Common Offences
Last Updated: 05/15/2026
Protect your business with reliable and effective AML strategies with AML UAE.
Common Offences - Key Highlights
Everyday, criminal activity generates illicit proceeds that enter the financial system through cash-intensive businesses, peer-to-peer platforms, and informal value transfer operators. Compliance teams face channel risk when low-value, high-frequency flows are misidentified as legitimate activity. Effective detection requires profiling calibrated to structuring patterns, network-level transaction monitoring, and staff trained to recognise these proceeds.
What are the Common Offences?
Predicate crimes that produce illicit proceeds eligible for money laundering constitute what the AML compliance discipline classifies as common offences. Within the UAE regulatory framework, Federal Decree Law No. (10) of 2025 defines a Predicate Offence in Article 1 as any crime whose proceeds form the object of a money laundering offence. Common offences, as a typology, capture those predicate crimes operating at the street and community levels: petty drug trafficking, gang-affiliated cash schemes, unlicensed remittance operations, and coordinated structuring by organised crime groups that consistently generate low-to-mid-value cash proceeds that cycle into the formal financial system through accessible, high-volume channels.
The significance of this typology lies not in the individual transaction but in the aggregate pattern. Taken alone, a sub-threshold cash deposit at a convenience store counter raises few flags. Taken across hundreds of related accounts, branches, and periods, those deposits reveal a coordinated placement scheme driven by the proceeds of common criminal activity.
What Does Common Offences Mean?
Imagine a busy market drainage system. Rainwater from shops, wages, and everyday trade flows through it normally and without suspicion. Beneath the surface, however, someone has connected an illegal pipe into the same drain. Small amounts of contaminated water seep in continuously, blending seamlessly with the legitimate flow. At the outlet, the mixture appears ordinary unless investigators trace it back to its source.
Common offences operate in much the same way. They are deliberately ordinary in appearance: small-scale drug transactions, petty theft proceeds, gang-linked cash movements, or informal and unlicensed money transfers. Individually, each transaction seems insignificant and easily overlooked. Collectively, however, these repeated acts reveal a hidden system that quietly contaminates legitimate financial channels from within.
Regulatory Framework Related to Common Offences
The primary legal instrument is Federal Decree Law No. (10) of 2025 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations. Article 1 defines Predicate Offence as broadly as any felony or misdemeanour generating proceeds capable of being laundered, including terrorism financing, proliferation financing, and tax evasion offences. Article 2 criminalises money laundering and confirms the offence is independent: a prior conviction for the predicate crime is not required. Article 26 sets criminal penalties at one to ten years’ imprisonment and fines between AED 100,000 and AED 5,000,000 for natural persons.
Cabinet Resolution No. (134) of 2025, AML/CFT/CPF Executive Regulations provides the operative compliance obligations. Article 5 requires enterprise-wide risk assessment addressing channel risks inherent in cash-intensive business accounts, P2P payment infrastructure, and money transfer services. Article 18 requires STRs to be sent without delay to the FIU via goAML portal.
Regulatory Reference
Federal Decree Law No. (10) of 2025, Article 1 (definition of Predicate Offence) and Article 2 (money laundering as an independent crime, conviction for predicate offence not required). Cabinet Resolution No. (134) of 2025, Article 5 (enterprise-wide risk assessment incorporating predicate crime exposure)
Supervisory Body
The Central Bank of the UAE (CBUAE) supervises licensed financial institutions for AML/CFT compliance. The Ministry of Economy & Tourism (MoET) supervises DNFBPs except lawyers, who are supervised by the Ministry of Justice (MoJ). The Financial Intelligence Unit (FIU), established as an independent unit within the CBUAE under Federal Decree Law No. (10) of 2025, Article 11, receives all STRs and SARs via goAML. The Executive Office for Control and Non-Proliferation (EOCN) administer the targeted financial sanctions regime.
Reporting or Compliance Obligations and Channels
Regulated entities suspecting that transactions or customer activity are connected to the proceeds of common offences must file a Suspicious Transaction Report via the goAML platform operated by the FIU. The STR obligation under Article 18 of the Cabinet Resolution No. (134) of 2025 arises from suspicion and applies without any threshold. All transaction records, CDD files, and STR-related documentation must be retained for a minimum of five years under Cabinet Resolution No. (134) of 2025, Article 25.
