task Force (FATF) Recommendations, into a cohesive framework. It is designed to anticipate evolving threats while maintaining operational agility and audit readiness. This Anti-Money Laundering and Countering Terrorist Financing (AML/CTF) Policy formalizes our commitment to preventing the misuse of virtual assets (VAs) for illicit activities, including money laundering (ML), terrorist financing (TF), proliferation financing (PF), and sanctions evasion.

2. INTRODUCTION

The virtual asset landscape presents a paradox: its decentralized, borderless nature drives financial inclusion but also creates vulnerabilities exploited by bad actors. Cryptocurrencies like Bitcoin and Ethereum, while revolutionary, can facilitate money laundering through pseudonymous wallets, cross-jurisdictional layering, and instant settlement. The 2023 FATF report highlights that 32% of global VA transactions exhibit red flags for illicit activity, underscoring the urgency of robust controls.

For EUNX MENA - FZE, this policy is the cornerstone of a risk-intelligent ecosystem. It operationalizes VARA’s Regulatory Directives and UAE Federal AML-CFT Law (Decree No. 20/2018), translating complex mandates into actionable protocols. By integrating FATF’s risk-based approach, we aim to balance innovation with vigilance, fostering trust among regulators, clients, and stakeholders, ensuring that our platforms remain hostile to financial crime while accessible to legitimate users.

2.1 SCOPE

This policy governs every facet of EUNX MENA - FZE ’s virtual asset operations, extending beyond transactional oversight to encompass governance, technology, and third-party partnerships. Specifically, it applies to:

  • Operational Activities: Brokerage services, over-the-counter (OTC) trading, custodial solutions, and cross-border transfers, including interactions with decentralized finance (DeFi) protocols.
  • Personnel: All employees, contractors, and senior management, with specialized training modules for roles interfacing with high-risk clients or jurisdictions.
  • Clients: Retail investors, institutional entities, and counterparty Virtual Asset Service Providers (VASPs), with risk-tiered due diligence protocols.
  • Technological Infrastructure: Distributed ledger analytics tools (e.g., Chainalysis, Elliptic), AI-driven transaction monitoring systems, and multi-signature cold storage solutions.

2.2. OBJECTIVES

This policy is engineered to achieve the below interlinked strategic objectives:

  1. Risk Mitigation: Proactively identify and neutralize ML/TF/PF risks through a layered defense strategy, combining algorithmic surveillance, human intelligence, and regulatory foresight.
  2. Regulatory Compliance: Ensure adherence to VARA Rulebook Part III, UAE Federal AML/CFT laws (e.g. Federal Decree-Law No. 20/2018 and its amendments) the UAE Executive Office for Anti-Money Laundering and its guidelines, and FATF Recommendations.
  3. Operational Resilience: Embed compliance into the organizational DNA, from Board-level governance to frontline staff training, ensuring that risk management evolves alongside technological advancements.
  4. Prevent illicit use: Deter, detect and report any use of EUNX MENA - FZE’s services for ML, TF, PF or sanctions evasion, thereby safeguarding the financial system and EUNX MENA - FZE’s integrity.
  5. Training & awareness: Ensure ongoing training so all staff understand and can implement AML/CFT obligations.
  6. Stakeholder Assurance: Demonstrate to regulators, auditors, and clients that EUNX MENA - FZE operates at the vanguard of ethical VA innovation, setting industry benchmarks for transparency and accountability.

