AML Regulations for Accountants and Auditors in UAE

Federal AML Laws and Executive Regulations Applicable to Accountants and Auditors

Pathik Shah

Last Updated: 04/17/2026

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Key Highlights

  • Accountants and auditors become DNFBPs when they carry out covered activities under Article 3 of Cabinet Decision No. 134 of 2025, such as real estate transactions, managing client funds or securities, managing bank, savings or securities accounts, organising contributions for the creation or management of companies, and creating, operating or managing legal persons or arrangements.
  • The Ministry of Economy and Tourism (MoET) is the designated AML/CFT supervisory authority for accountants and auditors operating in the UAE mainland and commercial free zones.
  • Federal Decree-Law No. 10 of 2025 (replacing Federal Decree-Law No. 20 of 2018) and Cabinet Resolution No. 134 of 2025 set the baseline AML/CFT obligations; MoET has issued the DNFBP Guidelines of September 2025 and the Supplemental Guidance for Auditors of June 2019 to explain sector expectations.
  • The 2024 UAE National Risk Assessment flags audit and accountancy services as exposed to trade-based money laundering, shell company abuse and sanctions evasion risks.

Independent accountants and auditors in the UAE become subject to anti-money laundering (AML) obligations when they prepare for or carry out specified financial transactions for clients. They are designated non-financial businesses and professions (DNFBPs) supervised by the Ministry of Economy and Tourism (MoET). This guide covers the AML regulations for accountants in UAE mainland and commercial free zones, including the Federal Decree-Law No. (10) of 2025 framework, sector-specific MoET guidance, and practical compliance expectations.

At a Glance: Accountants, Auditors and AML Regulations in UAE

At a Glance: Accountants, Auditors and AML Regulations in UAE

Supervisory authority 

Ministry of Economy and Tourism (MoET) for mainland and commercial free zones 

Primary federal law 

Federal Decree-Law No. (10) of 2025 on AML/CFT/PF 

Executive regulation 

Cabinet Resolution No. (134) of 2025 

Beneficial ownership 

Cabinet Decision No. (109) of 2023 

Primary sector guidance 

MoET AML/CFT Guidelines for DNFBPs (September 2025) 

Accountant-specific guidance 

MoET Circular No. (3) of 2021 and Supplemental Guidance for Auditors (June 2019) 

STR filing channel 

UAE FIU goAML portal 

NRA 2024 risk rating 

Medium-low inherent vulnerability for independent accountants and auditors 

ADGM accountants 

Supervised by RA under the AML and Sanctions Rulebook 

DIFC accountants 

Supervised by DFSA under the AML Module 

When is an accountant or auditor a DNFBP?

An accountant or auditor becomes a designated non-financial business or profession (DNFBP) under UAE law when they prepare for or carry out financial transactions on behalf of clients, such as buying or selling real estate, managing client money or securities, managing bank accounts, organising contributions for the creation of companies, or creating and managing legal persons or arrangements.

Independent accountants and auditors occupy a critical gatekeeper position in the UAE anti-money laundering (AML) and counter-financing of terrorism (CFT) framework. The moment an accountant or auditor prepares for or carries out specified financial transactions on behalf of a client, the firm becomes a reporting entity for AML compliance for audit firms UAE purposes.

The UAE has placed independent accountants and auditors within the DNFBP category under Federal Decree-Law No. (10) of 2025, Cabinet Resolution No. (134) of 2025, and a layered suite of sector-specific guidance and circulars. The 2024 National Risk Assessment rates accountants and auditors as a medium-low risk DNFBP sector while acknowledging specific vulnerabilities tied to the profession’s gatekeeper role in financial transactions. DNFBP-wide rules set the baseline; sector-specific guidance layers on top.

This article covers the AML/CFT framework applicable to accountants and auditors operating in the UAE mainland and commercial free zones supervised by the MoET. For the broader DNFBP pillar, see our AML Regulations for DNFBPs in UAE guide. For the primary federal legislation, visit our guide to AML laws in UAE and the dedicated federal AML laws and executive regulations page. If your firm operates in a financial free zone, refer to AML Regulations in ADGM or AML Regulations in DIFC respectively.

Scope of this page

This page covers accountants and auditors supervised by MoET in UAE mainland and commercial free zones. For accountants in ADGM and DIFC, refer to the dedicated jurisdiction pages. Lawyers, notaries, trust and corporate service providers have their own sector pages and are only referenced here where covered activities overlap.

Who Counts as an Accountant or Auditor for AML Purposes in the UAE?

Not every accounting professional is a DNFBP. Under Federal Decree-Law No. (10) of 2025 and its Executive Regulations (Cabinet Resolution No. (134) of 2025), accountants and auditors are classified as DNFBPs only when they prepare for or carry out specific financial transactions for their clients.

The covered activities that bring an accountant or auditor into the AML perimeter are the following five transactions, mirrored from the Financial Action Task Force (FATF) definition:

Who Counts as an Accountant or Auditor for AML Purposes in the UAE?

1. Real Estate Transactions

Buying and selling real estate on behalf of a client, including structuring, escrow, or payment handling.

2. Managing Client Money

Managing client money, securities, or other assets held in trust, on account, or under power of attorney.

3. Bank and Savings Accounts

Managing bank, savings, or securities accounts on behalf of a client, including signatory or authorised-user arrangements.

4. Company Contributions

Organising contributions for the creation, operation, or management of companies, including capital raising and share issuance.