Recent Developments, Enforcement Actions, or Supervisory Priorities
The UAE’s 2024 National Risk Assessment reinforces that cash-intensive sectors and informal transfer networks remain among the highest-rated money laundering vulnerabilities.
The 2021 NAMLCFTC Joint Guidance on Satisfactory and Unsatisfactory Practice identified deficiencies in source-of-funds identification and inadequate risk category assignment as the most common supervisory examination findings for DNFBPs: both directly relevant to detecting common offence patterns.
Cabinet Resolution No. (134) of 2025 strengthened ongoing monitoring obligations and explicitly requires enterprise-wide risk assessments to address channel-level risks.
Why Common Offences Matter for Compliance Teams
The volume of proceeds generated by street-level crime globally dwarfs that produced by sophisticated financial fraud, because common offences operate at scale through networks of individuals rather than through single high-value transactions.
For UAE compliance teams, this presents a structurally challenging risk: the transaction values are deliberately kept small to avoid reporting thresholds, the actors often present as ordinary retail customers, and the channels (convenience stores, mobile remittance apps, informal money transfer services) are the same ones serving millions of legitimate consumers each day.
Channel risk is the defining feature of this typology. Criminals choose financial channels not for their sophistication but for their accessibility and transaction volume, knowing that small-value flows are statistically harder to isolate in high-throughput systems.
A compliance programme calibrated only for high-value wire transfers or PEP-linked transactions will systematically under-detect common offences activity. The UAE’s 2024 National Risk Assessment identifies cash-intensive sectors and informal transfer networks as elevated-risk channels, and Cabinet Resolution No. (134) of 2025 explicitly requires institutions to assess predicate crime exposure by channel.
Enforcement consequences for missing these patterns are material. Federal Decree Law No. (10) of 2025, Article 28 imposes criminal penalties, including imprisonment and fines between AED 100,000 and AED 1,000,000 for failure to file a suspicious transaction report.
Cabinet Resolution No. (71) of 2024 sets administrative fines of up to AED 500,000 for failure to file STRs and up to AED 200,000 for inadequate CDD procedures, applied per violation.
How Common Offences Work
The operational mechanics of common offences as a money laundering typology follow a consistent architecture regardless of the specific underlying crime. Actors generate proceeds, select accessible financial channels, exploit the volume and velocity of those channels to obscure origin, and gradually recycle the funds into the legitimate economy through cash-intensive business operations or informal transfer systems.
Stage One: Generating Proceeds Through Criminal Activity
Organised crime groups and affiliated networks generate cash proceeds through street-level activities: drug distribution, unlicensed lending, theft-receiving, and extortion. These groups rely on cash as the primary medium because it creates no immediate electronic record at the point of generation. Cash accumulates with network members before being consolidated by mid-level coordinators responsible for moving it into the financial system.
Stage Two: Selecting and Exploiting Financial Channels
Once consolidated, proceeds are introduced into financial channels calibrated for high transaction volume and low individual-transaction scrutiny. Cash-intensive businesses affiliated with or controlled by the group serve as the primary placement vehicle: convenience stores, small restaurants, and car washes, where cash revenue is expected and hard to benchmark precisely.
Stage Three: Cycling Funds Through Cash-Intensive Operations
Within the cash-intensive business, proceeds are recorded as operating revenue. Payroll is inflated, inventory purchases are overstated or fictitious, and supplier invoices may be fabricated to absorb the surplus cash. Detection requires benchmarking the business’s reported cash revenue against industry norms for comparable enterprises.
Stage Four: Fragmenting Transfers Across Peer-to-Peer Systems
Individual participants in the network use peer-to-peer payment platforms to transfer small sums among themselves and to third parties, collecting commissions and splitting proceeds. Payments are structured to remain below thresholds that would trigger enhanced scrutiny, with multiple accounts operated under different identities or through nominally associated holders.
