What are AML compliance requirements in DIFC? 

What are AML compliance requirements in DIFC?

Dubai is a financial hub and an epicenter for trade activities in the Middle East and Gulf region. Thousands of businesses, along with banks and financial institutions, operate in the world’s most popular financial center in Dubai, the Dubai International Financial Centre (DIFC). 

Even the designated businesses operating in the DIFC are also subject to AML rules and regulations obligated to implement proper measures to fight money laundering and terrorism financing in this region to support the DIFC position. 

DIFC implements various AML rules and regulations and operates as full-fledged jurisdiction to combat money laundering and mitigate its risks. It is supervised by the Dubai Financial Services Authority, which addresses the burning issue of money laundering and other financial crimes rampant in this particular economic zone. Firms should be mindful of the DFSA regulations and comply with them to avoid penalties and contribute to the government’s mission of reducing exposure to financial crimes. 

DIFC and Its Regulatory Authority DFSA

DIFC is a leading international financial hub in the Middle East, Africa, and South Asia (MEASA) region. The Dubai Financial Services Authority (DFSA) is the DIFCs financial regulatory agency. It is authorized to protect DIFC and the economy against money laundering and terrorism financing by implementing the relevant rules and regulations.

What are the AML Regulations applicable to companies operating in DIFC?

The UAE federal legislation was created to follow the international AML/CFT standards and recommendations provided by the Financial Action Task Force (FATF). The crucial acts of the federal legislation that guide AML compliance in Dubai is mentioned as follows: 

  • Federal Law No. (4) of 2002 was implemented to combat Money Laundering and Terrorism Financing Crimes. It criminalizes money laundering and requires all relevant persons to report any suspicious transactions to the Financial Intelligence Unit of the UAE. 
  • Federal Decree Law No. (20) of 2018 is a crucial law on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations. This law is a vital component of the UAE’s efforts to prevent financial crimes, and it helps to improve the efficiency of the legal and institutional bodies in the UAE (including Cabinet Decision No. (10) of 2019). 
  • Regulatory Law DIFC Law No. (1) of 2004. 
  • DIFC’s Non-Financial Anti-Money Laundering/Anti-Terrorist Financing (AML/CFT) Regulations 
  • The DFSA Rulebook – Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Module as applicable to Financial Institutions, Designated Non-Financial Businesses and Professions (DNFBPs) and Virtual Asset Service Providers (VASPs).

DIFC Regulatory Law of 2004 provides that the companies within the DIFC must follow the rules and regulations established by the UAE, i.e., other federal laws. There are certain obligations that the banks and other financial institutions have to follow to obtain a license and operate in the DIFC. 

AML compliance requirements in DIFC

What are AML Compliance obligations for businesses operating in DIFC? 

The Financial Action Task Force has provided recommendations for AML/CFT compliances. Further, per DIFC’s AML/CFT regulations, the firms in the DIFC have to create an effective AML/CFT program by evaluating the money laundering risks they are likely to be vulnerable to. The standard practices they have to follow for AML compliance are mentioned below: 

Customer Due Diligence:

Firms need to adopt a risk-based approach to combat money laundering risks, so they need to put appropriate CDD measures in place to verify the customer’s identity. Customers identified as high-risk should be subjected to the Enhanced Due Diligence process. 

Elements of the Customer Due Diligence Process

Transaction monitoring:

It is vital to monitor the transactions continuously and identify any money laundering risks during the customer relationship journey. Businesses can take the help of AML software to spot any suspicious transactions and unusual patterns in the transactions and identify any fraudulent financial activity. 


Screening is crucial in the entire AML compliance framework as it helps businesses identify the individuals or entities who have been sanctioned or involved in any financial crime-related activities. Firms need to screen customers to determine whether any of the person or their UBO is Politically Exposed or not. They also need to monitor their customer databases and match the names on the updated local and international sanction lists. 

Appointment of a Compliance officer:

Organizations must appoint a compliance officer – a money laundering reporting officer (MLRO). The officer supervises the compliance process by ensuring the AML procedure is appropriately implemented and checking if organizations follow the due process of AML compliance to safeguard themselves against financial crime risks. Suppose the firms identify any suspicious activity or transaction. In that case, the MLRO must file a Suspicious Activity Report or Suspicious Transaction Report to the CBUAE, with a copy to the DFSA. 

AML Rulebook:

The DFSA issues an AML Rulebook to firms that contain modules regarding implementing the AML/CFT regulations within the DIFC. The rulebook guides the firms to implement the measures effectively by interpreting the legislation correctly and adopting a risk-based approach. So, the firms should be aware of the contents of the DFSA AML rulebook and adhere to the same diligently. 

The critical distinctions between federal AML requirements and that of DIFC

1. DFSA Rulebook includes “person issuing or providing services relating to Non-Fungible Tokens or Utility Tokens” as a DNFBP, unless-

  • The transaction (or interconnected transactions) related to the issue of NFTs, or Utility Tokens, is equal to or less than $15,000 in value, or
  • The person is providing technology-related support or advice to an issuer of the NFTs or Utility Tokens.

While any person conducting business activities in relation to Non-Fungible Tokens (NFTs) is considered generally treated as Virtual Asset Service Provider as per federal laws in line with the FATF Recommendations.

2. DFSA Rulebook also specifically provides that Real Estate Developers and Insolvency Firms would be construed as DNFBP.

3. Regulated entities operating in DIFC must have a Compliance Officer who is a UAE resident (except in the case of a registered auditor). It is not a condition as per federal AML Law. 

4. The minimum period prescribed for record keeping is six (6) years per DIFC regulations, while it is five (5) years per federal laws. 

5. AML Annual Return (for the period 1st August of the previous year to 31st July of the reporting year, to be filed by the end of September of each year) is the requirement under DFSA Rulebook for all the regulated entities operating in or from DIFC. It is in addition to the requirement of semi-annual report submission as per Cabinet Decision No. (10) of 2019. 

AML Regulation Enforcement by DFSA

Failure to comply with the AML/CFT laws by organizations falling within the ambit of the DIFC is subjected to investigations. The DFSA might ask for evidence such as account details and records and conduct interviews with the Compliance Officer and the senior management. It is mandatory to follow the rules as non-compliance will lead to the imposition of fines – violation of AML rules attracts a penalty between 10,000 to 1 million dirhams. Money launderers and predicate offenders can also be imprisoned for up to 10 years. 

Expert AML Assistance 

It is imperative to seek assistance from a top AML consultant to ensure effective compliance with AML/CFT obligations. AML UAE is one of the leading AML consultants in UAE that offer a wide range of AML compliance services such as AML/CFT policies, procedures, and controls documentation, AML Training, AML/CFT health check, AML software selection, assistance in setting up an in-house AML compliance department, Annual AML/CFT Risk Assessment Report, and regulatory reporting requirements.

Our timely and accurate AML consulting services

For your smooth journey towards your goals

Our recent blogs

Contact Form

side bar form

This field is for validation purposes and should be left unchanged.

Share via :

Share on facebook
Share on twitter
Share on linkedin

About the Author

Pathik Shah


Pathik is a Chartered Accountant with more than 25 years of experience in compliance management, Anti-Money Laundering, tax consultancy, risk management, accounting, system audits, IT consultancy, and digital marketing.

He has extensive knowledge of local and international Anti-Money Laundering rules and regulations. He helps companies with end-to-end AML compliance services, from understanding the AML business-specific risk to implementing the robust AML Compliance framework.