5. Legal Persons and Arrangements

Creating, operating, or managing legal persons or legal arrangements, including buying and selling business entities and trust structures.

Key legal test:

If an independent accountant, external auditor or audit firm performs one or more of these covered activities for a client in the ordinary course of business, the full AML/CFT compliance regime under Federal Decree-Law No. 10 of 2025 and its Executive Regulations applies.

These covered activities are specified in Federal Decree-Law No. (10) of 2025 and Cabinet Resolution No. (134) of 2025, as reflected in the AML/CFT Guidelines for DNFBPs (September 2025) published by the Ministry of Economy and Tourism (MoET), and align with FATF Recommendation 22. It is the nature of the financial transaction being prepared or carried out that determines whether AML obligations apply for a given engagement.

The Supplemental Guidance for Auditors (June 2019) further clarifies the scope by explaining how the auditing function intersects with AML obligations. Auditors who, in the course of their professional work, encounter indicators of money laundering, terrorist financing, or other financial crimes are expected to take appropriate action, including filing suspicious transaction reports (STRs) via the goAML portal operated by the UAE Financial Intelligence Unit. This is an overlay obligation: even where a routine audit engagement places the firm inside the DNFBP perimeter and the statutory reporting duty under Federal Decree-Law No. (10) of 2025 is triggered.

Engagement-level analysis is therefore essential. Firms should map each client relationship and engagement type to the covered-activity list, document the reasoning, and refresh the assessment whenever the scope of work changes. Cross-link this analysis with the lawyers, notaries and legal professionals page where accountant-lawyer joint engagements on corporate structuring or real estate are common.

AML Supervisory Authority for Accountants and Auditors in UAE

The Ministry of Economy and Tourism (MoET) is the designated AML/CFT supervisory authority for independent accountants and auditors operating in the mainland UAE and in commercial free zones (excluding ADGM and DIFC). MoET is responsible for day-to-day supervision, desk-based reviews, on-site inspections, thematic reviews, and enforcement action.

MoET supervises four DNFBP categories: real estate agents and brokers, dealers in precious metals and stones (DPMS), independent accountants and auditors, and trust and corporate service providers (TCSPs). For a consolidated view of all supervisors, see our AML supervisory authorities in UAE page.

During inspections, MoET follows a structured process. It sends a formal notification letter; conducts the on-site visit; completes structured inspection checklists covering governance, business-wide risk assessment, CRA, CDD, sanctions screening, STR filing, record keeping, and training; and issues a findings report. Firms are expected to remediate any identified deficiencies within the timelines set by the Ministry. Failure to do so may result in administrative sanctions under Cabinet Resolution No. (71) of 2024, which can include written warnings, fines up to AED 5 million, licence suspension, or licence revocation.

Jurisdictional comparison at a glance

Federal Decree-Law No. (10) of 2025 applies across the entire UAE. The operational supervisor, rulebook, and penalty regime differ by jurisdiction.

DimensionMainland & Commercial Free Zone ADGM DIFC 
Federal Decree-Law No. (10) of 2025 applies Yes YesYes 
Primary supervisorMinistry of Economy and Tourism (MoET)Registration Authority (RA)Dubai Financial Services Authority (DFSA)
Operational rulebookMoET AML/CFT Guidelines for DNFBPs (September 2025) and MoET circularsFSRA AML and Sanctions Rulebook (AML)DFSA AML, CTF and Sanctions Module
Reporting channelgoAML operated by the UAE Financial Intelligence UnitgoAML operated by the UAE Financial Intelligence UnitgoAML operated by the UAE Financial Intelligence Unit
Scope of this guide Covered in full on this pageRefer to AML Regulations in ADGMRefer to AML Regulations in DIFC

Unsure whether an engagement makes your firm a DNFBP?

AML UAE helps accounting and audit firms triage engagements, scope covered-activity exposure, and build a proportionate AML/CFT compliance programme aligned with MoET expectations.

Explore our AML compliance services for accountants and auditors

AML Regulations Applicable to Accountants and Auditors in UAE

The AML/CFT regulatory framework applicable to accountants and auditors in the UAE is layered. At its foundation sits a suite of federal laws and executive regulations that apply to all reporting entities. Above that foundation sit cross-sector guidance instruments applicable to all DNFBPs, and finally sector-specific guidance directed at the accounting and auditing profession.

The UAE AML/CFT Regulatory Framework for Accountants and Auditors: Three Layers

Each layer builds on the one below it. All three apply simultaneously to accountants and auditors in UAE mainland and commercial free zones.

AML Regulations Applicable to Accountants and Auditors in UAE

LAYER 3 (TOP)

Accountant and Auditor Sector-Specific Guidance

MoET Circular No. (3) of 2021 and Supplemental Guidance for Auditors (June 2019). Contains obligations calibrated to the accounting and audit profession, including scope of AML work, red flag indicators, and STR filing from an audit lens.

LAYER 2 (MIDDLE)

DNFBP Cross-Sector Guidance

MoET AML/CFT Guidelines for DNFBPs (September 2025), numbered MoET circulars of 2025-2026, CRA and CDD Implementation Guides (November 2024). Shared across every MoET-supervised DNFBP including real estate agents, dealers in precious metals and stones, accountants and auditors, and trust and corporate service providers.