Stage Five: Concealing the Origin Through Informal Transfer Networks
For proceeds that need to cross borders, informal value transfer system operators provide a settlement mechanism that bypasses formal correspondent banking. An operator collects cash domestically, credits a counterpart in the destination jurisdiction, and the counterpart makes an equivalent payment without funds physically crossing the border.
Real-World Examples of Common Offences
A Gang Network Using a Convenience Store
A mid-level organised crime group controls three convenience stores in a dense urban area. Each store reports consistent daily cash deposits to its business bank account, with declared turnover plausible for stores of that size. Compliance analysts notice that deposits arrive in several sub-threshold tranches each day from different branch locations, and that all three stores’ accounts route outgoing transfers to the same small set of personal accounts held by individuals with no documented commercial relationship to the stores.
The detection failure occurs because each store is assessed in isolation. The CDD file notes that it is a cash-intensive business and assigns a moderate risk rating, triggering an annual review but no enhanced monitoring calibrated to cross-account patterns. The lesson: businesses in networks controlled by the same beneficial owner must be assessed as a consolidated exposure, with transaction monitoring rules that fire on aggregate cross-account patterns.
A Peer-to-Peer Smurfing Operation
Four individuals open personal accounts at the same retail bank within two weeks, each declaring an occupation as a self-employed delivery driver. Over three months, each account receives frequent small P2P credits from a large and varied set of counterparties, accumulating totals far above what the declared occupation would support. Each individual then makes periodic transfers to a single account held by a fifth person.
No single account generates a transaction that reaches the reporting threshold. The scheme is only detectable through a network-level view: common counterparties across the four accounts, consistent payment-to-transfer timing patterns, and declared income versus actual credit volume mismatches. Without peer-group profiling and network analytics, this cluster remains invisible to a conventional transaction monitoring system.
An IVTS Operator Processing Street-Level Proceeds
A small business registered as a general trading company accepts cash from multiple walk-in customers throughout the week, maintaining no formal records beyond a handwritten ledger. Cash collected is consolidated and handed to a courier, who deposits it into a personal account before making a domestic wire transfer to a counterparty in another country.
The operational lesson is twofold: the labelling of a business’s declared activity carries no inherent reliability, and ongoing monitoring obligations to catch post-onboarding behavioural drift. An account that behaved as expected at opening and then began receiving irregular cash volumes should trigger a periodic review, not merely wait for its next scheduled file update.
How Do Common Offences Facilitate Money Laundering?
The tactic underpinning common offences is illicit acquisition: the criminal proceeds derive from street-level criminal activity, and the money laundering objective is to conceal both the existence of those funds and their criminal origin by introducing them into the financial system through channels that process high volumes of similar-looking legitimate transactions. In the placement stage, cash proceeds are introduced through accounts of cash-intensive businesses or through frequent small deposits by network individuals. In the layering stage, value moves through multiple accounts and platforms. In the integration stage, funds re-enter the economy as apparent business revenue or remittance proceeds.
How Do Criminals Exploit Common Offences?
Cash-intensive businesses serve as the common placement infrastructure. An organised crime group controls or has a commercial relationship with a business that legitimately handles large cash volumes. Criminal proceeds are blended with genuine retail revenue before deposit, and the business’s declared turnover is inflated to accommodate the additional cash without triggering obvious revenue anomalies.
Informal value transfer system operators exploit the gap between the formal correspondent banking system and the cash economy. They accept cash from the network, credit an equivalent amount in a destination jurisdiction through a counterpart, and settle the net position periodically through legitimate transfers or trade invoice manipulation.
Organised crime groups coordinate the overall scheme, providing the capital, the placement infrastructure, and the logistical management to ensure that proceeds from multiple street-level actors are consolidated, moved, and recycled at scale. Peer-to-peer platform operators are exploited when their platforms lack adequate KYC controls or transaction monitoring calibrated to detect coordinated small-value flows.