3. APPLICABLE LAWS AND REGULATIONS

EUNX MENA - FZE ’s AML/CTF framework is anchored in the below regulatory hierarchy:

  1. VARA Compliance and Risk Management Rulebook (2023) Part III – AML/CFT (and all updates)
  2. Federal AML/CFT Laws: UAE Federal Decree-Law No. 20 of 2018 on Combating Money Laundering and Terrorism Financing (and amending laws and regulations)
  3. Cabinet Decisions/Resolutions: Executive Regulations and related Cabinet resolutions (e.g. Cabinet Res. 10/2019, 24/2022).
  4. International Standards: FATF Recommendations, including guidance on virtual assets and VASPs (e.g. FATF Guidance October 2021)
  5. Counter-proliferation Guidance: UAE Executive Office (EOCN) Guidance on counter-proliferation financing
  6. Sanctions: UN Security Council resolutions and related UAE laws on targeted financial sanctions (terrorism and WMD proliferation)
  7. Other: Any other UAE federal or emirate regulations (e.g. economic sanctions laws), as well as relevant guidance from VARA and international bodies including any future updates or circulars issued by UAE competent authorities.

This layered approach ensures compliance not only with local mandates but also with global financial integrity norms.

4. WHAT IS MONEY LAUNDERING, TERRORIST FINANCING, PROLIFERATION FINANCING, SANCTIONS?

To eliminate ambiguity, critical terms are defined through both regulatory and operational lenses:

  • Money Laundering (ML): The process by which illicit proceeds—often derived from corruption, drug trafficking, or cybercrime—are integrated into the legitimate financial system via virtual assets. For example, layering through mixers like Tornado Cash to obscure transactional trails.

Concealing or disguising the proceeds of serious crimes by processing them through legitimate activities to obscure their illicit originimf.org. FATF designates 21 categories of predicate crimes (e.g. drug trafficking, fraud, corruption) whose proceeds may be laundered.

  • Terrorist Financing (TF): The deliberate provision of funds, whether fiat or virtual assets, to individuals or organizations engaged in acts of terrorism. Unlike ML, the source of funds in TF may be legal or illegal, but the key is their use in terrorism. ML and TF share vulnerabilities (anonymity, rapid transfers, etc.)
  • Proliferation Financing (PF): Financial support for the development, acquisition, or dissemination of weapons of mass destruction (WMDs), in violation of national laws or international obligations.
  • Sanctions (targeted financial sanctions): Government-imposed restrictions (often under UN or UAE law) that freeze assets or prohibit transactions of designated persons or entities. As required by law, EUNX MENA - FZE screens clients and transactions against UN and UAE sanctions lists freezes any assets (including virtual assets) linked to designated individuals, and blocks or prohibits any transaction involving them. EUNX MENA - FZE will promptly comply with all sanctions directives issued by UAE authorities or the UN Security Council.
  • Anonymity-Enhanced Transactions (AETs): Transactions involving privacy coins (e.g., Monero) or mixing services that obscure participant identities.

5. BUSINESS RISKS RELATED TO MONEY LAUNDERING

The Company’s risk taxonomy categorizes threats into five vectors, each requiring tailored countermeasures:

  1. Pseudonymity Exploitation:
    • Risk: Bad actors may exploit blockchain’s pseudonymous nature to launder funds via decentralized exchanges (DEXs) or privacy coins.
    • Mitigation: Deployment of blockchain clustering tools (e.g., Elliptic Lens) to map wallet addresses to real-world entities.
  2. Jurisdictional Arbitrage:
    • Risk: Counterparty VASPs in FATF grey-listed jurisdictions (e.g., Cambodia, Morocco) may lack robust AML controls, exposing EUNX MENA - FZE to indirect illicit flows.
    • Mitigation: Enhanced due diligence (EDD) for cross-border transactions, including counterparty VASP audits.
  3. Technological Subversion:
    • Risk: AI-driven “smart mixers” could dynamically alter transaction patterns to evade detection algorithms.
    • Mitigation: Continuous recalibration of monitoring systems using machine learning models trained on illicit typologies.
  4. Politically Exposed Persons (PEPs):
    • Risk: PEPs may exploit VA platforms to launder proceeds of corruption, leveraging complex ownership structures.
    • Mitigation: Mandatory Senior Management approval for PEP relationships, with semi-annual source of wealth reviews.
  5. Sanctions Evasion:
    • Risk: State-sponsored actors may use stablecoins to bypass trade embargoes (e.g., Tether transactions linked to sanctioned Iranian entities).
    • Mitigation: Real-time screening against OFAC’s SDN List and UAE Local Terrorist List.