LAYER 1 (FOUNDATION)

Federal Laws and Executive Regulations

Federal Decree-Law No. (10) of 2025 on AML/CFT/PF, Cabinet Resolution No. (134) of 2025, Federal Law No. (7) of 2014 on Combating Terrorism Crimes, Cabinet Decision No. (74) of 2020, Cabinet Decision No. (109) of 2023, and related administrative penalty resolutions. Apply to every reporting entity across the UAE, including ADGM and DIFC.

Federal AML Laws and Executive Regulations Applicable to Accountants and Auditors

Seven federal legislative instruments form the backbone of every accountant’s and auditor’s compliance programme. Non-compliance with any of these can trigger criminal prosecution, administrative fines, licence suspension, or deregistration. These instruments are deliberately broad: they apply to every natural and legal person that is a reporting entity, including MoET-supervised accountants and auditors.

Federal AML Laws and Executive Regulations Applicable to Accountants and Auditors

Federal AML/CFT Laws Applicable to Accountants and Auditors

1. Federal Decree-Law No. (10) of 2025

Primary AML/CFT/CPF statute. Confirms accountant/auditor DNFBP status.

2. Cabinet Resolution No. (134) of 2025

Executive regulations. Operational reference for CDD, BRA, record keeping.

3. Cabinet Resolution No. (71) of 2024

Administrative penalties under MoJ/MoE, up to AED 5 million.

4. Cabinet Decision No. (109) of 2023

Beneficial owner identification and UBO register obligations.

5. Cabinet Resolution No. (132) of 2023

Administrative penalties for beneficial ownership violations.

6. Cabinet Decision No. (74) of 2020

Terrorism lists, UNSCRs, WMD proliferation countermeasures.

7. Federal Law No. (7) of 2014

Criminal combating of terrorism crimes and terrorist financing.

Federal Decree-Law No. (10) of 2025 Regarding Anti-Money Laundering, and Combating the Financing of Terrorism and Proliferation Financing

Federal Decree-Law No. (10) of 2025 is the primary AML/CFT/CPF statute in the UAE. It replaced and consolidated the earlier Federal Decree-Law No. 20 of 2018 and its amendments. The law defines predicate offences for money laundering, classifies accountants and auditors among the DNFBPs subject to AML/CFT obligations, and establishes the core compliance duties: customer due diligence (CDD), record keeping, suspicious transaction reporting, internal controls, staff training, and the appointment of an anti-money laundering compliance officer (MLCO). The law requires every accountant and auditor performing covered activities to verify the identity of customers and beneficial owners before establishing a business relationship or carrying out an occasional transaction above the prescribed threshold.

Federal Law No. (7) of 2014 Combating Terrorism Crimes

The Federal Law No. (7) of 2014 criminalises terrorism-related offences and defines terrorism crimes, terrorist organisations, and associated penalties. Knowingly providing accounting, tax, or corporate services to a designated terrorist or a terrorist organisation can constitute a criminal offence, independent of the firm’s AML reporting obligations.

Cabinet Resolution No. (134) of 2025 Concerning the Executive Regulations of Federal Decree-Law No. (10) of 2025

Cabinet Resolution No. (134) of 2025 is the executive regulation that operationalises the primary AML/CFT law. It sets out the practical requirements for CDD, including the specific documents that must be collected for natural persons, legal persons, and legal arrangements. It defines the triggers for enhanced due diligence (EDD) and the conditions under which simplified due diligence (SDD) may be applied. For accountants and auditors, the resolution prescribes the requirements of a business-wide risk assessment, the frequency of customer file reviews, the qualifications and reporting line of the compliance officer, and the training requirements for staff performing covered activities. It also requires that all CDD documentation, transaction records, and risk assessments be retained for a minimum of five years after the end of the business relationship.

Cabinet Decision No. (74) of 2020 Regarding Terrorism Lists Regulation and Implementation of UN Security Council Resolutions

Cabinet Decision No. (74) of 2020 implements the UN Security Council resolutions on the suppression and combating of terrorism, terrorism financing, and proliferation of armaments. Under Article 15, any person who holds funds on the UN Consolidated Sanctions List or the UAE Local Terrorist List must freeze those funds without prior notice and without delay, and notify the Executive Office for Control and Non-Proliferation (EOCN) within five working days. The operational mechanics for DNFBPs, including subscription to the EOCN Notification Alert System (NAS), filing of Confirmed Name Match Reports (CNMRs) and Partial Name Match Reports (PNMRs), and ongoing sanctions-list screening, are set out in the EOCN Targeted Financial Sanctions Guidance and are supervisory expectations for every accountant and auditor.

Cabinet Resolution No. (71) of 2024 Regulating Violations, Administrative Penalties Imposed on Violators of Measures for Confronting Money Laundering and Combating Financing of Terrorism Subject to the Control of the Ministry of Justice and the Ministry of Economy

Cabinet Resolution No. (71) of 2024 sets out the graduated administrative penalty regime applicable to entities supervised by the MoET and the Ministry of Justice, including accountants and auditors. Its annexed schedule starts at AED 50,000 for lower-severity breaches and rises to AED 1,000,000 for the most serious scheduled violations, with Article 5(2) permitting the Ministry to double the fine on repeat offences, while Article 3(1) preserves the Ministry’s power to stack any of the Article 14 sanctions under Federal Decree-Law No. (10) of 2025, namely written warnings, fines of up to AED 5,000,000 per violation, business restrictions, removal of senior management, and suspension or revocation of the professional licence.