What Are the Red Flags That Identify Common Offences?
| Category | Key Red Flag |
| Customer | Account holder with documented minor criminal or gang affiliations operates a newly registered or low-activity account rapidly accumulating cash credits inconsistent with any declared business or personal profile. |
| Customer | Multiple individuals sharing a residential address or known connection open accounts within a short period and exhibit similar transaction patterns. |
| Customer | Declared self-employed status or micro-business ownership that cannot be substantiated through any verifiable trading record, registration, or tax filing |
| Transaction | Multiple related individuals conducting consecutive sub-threshold cash deposits at the same branch on the same day, indicative of coordinated structuring |
| Transaction | Frequent small peer-to-peer payments that collectively reach substantial amounts, lacking any clear personal or commercial justification |
| Transaction | Account receives credits from a large, diverse set of counterparties and concentrates value into a single receiving account at regular intervals. |
| Transaction | Rapid escalation in reported cash revenue at a cash-intensive business without a corresponding increase in operational footprint, staffing, or inventory |
| Transaction | Cash deposits made in small denominations across multiple branch visits in amounts just below local reporting thresholds |
| Geographic | Accounts linked to areas known for elevated street-level drug trafficking, organised crime activity, or high concentrations of informal economy activity |
| Geographic | Repeated use of unlicensed or informal money transfer services for small-sum remittances without valid documentation, particularly to high-risk jurisdictions |
| Product | Prepaid instruments loaded to maximum values repeatedly from different sources in short intervals, followed by rapid expenditure or ATM withdrawal |
| Channel | High volume of cash deposited through a business account is inconsistent with the declared business type, location, or customer base. |
| Channel | Business account held by an entity with no verifiable operational presence, no registered address corresponding to actual operations |
| Channel | Money orders purchased with cash in amounts and frequencies suggesting structured accumulation toward a larger payment. |
How AML Controls Detect Common-Offence Typologies?
| Control | What It Disrupts | Detect/Prevent/Deter | Specific Limitation |
| Customer Due Diligence | Prevents anonymous or inadequately profiled accounts used as placement vehicles | Detect | Criminal networks use genuine identity documentation |
| Enhanced Due Diligence | Disrupts account opening by high-risk actors through source-of-funds verification | Detect | Effective only when the CDD risk rating correctly triggers EDD |
| Transaction Monitoring | Detects structuring patterns and P2P concentration flows | Detect | Default thresholds are often set too high for this typology |
| Risk-Based Customer Profiling | Identifies accounts deviating from the declared peer group | Detect | Requires current sector-level reference data |
| Ongoing Due Diligence | Catches post-onboarding behavioural changes inconsistent with the original profile | Detect | Requires trigger-based rather than purely calendar-based reviews |
| OSINT and External Source Verification | Surfaces criminal affiliations that were not disclosed at onboarding | Detect | Coverage of street-level actors is inconsistent |
| Information Sharing and Collaboration | Enables cross-institution identification of coordinated networks | Detect | Requires a formal legal framework for bilateral sharing |
| Staff AML Training and Awareness | Ensures front-line staff recognise common offence signals | Prevent | Effectiveness degrades without regular scenario-specific refresher training. |
How Do AI and RegTech Automate Detection of Common Offences?
Transaction monitoring platforms with network analytics capabilities are among the most effective technological responses to common offence typologies. Standard rule-based engines fire on individual account thresholds, which criminal networks deliberately circumvent through structuring.
Network analytics instead models relationships between accounts: shared counterparties, common IP addresses, synchronised transaction timing, and surfaces clusters of accounts behaving in coordinated patterns that no individual account would trigger independently.
Machine learning anomaly detection applied to peer-group profiling helps identify declared-occupation mismatch.
By constructing a statistical baseline for what a given declared occupation or business type should generate in transaction terms, the model identifies accounts whose actual behaviour falls outside the expected range for their peer group. Natural language processing tools applied to adverse media databases add a critical pre-onboarding and periodic review layer.
Automated cash-intensity benchmarking tools compare a business account’s declared revenue against sector-level benchmarks derived from tax authority data and comparable peer accounts.
A convenience store depositing cash volumes inconsistent with its floor area, location, or declared trading hours will surface as an outlier without requiring a relationship manager to conduct a manual comparison.