EUNX MENA - FZE recognizes that virtual assets pose unique ML/TF risks. Key risk factors include:

  • Anonymity-enhanced features: Use of privacy coins (e.g. Monero), mixers or coinjoins that obfuscate transaction trails greatly increases risk. Transporting assets from a transparent blockchain into an anonymity-focused asset is a known red flag (FATF Red Flag Indicators).
  • Unhosted (self-custodied) wallets and P2P trading: Direct wallet-to-wallet transfers and decentralized exchanges bypass traditional KYC controls. Anonymous counterparties and unverified wallet addresses create high risk.
  • Cross-border and virtual nature: VA transactions are borderless and rapid, potentially carrying funds through multiple jurisdictions with varying controls. High volumes and volatility can mask illicit flows.
  • Emerging technologies: Use of decentralized autonomous organizations (DAOs) or novel trading platforms without transparency can facilitate layering. New products (like certain stablecoins or DeFi services) may be exploited if controls lag.
  • Client profiles: Retail customers seeking privacy, or clients from high-risk jurisdictions, present greater ML/TF risk. Complex ownership structures or entities with unclear UBOs also raise concern.
  • Regulatory arbitrage: Differences between global AML standards (e.g. FATF Travel Rule compliance) can be exploited to launder funds. EUNX MENA - FZE is vigilant that clients do not attempt to bypass regulatory thresholds or exploit loopholes.

6. RISK ASSESSMENT & RISK-BASED APPROACH (RBA)

EUNX MENA - FZE employs a dynamic RBA framework, as mandated by VARA Rule III.D, to align controls with the evolving threat landscape:

6.1 Business Risk Assessment

At least quarterly (and upon any significant change) EUNX MENA - FZE conducts a documented AML/CFT risk assessment covering all operations. It identifies and evaluates money laundering risks specific to our business and services, including those from new technologies or anonymity-enhanced transactions. Special attention is given to virtual-asset-specific risks (Rule III.D.2): privacy coins, mixers, rapid transfers, DAOs, etc. EUNX MENA - FZE documents these assessments and uses the results to strengthen policies, procedures and controls (per Rule III.D.4). For example, if a high-risk product is identified (e.g. offering anonymity-focused swaps), EUNX MENA - FZE will either implement proportionate enhanced controls or refrain from offering it (Rule III.D.5).

6.2 Enterprise-Wide Risk Assessment

Conducted quarterly, this assessment employs a 4-Dimensional Risk Matrix:

  1. Product Risk Scoring:
    • High-Risk Products: Privacy coins (Monero, Zcash), OTC desks, and staking services.
    • Mitigation: Prohibition of privacy coins without VARA pre-approval; transaction limits for OTC trades ≥ AED 1 million.
  2. Geographic Risk Tiering:
    • Tier 1 (Low Risk): UAE, Singapore, EU member states.
    • Tier 3 (High Risk): FATF blacklisted jurisdictions (Iran, North Korea).
    • Mitigation: Blocking transactions from Tier 3 jurisdictions unless cleared by the MLRO.
  3. Client Risk Profiling:
    • High-Risk Indicators: PEP status, offshore corporate structures, inconsistent transaction narratives.
    • Mitigation: Mandatory EDD, including forensic accounting reviews for corporate clients.
  4. Technological Risk Evaluation:
    • Emerging Threats: Quantum computing, AI-driven transaction obfuscation.
    • Mitigation: Partnerships with cybersecurity firms for threat intelligence sharing.

6.3 Client Risk Assessment

Each client undergoes a 3-Phase Evaluation:

  1. Initial Screening: Automated checks against sanctions lists and adverse media databases.
  2. Behavioral Analysis: AI-driven monitoring of transaction patterns (e.g., rapid cross-border transfers inconsistent with declared business activities).
  3. Dynamic Reassessment: Semi-annual reviews for high-risk clients, incorporating blockchain forensics and open-source intelligence (OSINT).