Cabinet Decision No. (109) of 2023 on Regulating the Beneficial Owner Procedures

Beneficial ownership transparency is a core element of the UAE AML/CFT framework. This cabinet decision requires company registrars and corporate entities to identify and verify the identity of their beneficial owners, defined as any natural person who ultimately owns or controls 25 per cent or more of the shares or voting rights, or who exercises effective control through other means. Accountants and auditors who assist clients with company formation, corporate secretarial work, or ongoing management must ensure that beneficial ownership information held by the client is accurate, current, and available to competent authorities upon request, and that the UBO register is maintained at the client’s registered office.

Cabinet Resolution No. (132) of 2023 Concerning the Administrative Penalties against Violators of Cabinet Decision No. (109) of 2023 on Beneficial Owner Procedures

This companion resolution prescribes the specific fines and administrative measures that apply to entities and individuals that fail to comply with beneficial ownership requirements. Penalties include fines, suspension of activity, public warnings, and referral to criminal prosecution in cases of deliberate concealment of beneficial ownership information. Accountants who advise on corporate structuring should treat the BO regime and its penalty schedule as part of the first-line client-risk assessment.

Ready to map your obligations under Federal Decree-Law No. (10) of 2025?

AML UAE builds policies, business-wide risk assessments, and inspection-ready files aligned with the 2025 federal framework and MoET guidance.

Book a readiness review

Overarching AML Guidance Applicable to Accountants and Auditors

In addition to the federal legislative framework, accountants and auditors must follow a set of overarching guidance documents issued by national-level bodies including the Executive Office for Control and Non-Proliferation (EOCN) and the UAE Financial Intelligence Unit (FIU). While these are not primary legislation, they represent binding supervisory expectations and are treated as standards during MoET inspections.

Overarching AML Guidance Applicable to Accountants and Auditors

Overarching EOCN and FIU Guidance for DNFBPs including Accountants and Auditors

1. TFS Guidance for FIs, DNFBPs and VASPs

EOCN. Most current TFS implementation guidance.

2. FIU Strategic Analysis on TF

Terrorist financing trends and red flags.

3. Strategic Review on TFS Case Studies

Real-world TFS implementation and evasion cases.

4. PF Institutional Risk Assessment

PF-IRA methodology for FIs, DNFBPs, VASPs.

5. TF and PF Red Flags Guidance

Indicators for monitoring and staff training.

6. Joint Guidance on Unlicensed VASPs

Identifying and mitigating unlicensed VASP risks.

7. Counter PF Guidance

Dual-use goods screening, trade monitoring, EDD.

8. Satisfactory/Unsatisfactory Practice

Joint good-practice benchmarks for inspections.

9. Typologies on TFS Circumvention

Front companies, nominee structures, layering.

10. Guideline on Grievance Procedures

How designated persons or entities may seek review.

11. Online Grievance System User Guide

Step-by-step instructions for the grievance portal.

12. Combating PF and Sanctions Evasion

Practical controls against sanctions evasion.

13. NAS Subscription Simple Guide

How to subscribe to the EOCN alert system.

Guidance on Targeted Financial Sanctions for Financial Institutions, DNFBPs and VASPs (EOCN, March 2026)

The most current TFS guidance from the EOCN. It details the procedures for screening, freezing, unfreezing, and reporting in relation to UN and local sanctions lists. Accountants and auditors must implement screening procedures covering all customers, beneficial owners, authorised signatories, and transaction counterparties. Confirmed matches must be reported via a Confirmed Name Match Report (CNMR) and partial matches via a Partial Name Match Report (PNMR), both submitted through the goAML system. Freezing measures must be implemented without delay upon a confirmed match, which the EOCN interprets as same-business-day at the latest.

FIU Strategic Analysis Report on Terrorist Financing — May 2025

The FIU’s strategic analysis report provides insight into current terrorist financing trends, methods, and red-flag indicators in the UAE. Accountants and auditors should use this report to inform their internal risk assessments and to train staff on emerging TF typologies, including small-value transfers layered through professional services, misuse of charitable structures, and abuse of corporate service vehicles.

Strategic Review on Targeted Financial Sanctions Case Studies — November 2021 (covering 2019-2021, EOCN reference IEC-SR.01.22)

This strategic review presents anonymised case studies illustrating how targeted financial sanctions have been applied and, in some cases, evaded. It serves as a practical reference for understanding sanctions evasion schemes and how compliance teams should respond, with examples that include the use of nominee directors, complex trust structures, and indirect ownership chains that frustrate first-layer screening.

Proliferation Finance Institutional Risk Assessment Guidance for FIs, DNFBPs and VASPs — December 2023

Accountants and auditors are required to incorporate proliferation financing (PF) risks into their business-wide risk assessments. This guidance explains the methodology for conducting a PF Institutional Risk Assessment (PF-IRA), including the identification of PF risk factors, the assessment of existing controls, and the documentation of findings. The PF-IRA is a stand-alone exercise distinct from the AML business-wide risk assessment and must be reviewed at least annually.

Terrorist and Proliferation Financing Red Flags Guidance — December 2023

This document sets out the red-flag indicators that may suggest terrorist or proliferation financing activity. Accountants and auditors should embed these indicators into their transaction monitoring processes, CDD escalation triggers, and staff training programmes. Typical red flags include unexplained wire transfers to high-risk jurisdictions, layered corporate structures with no clear commercial rationale, and clients reluctant to disclose the source of wealth.