What Data Should Compliance Teams Collect to Detect Common Offences?
| Data Point | Source System | What It Reveals |
| Business Activity and Operations | Commercial registry, business bank account transaction history | Whether the volume and pattern of a business’s financial activity are consistent with its declared sector, size, and operational profile |
| Individual, Entity, and Public Records | Centralised identity databases, court records, and company registers | Criminal convictions, gang affiliations, or prior regulatory action associated with account holders or beneficial owners. |
| KYC and Customer Due Diligence Records | Internal CDD platform, onboarding documentation store | Whether declared occupation, income, and business purpose are consistent with actual transaction behaviour. |
| Online and Digital Payment Platform Data | P2P platform transaction records, digital wallet logs | Frequency, volume, and counterparty diversity of small-value P2P credits reveal coordinated structuring across a network. |
| Transaction Logs | Core banking system, transaction monitoring engine | Sub-threshold deposit patterns, branch-level concentration, and timing regularity distinguish structured placements from organic flows |
Red Flags & AML Controls: Counter-Mapping
How Do Common Offences Aggravate Channel Risk?
Channel risk is the specific risk dimension that common offence typologies exploit most directly. Channel risk arises when a financial product, service, or delivery mechanism is used by a sufficiently large volume of customers that low-value illicit flows are statistically likely to be hidden within the normal operating range of the channel. Cash-intensive businesses, peer-to-peer payment platforms, and informal value transfer operators are the three primary channels through which common offences enter and move within the financial system, and each presents its own detection challenge.
For cash-intensive businesses, channel risk materialises because the institution cannot observe what happens inside the business. The institution sees only the aggregate deposit and must infer, from external benchmarking and transaction pattern analysis, whether the declared revenue is plausible.
For peer-to-peer platforms, channel risk is amplified by the scale and speed of transactions. For IVTS operators, channel risk is structural: the settlement mechanism inherently operates outside the regulated correspondent banking chain.
What Observable Patterns Signal Common Offences Activity?
Compliance officers reviewing accounts associated with this typology will observe a consistent set of behavioural patterns. Account holders with documented minor criminal or gang affiliations who establish newly registered or low-activity accounts and rapidly accumulate cash credits inconsistent with any verifiable personal or business profile represent the clearest early signal. Multiple related individuals conducting consecutive sub-threshold cash deposits at the same branch on the same day present an equally clear structuring signal.
Compliance officers should also monitor for rapid escalation in reported cash revenue at a cash-intensive business without a corresponding increase in operational footprint, and the repeated use of unlicensed or informal money transfer services for small-sum remittances, particularly without valid documentation or identification.
Sectors at Highest Exposure
| Sector | Risk Rating | Specific Reasoning |
| Retail Banking: Cash-Intensive Business Accounts | Critical | Common placement vehicle; blending of criminal cash with legitimate retail revenue is operationally straightforward; detection requires sector-level benchmarking. |
| Money Services Businesses and Remittance Providers | Critical | IVTS operators use licensed MSB channels to settle aggregate positions. |
| Peer-to-Peer Payment Platforms | High | High transaction volume creates statistical cover for small-value structured flows; KYC standards on some platforms remain below bank-equivalent thresholds. |
| Retail Banks: Personal Accounts | High | Smurf networks use personal accounts for P2P aggregation; individual accounts are difficult to connect without network-level monitoring. |
| Non-Bank Financial Institutions | Moderate | Used for money order purchase and prepaid instrument loading, where cash-to-instrument conversion limits are not effectively enforced |
Best Practices for Common Offences Risk Management
- Calibrate transaction monitoring rules to low-value, high-frequency patterns. Standard monitoring rule sets are often designed around high-value transaction thresholds and miss the structuring patterns characteristic of common offences. Institutions should implement dedicated rules for sub-threshold cash deposit frequency, same-branch multi-visit patterns, and P2P credit concentration.
- Apply sector-level benchmarking to all cash-intensive business accounts. Every business account in a cash-intensive sector should have its declared turnover validated against an industry benchmark for comparable enterprises by size, location, and trading hours. Cabinet Resolution No. (134) of 2025 requires ongoing monitoring commensurate with risk.