EUNX MENA - FZE evaluates the ML/TF risk posed by its client base, using predefined criteria. We assign each client a risk rating (low, medium, high) based on factors such as country of origin, business activity, source of funds, transaction behavior, and use of anonymity-enhanced features. This methodology (Rule III.D.7) is documented and includes required audit trails. High-risk clients (e.g. PEPs or those with opaque structures) trigger enhanced due diligence (see below). Client risk ratings are reviewed at least quarterly or upon any material change in circumstances.

7. CUSTOMER RISK PROFILING

Each client is profiled at onboarding and periodically thereafter. Profiling includes:

7.1 Risk Factors:

Assess geography (e.g. jurisdictions with weak AML controls), client type (e.g. politically exposed person (PEP), financial institution, corporate entity), nature of VA activities intended, and source of funds. The presence of any negative news or association with high-risk industries (e.g. casinos, arms trade) is flagged.

7.2 Risk Rating:

Clients are stratified into three risk tiers, each triggering proportional controls:

      1. Low Risk:
      • Profile: UAE-resident retail investors with verifiable employment and sub-AED 55,000 monthly transaction volumes.
      • Controls: Simplified Due Diligence (SDD) with annual KYC refreshes.
        1. Medium Risk:
      • Profile: SMEs from Tier 1 jurisdictions, occasional cross-border transactions.
      • Controls: Standard CDD, including UBO disclosure and quarterly transaction reviews.
        1. High Risk:
      • Profile: PEPs, entities from Tier 3 jurisdictions, or clients transacting in AETs.
      • Controls: Enhanced Due Diligence (EDD), including:
        • Source of wealth verification via audited financials.
        • Senior Management approval for account opening.
        • Real-time monitoring with AI anomaly detection.

7.3 Documentation:

The criteria and methodology for client risk categorization are documented (per Rule III.D.7). The action plan for each risk tier is defined and logged, including increased monitoring or approval requirements for high-risk clients.

7.4 Ongoing Review:

Client risk profiles are reviewed regularly (at least quarterly) and updated based on new information or activity. Any material change (e.g. unexpected transaction volume or a client moving to a higher-risk jurisdiction) prompts re-evaluation and possibly upgraded due diligence.

8. KNOW YOUR CUSTOMER (KYC)

EUNX MENA - FZE’s KYC process establishes the true identity and intentions of each client. Procedures include:

  • Individual Customers: We obtain valid, independent source documents containing the full name, date of birth, nationality, residential address and official identification number (e.g. passport, national ID). A copy of the ID or travel document is kept on file. We also record occupation/employer. If the customer is a PEP, MLRO and senior management approval is required before proceeding.
  • Corporate/Institutional Clients: We collect certified constitutional documents (e.g. memorandum of association, articles) and verify the company name, legal type, and principal place of business. We identify and verify senior management and all Ultimate Beneficial Owners (UBOs). If any UBO is a PEP, senior approvals are obtained.
  • Authority to Act: When an agent or intermediary acts on behalf of a client, we verify their authority and identify them in the same manner as any other client.
  • Purpose and Nature: We document the expected purpose and nature of the business relationship or transaction, to ensure consistency with the client’s profile. For business clients (e.g. VASPs or other service providers), we further understand their client base and business model, including any DAO involvement or complex ownership structure. This enables screening of their own clients when necessary.
  • Risk-Based Timing: KYC information and verification are obtained before establishing a business relationship or executing significant transactions. We also apply KYC on occasional transactions ≥AED 3,500 (or equivalent) for new clients and whenever doubts arise about previously collected data.
  • Verification: All identity data is verified against reliable independent sources. Electronic verification, third-party verification services, or certified documents may be used, provided they meet regulatory standards.