Joint Guidance on Combating the Use of Unlicensed Virtual Asset Providers in the UAE — 1 March 2022

Relevant to accountants and auditors who encounter clients using virtual assets or dealing with virtual asset service providers. It highlights the risks associated with unlicensed VASPs and the steps that DNFBPs should take to identify and mitigate those risks, including refusing to process payments to suspected unlicensed VASPs and filing STRs where appropriate.

Guidance on Counter Proliferation Financing for FIs, DNFBPs and VASPs — 1 March 2022 (EOCN reference EOCN-PF.01.22)

This guidance supplements the PF risk assessment guidance by explaining the practical counter-proliferation financing controls, including dual-use goods screening, trade-related transaction monitoring, and enhanced due diligence for clients with links to sanctioned jurisdictions such as the DPRK and Iran.

Joint Guidance on Satisfactory and Unsatisfactory Practice — June 2021

Issued jointly by UAE supervisory authorities, this guidance provides examples of good and poor compliance practice observed during inspections. Accountants and auditors should review the examples to benchmark their own compliance programmes and to calibrate remediation plans where MoET has identified a weakness.

Typologies on the Circumvention of Targeted Sanctions against Terrorism and the Proliferation of Weapons of Mass Destruction — March 2021

This document examines the techniques used to evade targeted financial sanctions, including the use of front companies, nominee structures, identity concealment, and complex layering schemes. Valuable for training compliance staff and calibrating EDD triggers.

Guideline on Grievance Procedures

Sets out how designated persons or entities may seek review of listing decisions and how supervisory authorities and DNFBPs should handle grievance requests. Accountants acting as registered agents or in nominee roles should be familiar with the process so they can respond appropriately where a client is listed.

Online Grievance System User Guide

Step-by-step instructions for using the EOCN online grievance portal, including the information required, supporting documents, and processing timelines.

Combating Proliferation Financing and Sanctions Evasion

Practical guidance for implementing counter-proliferation and sanctions-evasion controls. Useful when designing transaction monitoring scenarios and calibrating escalation triggers in higher-risk trade corridors.

Simple Guide to Subscribe to the EOCN Notification Alert System (NAS)

Explains how accountants and auditors should register for the EOCN NAS to receive real-time alerts when sanctions lists are updated. Subscription to NAS is a mandatory supervisory expectation for DNFBPs and is commonly checked during MoET inspections.

Need a PF-IRA template, TFS screening procedure, or training deck?

AML UAE delivers EOCN-aligned templates and train-the-trainer sessions calibrated to the size and risk profile of accounting and audit firms.

See our compliance programme design services

NRA, SRA, and Other Important Guidelines Applicable to Accountants and Auditors

The UAE National Risk Assessment (NRA) is the single most important national-level risk document for every DNFBP. It synthesises risk findings across the UAE economy and prescribes calibration of supervisory and firm-level controls. Accountants and auditors must treat the NRA as a live input into their business-wide risk assessment, not a background reference.

UAE ML/TF National Risk Assessment — 2024

The 2024 National Risk Assessment describes the audit and accounting sector as small, with medium inherent vulnerability and medium-low residual risk. The NRA acknowledges specific vulnerabilities, including the gatekeeper role that accountants play in financial transactions, the potential for professional services to be misused to obscure beneficial ownership, and identified gaps in screening and monitoring practices across parts of the profession.

Accountants and auditors are required to review the NRA findings, conduct a gap analysis between their current compliance programme and the NRA expectations, incorporate the findings into their business-wide risk assessments, and update their internal controls, CRA weighting, and training materials accordingly. MoET has confirmed that inspection teams will probe whether NRA findings are reflected in BRAs and in the calibration of the CRA.

DNFBP Sector-Specific Guidance Applicable to Accountants and Auditors

These guidance and circular instruments are issued by MoET and apply across its DNFBP perimeter. They are not accountant or auditor-specific but form the operational backbone against which inspections are conducted, and they must be read in conjunction with the federal laws above.

DNFBP Sector-Specific Guidance Applicable to Accountants and Auditors

DNFBP Sector-Specific MoET Guidance: 10 Key Instruments

1. Circular No. (1) of 2026

Updated high-risk country list and related measures.

2. AML/CFT Guidelines for DNFBPs

Primary compliance manual covering governance, CDD, EDD, STRs.

3. Circular No. (3) of 2025

Sanctions and terrorist list screening at onboarding and continuously.

4. Circular No. (4) of 2025

NRA 2024 is a live input to BRAs.

5. Circular No. (6) of 2025

Risk-based CDD with focus on simplified due diligence.

6. Circular No. (7) of 2025

Reimposition of UN sanctions relating to Iran under UNSCR 1737.

7. Counter PF Guidance

Dual-use goods screening, trade monitoring, EDD.

8. Satisfactory/Unsatisfactory Practice

Joint good-practice benchmarks for inspections.

9. Typologies on TFS Circumvention

Front companies, nominee structures, layering.

10. Guideline on Grievance Procedures

How designated persons or entities may seek review.

Circular No. (1) of 2026 on Updating the Lists of High-Risk Countries, Countries Subject to Increased Monitoring, and Related Measures

This circular updates the lists of jurisdictions classified as high-risk (FATF black list) or subject to increased monitoring (FATF grey list) and directs accountants and auditors to apply enhanced due diligence to all relationships and transactions involving those jurisdictions. It also prohibits establishing branches or subsidiaries in high-risk jurisdictions and reliance on third parties in those countries for CDD performance.