- Conduct network-level analysis across accounts sharing counterparties, addresses, or ownership. Compliance functions should ensure their transaction monitoring infrastructure can identify clusters of accounts linked by shared counterparties or beneficial owners, and that network-level alerts are reviewed as a consolidated exposure.
- Verify MSB registration for all customers operating apparent remittance or value transfer activity. Any customer account whose transaction profile is consistent with value transfer should be checked against the UAE Central Bank’s MSB register. Unregistered operators are subject to administrative penalties.
- Implement trigger-based ongoing due diligence rather than solely periodic review. Calendar-based CDD review cycles miss the rapid behavioural changes that characterise common offences account usage. Institutions should define specific transaction-level triggers: a step-change in cash deposit volumes, the appearance of new counterparty clusters, or a shift in the account’s geographic footprint.
- Train front-line staff specifically on common offence indicators. Branch staff interacting with customers making cash deposits are in the best position to observe behavioural cues that automated monitoring cannot detect. AML Training and Awareness programmes should include scenario-based exercises drawn from the specific red flags documented for this typology.
- Integrate OSINT adverse media screening into the ongoing monitoring workflow. Criminal gang affiliations and minor criminal convictions may not appear in formal identity databases but are often documented in local news sources and court records. Scheduled OSINT screening of all business account holders in high-risk sectors should be embedded in the CDD review process.
- Apply EDD to all accounts where declared income cannot be substantiated by reference to an independent source. Where a customer cannot provide verifiable source-of-funds documentation, and the declared occupation does not explain the observed transaction volume, EDD should be applied without requiring a separate triggering event.
- File STRs promptly on coordinated structuring patterns, without waiting for a single threshold breach. The obligation under Cabinet Resolution No. (134) of 2025, Article 18, arises from suspicion, not a specific monetary threshold. A pattern of coordinated sub-threshold deposits across multiple accounts creates the obligation to report without delay.
- Assess channel risk at the product and service level, not only at the customer level. Enterprise-wide risk assessments under Cabinet Resolution No. (134) of 2025, Article 5 must incorporate product and service-level channel risk across cash deposit services, P2P payment infrastructure, and remittance products.
- Establish cross-institution information sharing mechanisms that are permitted by law. Networks of accounts exploiting multiple institutions simultaneously are more effectively detected through cross-institution intelligence sharing, where the legal framework permits.
- Maintain a minimum five-year record of all transaction monitoring alerts, CDD decisions, and STR filings. Cabinet Resolution No. (134) of 2025, Article 25 requires a minimum five-year retention period for all records relevant to AML/CFT obligations.
Related Terms and Concepts
| Term | Connection |
| Predicate Offence | The underlying crime generating proceeds that become the object of a money laundering offence; common offences are a specific category of predicate crime. |
| Placement | The first stage of the money laundering cycle, where common offence schemes concentrate their vulnerability |
| Structuring | Breaking a large amount of funds into smaller ones, often to avoid the reporting threshold. |
| Cash-Intensive Business | The primary commercial vehicle through which cash proceeds of common offences enter the formal banking system |
| Smurfing | Use of multiple individuals to make structured deposits; directly operationalises the placement stage of common offences schemes |
| Informal Value Transfer System | The cross-border settlement mechanism is exploited by common offences networks to move proceeds without formal banking records. |
| Channel Risk | The specific risk dimension most directly aggravated by common offences. |
| Transaction Monitoring | The primary automated control for detecting sub-threshold structuring and P2P concentration patterns. |
| Suspicious Transaction Report | The mandatory filing obligation is triggered when compliance teams identify patterns consistent with common offences. |
| Customer Due Diligence | The foundational control for profiling customers to establish the baseline against which common patterns and anomalies are detected |
| Organised Crime Group | The primary actor coordinating common offence schemes, directing proceeds through networks of controlled accounts |
| Money Mule | Individuals recruited to receive and transfer funds within common offence networks. |
| Layering | The second stage of the laundering cycle, following the placement of common offences |
| Integration | The final stage at which common offences proceeds re-enter the economy as apparent legitimate income. |
| Bulk Cash Smuggling | An alternative placement mechanism for common offences proceeds when domestic channels are perceived as a higher risk. |
| Enhanced Due Diligence | Mandatory for high-risk customers identified through common offence profiling |
| Enterprise-Wide Risk Assessment | Must incorporate common offences channel risk under Cabinet Resolution No. (134) of 2025, Article 5 |
——
| Term | Context or Jurisdiction | Distinction from Primary Term |
| Predicate Crime Proceeds | Legal and regulatory context globally | Refers specifically to the funds generated by the underlying crime, not to the typology of how those funds are laundered |
| Street Crime Money Laundering | Law enforcement context | Informally distinguishes street-level proceeds from high-value financial crime proceeds; same typology. |
| Petty Crime Money Laundering | Supervisory and academic context | Emphasises the lower individual transaction value relative to sophisticated financial crime schemes |
| Common Predicate Offences | FATF typology nomenclature | Used to distinguish everyday criminal proceeds from specific designated categories |
What Products and Services Do Criminals Abuse in Common Offences Schemes?