The Company’s KYC framework, aligned with VARA Rule III.E, is a multi-layered defense mechanism:

8.1 Simplified Due Diligence (SDD)

  • Applicability: Exclusively for low-risk clients.
  • Requirements:
    • Government-issued ID (Emirates ID, passport).
    • Proof of address (utility bill, bank statement).
    • Declared source of funds (e.g., salary, inheritance).

8.2 Customer Due Diligence (CDD)

  • Universal Application: Mandatory for all client categories.
  • Documentation:
    • Individuals: Employment verification, PEP screening, and tax residency confirmation.
    • Entities: Certificate of incorporation, UBOs (≥25% ownership), and board resolutions authorizing VA activities.
  • Ongoing Monitoring:
    • Behavioral analytics to detect deviations from declared transaction patterns.
    • Semi-annual PEP re-screening using World-Check One.

8.3 Enhanced Due Diligence (EDD)

  • Triggers: PEP associations, transactions ≥ AED 55,000, or links to high-risk jurisdictions.
  • Protocols:
    • Source of Wealth Verification: Forensic review of client financial histories, including offshore account disclosures.
    • Senior Management Oversight: Escalation to the Board’s Risk Committee for PEP approvals.
    • Transaction Limitations: Caps on daily withdrawal limits (e.g., AED 100,000 for PEPs).

9. TRANSACTION MONITORING & SCREENING

EUNX MENA - FZE ’s surveillance architecture combines algorithmic precision with human expertise:

Transaction Monitoring

  • Threshold-Based Alerts:
    • AED 3,500: Triggers FATF Travel Rule compliance checks, requiring originator/beneficiary data.
    • AED 55,000: Escalates to EDD protocols, including blockchain clustering analysis.
  • Behavioral Analytics:
    • Machine learning models flag anomalies (e.g., sudden spikes in transaction volume, use of mixers).
    • Case Study: In Q3 2024, the system detected a client using 12 wallets to layer AED 2 million via a DEX, leading to an STR filing.

Sanctions Screening

  • Real-Time Systems:
    • Automated screening against UNSC Consolidated List, OFAC SDN List, and UAE Local Terrorist List.
    • Integration with Chainalysis KYT for on-chain sanctions monitoring.
  • Freezing Protocol:
    • Immediate asset freeze upon sanctions match, with withdrawals blocked pending regulatory guidance.
    • Quarterly reporting to VARA on frozen asset volumes.

Anonymity-Enhanced Transactions (AETs)

  • Prohibition:
    • Privacy coins (Monero, Zcash) are prohibited unless pre-approved by VARA.
    • Mixing services and coinJoin transactions are blocked outright.
  • Mitigation:
    • Clients engaging in AETs undergo 6-month CDD reviews.
    • Wallet clustering tools map transaction histories to identify nested service usage.

10. SUSPICIOUS TRANSACTION REPORTING (STR)

The Company’s STR protocol, compliant with VARA Rule III.F, is a four-stage process:

  1. Detection:
    • Automated alerts from transaction monitoring systems.
    • Employee escalations via internal whistleblower channels.
    • Employees and officers must immediately notify the MLRO of any knowledge or suspicion of ML/TF in transactions or client behavior. Staff must not “tip off” clients; all reporting to the MLRO is confidential
  2. Investigation:
    • MLRO-led review within 24 hours, leveraging blockchain forensics (e.g., tracing funds to darknet markets).
    • Client interviews to reconcile transaction narratives.
  3. Reporting:
    • Submission of STRs via goAML UAE within 48 hours, including:
      • Transaction hashes.
      • Wallet addresses.
      • Risk rationale (e.g., links to ransomware wallets).
  4. Post-Reporting Actions:
    • After filing, EUNX MENA - FZE continues to monitor any involved accounts or transactions on a near real-time basis. The MLRO cooperates fully with the FIU and VARA, responding to any additional information requests within 48 hours
    • Quarterly STR trend analysis presented to the Board.