AML/CFT Guidelines for Designated Non-Financial Businesses and Professions — September 2025

Published by MoET in September 2025, these comprehensive guidelines replace earlier DNFBP guidance and provide the definitive regulatory expectations for all MoET-supervised DNFBPs, including accountants and auditors. They cover the full compliance lifecycle: governance and the MLCO role, business-wide risk assessment, customer risk assessment, CDD (including SDD and EDD), ongoing monitoring, STR filing through goAML, record keeping, staff training, and sanctions screening. This is the single most important reference document for building an AML/CFT compliance programme for accounting and audit firms.

Circular No. (3) of 2025 on Emphasising the Importance of Screening Sanctions and Terrorist Lists (MOEC/AML/003/2025, dated 19 March 2025)

This circular reiterates the obligation to screen customer databases against the latest sanctions and terrorism lists without delay. Screening must cover not only the customer but also all beneficial owners, authorised signatories, and transaction counterparties. MoET inspection teams treat sanctions screening evidence as a priority test area.

Understanding the Importance of the UAE 2024 National Risk Assessment — A Practical Guide for DNFBPs (Ministry of Economy)

This practical guide directs all MoET-supervised DNFBPs to study the 2024 NRA, incorporate its findings into internal risk assessments, and allocate resources to address identified gaps. The NRA is a binding input to the firm’s compliance programme, not merely a reference document.

Circular No. (6) of 2025 on Emphasising the Implementation of Risk-Based Customer Due Diligence Measures (with a Focus on Simplified Due Diligence)

This circular provides practical direction on when and how SDD may be applied. SDD may never be applied where there is any suspicion of money laundering or terrorist financing. Firms must apply EDD for high-risk customers, standard CDD for medium-risk customers, and SDD only for genuinely low-risk customers where the firm has documented its risk rationale and there is no suspicion.

Circular No. (7) of 2025 Regarding the Reimposition of United Nations Sanctions Related to Iran pursuant to UNSCR 1737 (2006) and Subsequent Resolutions

This circular requires accountants and auditors to update screening systems with the latest UN Consolidated Sanctions List, re-screen all existing customers and beneficial owners for exposure to Iran sanctions, apply freezing measures without delay upon a confirmed match, and report confirmed matches (via CNMR) and partial matches (via PNMR) through the goAML system.

Circular No. (8) of 2025 on Updating the Lists of High-Risk Countries, Countries Subject to Increased Monitoring, and Related Measures

A subsequent update to the high-risk country list published within 2025. The updated lists must be reflected in the firm’s jurisdictional risk assessment, CRA, and CDD policies, and all existing relationships with nexus to the updated jurisdictions must be reviewed for potential EDD.

Implementation Guide for DNFBPs on Customer Risk Assessment (CRA) — November 2024

The Ministry of Economy’s Implementation Guide for DNFBPs on Customer Risk Assessment sets out a ten-step methodology for scoring customers across five risk-factor categories, Customer, Geographic, Product/Service/Transaction, Delivery Channel, and Other, using a one-to-five scale from Low to High. The guide requires accountants and auditors to apply the CRA at onboarding, at periodic reviews, and whenever there is a change in risk factors such as a shift in ownership, a new product, adverse media, a sanctions listing, or an update to the National or Sectoral Risk Assessment. It indicates example review cadences of every six months for high-risk clients, every one year for medium and medium-high risk clients, every eighteen months for low-medium risk clients, and every two years for low-risk clients, and it requires DNFBPs to maintain a comprehensive audit trail of all due diligence steps, risk scores, and justifications, available upon request by the competent supervisory authority.

Implementation Guide for DNFBPs on Customer Due Diligence (CDD) — November 2024

This companion guide details practical CDD steps, including identity verification for natural and legal persons, beneficial ownership identification using the 25 per cent threshold, SDD and EDD conditions, ongoing monitoring, and procedures when CDD cannot be completed. It also addresses the tipping-off prohibition: once a suspicious transaction is contemplated or reported, the firm must not disclose that fact to the client or to any third party who is not authorised to receive it.

Circular No. (2) of 2022 Regarding Implementation of Targeted Financial Sanctions on UNSCRs 1718 (2006) and 2231 (2015)

This circular provides implementation instructions for TFS related to DPRK and Iran proliferation sanctions. EDD is required for all transactions with a nexus to North Korea and Iran, including verification of cross-border transactions for potential dual-use goods, shipment documents, and end-user declarations.

Sector-Specific Guidelines Applicable to Accountants and Auditors

Beyond the DNFBP-wide instruments, the following documents are addressed specifically to the accounting and auditing profession and reflect the sector’s particular risk exposures and operational realities.

Ministry of Economy Circular No. (3) of 2021 (dated 4 February 2021)

Issued by the then Ministry of Economy Anti-Money Laundering Department (prior to the ministry’s rebranding as the Ministry of Economy and Tourism), this circular is addressed directly to independent accountants and auditors. It outlines core AML/CFT obligations, including the requirement to register with the Ministry, appoint a compliance officer, conduct customer due diligence, and file suspicious transaction reports via the goAML system.