Business bank accounts are the primary product through which cash proceeds from common offences enter the formal banking system. The business account provides a commercial rationale for the cash, a transaction history consistent with a trading enterprise, and a relationship with a bank that the launderer can exploit for further transfers or foreign exchange.
Cash transaction services: the suite of counter, ATM, and in-branch cash handling services that banks and non-bank institutions provide is the immediate access point for physical currency placement. The combination of walk-in counter deposits, branch ATM deposits, and cash-in-transit arrangements creates multiple physical entry points for cash that can be distributed across locations and days.
Money transfer and remittance services are abused as the cross-border movement mechanism for common offences proceeds following their initial placement in the domestic financial system.
Peer-to-peer payment systems are exploited for both intra-network value distribution and aggregate collection, with the combination of low individual transfer values and high transaction frequency creating an environment in which coordinated criminal flows are difficult to distinguish from ordinary consumer payments.
UAE Regulatory Framework & Reporting Obligations
How AML UAE Helps Manage Common Offence Risk Effectively
The common offences typology exposes a specific gap that many compliance programmes have not fully closed: the capacity to detect coordinated, low-value, high-frequency criminal flows across a network of accounts that are individually unremarkable. This is a different problem from detecting a single large suspicious transaction, and it requires a different set of capabilities: network-level monitoring, sector-specific benchmarking, and investigation skills trained on street-level crime patterns.
AML UAE helps compliance teams build those specific capabilities through training programmes, compliance framework development, and regulatory advisory services calibrated to the UAE’s current supervisory priorities. Our training helps address the channel risk profile of cash-intensive business accounts, the transaction patterns associated with peer-to-peer structuring, and the indicators of informal value-transfer operator activity.
For institutions seeking to strengthen their enterprise-wide risk assessment under Cabinet Resolution No. (134) of 2025, Article 5, AML UAE provides structured advisory support covering risk methodology, control gap analysis, and documentation frameworks.
The challenge with common offences is not the sophistication of the scheme: it is the volume. These networks are designed to be invisible at the individual transaction level. Compliance teams that assess every account in isolation, applying threshold-based rules calibrated for high-value transactions, will systematically under-detect them. The shift that changes outcomes is moving from account-level monitoring to network-level monitoring: asking not ‘is this transaction suspicious?’ but ‘does this cluster of accounts, taken together, describe a coordinated pattern that no legitimate group of customers would generate?’
Conclusion: Common Offences
Common offences represent one of the most persistent and structurally significant money laundering typologies in the UAE financial system because they exploit the very channels that serve the largest number of legitimate customers: cash-intensive businesses, peer-to-peer payment platforms, and informal value transfer networks.
The individual transaction values are deliberately kept small; the schemes operate at volume, and the actors are often individuals with no prior adverse regulatory history, presenting at onboarding as ordinary retail customers with a plausible commercial explanation for their activity.