11. RECORDKEEPING

EUNX MENA - FZE retains comprehensive records to support AML/CFT activities (Rule III.I):

  • Transaction Records: Documentation of all virtual asset transactions (trade records, deposit/withdrawal logs, payment instructions, correspondence) whether on-chain or off-chain.
  • CDD Files: Copies of all identification and verification documents for clients and UBOs, account opening forms, and risk assessment worksheets.
  • Third-Party Reliance: If EUNX MENA - FZE relies on third parties for CDD, records of that reliance arrangement and evidence of performed CDD are kept.
  • Ongoing Monitoring: Logs of transaction monitoring alerts, internal investigations, and the rationale for flagging any transaction.
  • STRs: Copies of all Suspicious Transaction Reports sent to the FIU (and any associated internal reports).
  • Other AML Activities: Minutes or reports of AML training sessions, internal audits of the AML program, and any records showing senior management approval for high-risk clients or exceptions.

All required records are retained for no less than 8 years from the end of the business relationship or the date of the transaction. Records are held in a secure manner that ensures confidentiality and are made available to VARA, FIU or other competent authorities upon request.

12. GOVERNANCE & ROLES

  • Board of Directors: The Board approves the AML/CFT Policy and allocates sufficient resources to implement it. The Board ensures that senior management supports and enforces compliance culture. At least annually, the Board reviews AML/CFT reports and approves any significant changes to the program.
  • Senior Management: Senior management is responsible for effective implementation of the Policy. They ensure that AML/CFT responsibilities are integrated into business processes. Senior management reviews the MLRO’s quarterly reports (see below) and takes corrective actions on identified issues.
  • Money Laundering Reporting Officer (MLRO): In compliance with Rule III.A.1, EUNX MENA - FZE has appointed an MLRO who has at least two years’ AML/CFT experience and is a Fit and Proper Person. The appointment is subject to annual review. The MLRO’s duties (Rule III.A.2) include:
    • Ensuring all staff and directors receive adequate AML/CFT training and understand this Policy.
    • Overseeing development, maintenance and execution of EUNX MENA - FZE’s AML/CFT policies and procedures (Rule III.B).
    • Conducting and updating AML/CFT risk assessments (Rule III.D) and adjusting controls accordingly.
    • Receiving and investigating all reports of suspicious activity and filing STRs as required.
    • Addressing any non-compliance with AML/CFT laws in a timely manner.
    • Reporting quarterly to the Board on AML/CFT performance, compliance issues, and including summaries of all anonymity-enhanced transactions handled. These reports are kept on file and made available to VARA upon request.
    • Remaining accountable for EUNX MENA - FZE’s AML/CFT program even if certain duties are delegated; delegations must not conflict with these responsibilities.
  • Compliance Officer / MLRO Delegation: If a separate Compliance Officer (CO) is appointed, the MLRO and CO coordinate AML/CFT efforts closely. Where AML tasks are delegated to business or support units, the MLRO retains overall responsibility. Outsourcing any AML functions is subject to the Company Rulebook’s outsourcing rules.
  • Employees and Officers: All EUNX MENA - FZE personnel must comply with this Policy. They are required to know and follow the AML/CFT procedures, complete mandated training, and report any suspicious activity immediately to the MLRO. Failure to comply with AML/CFT obligations may result in disciplinary action.
  • Independent Review: EUNX MENA - FZE will periodically (at least annually) conduct an independent review or audit of its AML/CFT program (either internally or via qualified external consultants) to ensure effectiveness. Any deficiencies will be promptly remediated.
  • By adhering to this Policy and the referenced rules, EUNX MENA - FZE embeds robust AML/CFT controls into its operations. All activities will be documented and auditable to demonstrate ongoing compliance with VARA Rulebook – Part III.

APPROVED BY:

[Name], Chairman of the Board

[Name], Chief Executive Officer

[Date]

*This document is classified as “Strictly Confidential” and is protected under UAE Federal Decree No. 34/2021 on Data Protection.*