Supplemental Guidance for Auditors — June 2019

Published by the Ministry of Economy, this is the most detailed auditor-specific compliance document available. It covers the scope of AML obligations for auditors (explaining which audit activities fall within the AML perimeter and which do not), risk factors specific to the audit profession (nature of the audit engagement, client type, geographic exposure, and transaction complexity), customer due diligence guidance for auditors (including verification of corporate clients, identification of beneficial owners in complex group structures, and managing CDD for long-standing audit relationships), red-flag indicators for auditors (unexplained cash transactions, complex multi-jurisdictional structures, inconsistencies between reported revenue and business activity, and clients with links to sanctioned jurisdictions), STR reporting obligations (identifying reportable suspicion, the goAML filing process, and the tipping-off prohibition), and common ML/TF typologies encountered in audit engagements.

Taken together, MoET Circular No. (3) of 2021 and the Supplemental Guidance for Auditors operate as the accountant-specific overlay on the DNFBP framework. They calibrate the scope of AML obligations to the practical reality of audit, assurance, and related advisory engagements, and they should be reviewed in full at least annually by the MLCO and the engagement partners.

Are you an accountant or auditor in ADGM or DIFC?

Accountants and auditors operating in the Abu Dhabi Global Market are supervised by the ADGM Registration Authority (RA) and must comply with the ADGM AML and Sanctions Rulebook. Those in the DIFC are supervised by the DFSA and must comply with the DFSA AML, CTF and Sanctions Module. The overarching federal laws and cabinet resolutions apply across the entire UAE, including ADGM and DIFC. See our ADGM and DIFC pages for the operational rulebook that applies to your firm.

Conclusion

The AML/CFT regulatory framework for accountants and auditors in the UAE is both comprehensive and continuously evolving. From the primary Federal Decree-Law No. (10) of 2025 through the detailed implementing regulations, overarching EOCN and FIU guidance, DNFBP-wide MoET circulars, and sector-specific MoET guidance, the obligations are clear and enforceable. The common thread is risk-based thinking: firms must identify where they sit in the ML/TF/PF risk landscape, calibrate controls accordingly, and be able to evidence the judgement at inspection.

For accountants and auditors operating in mainland UAE and commercial free zones, the practical priorities are as follows. Firms that invest in the controls below now will be best placed to adapt to future updates to the UAE AML/CFT/CPF framework and to avoid the significant penalties that attach to non-compliance.

1. Conduct and document a business-wide risk assessment (BRA) informed by the 2024 NRA and the September 2025 DNFBP Guidelines. Review at least annually and on trigger events such as new product lines, new jurisdictions, or new circulars.

2. Maintain a proliferation financing institutional risk assessment (PF-IRA) calibrated to client and transaction exposure to DPRK, Iran, and other proliferation-sensitive jurisdictions.

3. Apply a documented customer risk assessment to every client before providing covered services. Verify identity using reliable independent documents. Identify beneficial owners at the 25 per cent ownership or effective-control threshold. Apply EDD for high-risk clients, standard CDD for medium-risk, and SDD only where documented low-risk rationale exists and no suspicion is present.

4. Monitor client relationships continuously for changes in ownership, business activity, transaction patterns, and risk profile. Review frequencies should follow the CRA Implementation Guide: high-risk every 6 months, medium-high every 12 months, medium every 12 months, low-medium every 18 months, and low-risk every 24 months.

5. Screen all clients, beneficial owners, authorised signatories, and transaction counterparties at onboarding and continuously against the UAE Local Terrorist List, UNSC consolidated lists, and FATF-designated jurisdictions. Subscribe to the EOCN NAS for real-time alerts and register with the ARS.

6. File STRs via goAML whenever the firm knows, suspects, or has reasonable grounds to suspect that a transaction relates to ML, TF, or PF. File FFRs for confirmed matches and PNMRs for partial matches. Respect the tipping-off prohibition at all times.

7. Appoint an MLCO with adequate seniority, independence, and direct reporting to senior management. Deliver periodic AML/CFT training covering CDD, red flags, STR filing, sanctions screening, and the tipping-off prohibition to all staff performing covered activities.

8. Retain CDD documentation, transaction records, STR filings, sanctions hits, risk assessments, and training logs for a minimum of five years after the end of the business relationship or the date of the occasional transaction.

Build your accountant or auditor AML programme with AML UAE

We design, document, and stress-test AML/CFT compliance programmes for accounting and audit firms across UAE mainland and commercial free zones, including BRA/PF-IRA, CRA, CDD, screening, STR filing workflows, training, and inspection readiness.

Explore our AML compliance services for accountants

Frequently Asked Questions

When are accountants treated as DNFBPs in the UAE?

Accountants and auditors are treated as DNFBPs when they prepare for or carry out specified financial transactions on behalf of clients. The five covered activities are buying and selling real estate, managing client money or securities, managing bank or savings accounts, organising contributions for the creation or management of companies, and creating or managing legal persons or arrangements. 

The Ministry of Economy and Tourism (MoET) is the designated AML/CFT supervisory authority for independent accountants and auditors operating in mainland UAE and in commercial free zones. Accountants and auditors licensed in the ADGM are supervised by the FSRA, and those in the DIFC are supervised by the DFSA. Federal AML laws apply in all three jurisdictions; the difference is the operational rulebook and the supervisory interface.