Effective detection requires three integrated capabilities: transaction monitoring calibrated to the low-value, high-frequency patterns of common offences rather than to high-value wire transfers; network-level analysis that connects accounts sharing counterparties, addresses, or ownership structures into a consolidated risk picture; and ongoing due diligence triggered by behavioural change rather than solely by calendar review cycles.
These capabilities are consistent with ongoing monitoring obligations set out in Cabinet Resolution No. (134) of 2025 for institutions with exposure to cash-intensive businesses, remittance services, or peer-to-peer payment products.
Institutions that invest in the specific controls relevant to common offences: sector-benchmarked cash analysis, P2P network monitoring, MSB registry verification, and scenario-trained staff: position themselves to detect schemes before they cause regulatory exposure, rather than after law enforcement action identifies a pattern that compliance monitoring should have caught.
AML UAE works with compliance teams across the UAE to close the specific gaps that common offence typologies exploit.
FAQs on Common Offences
A predicate offence is the legal term for any underlying crime whose proceeds become the object of a money laundering charge under Federal Decree Law No. (10) of 2025, Article 1. Common offences, as an AML typology, are a subset of predicate crimes: specifically, the everyday, street-level criminal activities such as minor drug trafficking, gang-affiliated cash operations, and unlicensed money transfer services that generate low-to-mid-value cash proceeds cycled through accessible financial channels.
Yes. The STR obligation under Cabinet Resolution No. (134) of 2025, Article 18, arises from suspicion, not from a specific monetary threshold. If a pattern of deposits creates a reasonable suspicion that the funds may represent the proceeds of crime, the institution must file an STR via goAML without delay. The absence of a threshold breach does not remove the filing obligation.
Cash-intensive businesses present an elevated risk of common offences because the nature of the business provides a plausible commercial explanation for large volumes of cash deposits, making the mixing of criminal proceeds with legitimate revenue operationally straightforward for the launderer. Detection depends on external benchmarking and transaction pattern analysis rather than on the simple presence of a cash deposit.
Peer-to-peer platforms generate channel risk because they process high volumes of small-value transactions that are individually indistinguishable from ordinary consumer payments. Criminal networks exploit this by distributing proceeds in small amounts across multiple participant accounts. Detection requires network-level analysis: identifying shared counterparties, coordinated timing patterns, and aggregate volumes across linked accounts.
Channel risk is the risk that a specific delivery mechanism is inherently susceptible to misuse for money laundering, regardless of who the individual customer is. Customer risk is associated with a specific individual or entity based on their profile and behaviour. Common offences aggravate channel risk by exploiting channels that process enough legitimate volume to conceal criminal flows.
A financial institution that fails to meet its STR filing obligation under Federal Decree Law No. (10) of 2025, Article 28, faces criminal penalties including imprisonment and fines between AED 100,000 and AED 1,000,000. For DNFBPs, Cabinet Resolution No. (71) of 2024 imposes administrative fines of up to AED 500,000 for STR filing failures and up to AED 200,000 for inadequate CDD procedures, per violation.
Transaction monitoring rules for common offences should focus on the frequency of sub-threshold cash deposits within defined time windows and branch locations, peer-to-peer credit concentration across linked accounts, and the mismatch between declared business activity and actual transaction volume. Standard rules calibrated for high-value transfers will systematically miss these patterns.
CDD alone is rarely sufficient to identify organised crime group involvement. Organised crime groups often use individuals with no criminal record and genuine identity documentation as front account holders. Effective detection requires ongoing monitoring that identifies behavioural drift, OSINT adverse media screening to surface criminal associations, and network analytics to connect accounts that individually appear ordinary.
Front-line staff play an indispensable role because they interact directly with customers at the point of cash deposit. A trained teller can observe that a customer is making a deposit inconsistent with their declared occupation, is carrying unusually large volumes of low-denomination currency, or is uncomfortable when asked about the source of the funds. These observations, escalated through the firm’s internal suspicion reporting mechanism, can initiate an investigation that automated monitoring would not have triggered.
Strengthen Your Common Offences Controls
Build detection processes that identify structured cash deposits, P2P smurfing, and informal transfer activity.
Share via :
About the Author
Pathik Shah
FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)
Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.
Reach Out to Pathik