Risk-based customer due diligence is expected. This includes verifying the identity of the customer and all beneficial owners at the 25 per cent ownership or effective-control threshold, understanding the purpose and intended nature of the business relationship, conducting ongoing monitoring of transactions and customer information, and keeping records for at least five years. Enhanced due diligence is required for high-risk customers; simplified due diligence may be applied only to genuinely low-risk relationships where no suspicion of ML or TF exists.

Common red flags for accountants include unexplained large cash transactions or payments in rounded amounts, complex multi-jurisdictional structures with no clear business rationale, clients reluctant to provide identification or beneficial ownership information, inconsistencies between reported revenue and observable business activity, transactions involving high-risk or sanctioned jurisdictions, use of nominee directors or shell companies with no substantive operations, and sudden changes in transaction patterns or payment flows without a clear commercial reason.

Yes. ADGM and DIFC are financial free zones with their own regulatory authorities, the ADGM Registration Authority (RA) and the DFSA respectively. Audit firms licensed in those jurisdictions follow the AML/CFT rulebook issued by their regulator. However, the overarching federal laws and cabinet resolutions, including Federal Decree-Law No. (10) of 2025 and Cabinet Decision No. (134) of 2025, apply across the entire UAE, including ADGM and DIFC. The supervisor and the operational rulebook differ by jurisdiction, not the federal statute.

Enjoying this guide?

Leave us a review on Google. It helps other compliance professionals discover AML UAE and supports our ongoing research into UAE AML regulations.

Leave a Review

Disclaimer : This article is published by AML UAE (amluae.com) for informational and educational purposes only. It does not constitute legal, regulatory, or compliance advice. The UAE AML/CFT regulatory framework is subject to change, and references to named laws, circulars, and guidance documents reflect the position known at the time of publication. For advice specific to your firm, consult a qualified AML compliance professional or licensed legal advisor. AML UAE accepts no responsibility for decisions taken in reliance on this article alone.

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Wire Transfer Services

Pathik Shah

Last Updated: 04/16/2026

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Wire Transfer Services and AML Compliance - Brief Overview

  • Wire transfer services are the electronic systems used to send money from one individual or organisation to another through financial institutions.
  • Wire transfer services are considered high-risk from an AML perspective due to speed, global reach, and ability to move large sums.
  • Common money laundering typologies involving wire transfer services are structuring, use of third parties, or rapid fund movements across multiple jurisdictions.
  • AML UAE services support AML compliance for financial institutions providing wire transfer services by assisting in the design and review of AML controls specific to wire transfers.

What Are Wire Transfer Services?

Wire transfer services refer to the electronic transfer of funds between individuals or entities through financial institutions. The process involves the sender providing their bank with the recipient’s account details, and the transfer is executed via secure networks.

The key difference between domestic, international, and correspondent wire transfers lies in scope, complexities, and risks.

  • Domestic: It occurs within the same country, usually between accounts at local banks, making it faster and less expensive.
  • International: It involves sending funds across borders, requires currency conversion and passing through multiple financial institutions, increasing complexity, and regulatory oversight.
  • Correspondent: It is a type of international wire transfer where banks rely on intermediaries to process payments, making it more complex and high-risk due to a lack of transparency between institutions.

Banks, money service businesses, and payment providers play distinct roles, as banks act as primary facilitators, providing secure and reliable methods for transferring funds. At the same time, MSBs and payment providers offer alternative channels for fund transfers that expand access but also increase risk exposure.

Wire transfers are subject to enhanced AML scrutiny due to their speed, global reach, high transaction values, lack of transparency, and potential for money laundering.

Why Wire Transfer Services Are High-Risk from an AML Perspective

Wire transfers play an important role in both domestic and cross-border payments by enabling rapid fund transfers between individuals, businesses, and financial institutions.

Wire transfers are often the preferred channel for money laundering and terrorist financing due to their speed, global reach, and ability to move large sums.

The regulatory importance of wire transfer transparency in the UAE is crucial, requiring the complete and accurate originator and beneficiary information to align with FATF standards, ensuring compliance and reducing ML/TF risk.

Why Wire Transfer Services Pose Elevated AML Risk in the UAE

Wire transfer services pose elevated AML risk in the UAE due to the following reasons:

  • The UAE operates as a global financial and remittance hub, which leads to a high volume of domestic and cross-border transactions, increasing the risk of money laundering.
  • Criminals often exploit wire transfers for layering and frequent movement of funds across multiple accounts and jurisdictions to obscure the origin of funds.
  • Due to the UAE’s strong global connectivity, funds can be transferred quickly across multiple high-risk jurisdictions, further elevating AML concerns.

Common Money Laundering Typologies Involving Wire Transfer Services

Common money-laundering typologies involving wire transfer services include several methods for disguising the origin of funds.

  • Criminals often use structuring (breaking the funds into smaller amounts) techniques to avoid threshold detection and reporting requirements.
  • They may also use third-party or nominee senders and beneficiaries to conceal the true identities.
  • Another method includes the rapid movement of funds across multiple jurisdictions, making it hard to trace the money trail.
  • Criminals often misuse the correspondent banking relationship to obscure the transaction details and reduce transparency.
  • The illegal funds are then integrated into the financial system through trade activity or asset purchases, making the funds appear legitimate.

Wire Transfer Services and Originator/Beneficiary Information Requirements

Wire transfer services require clear originator and beneficiary information to ensure transparency and easy traceability of funds.

It also requires having complete and accurate client details, as missing or incomplete data can lead to AML breaches.

Financial institutions are responsible for screening, verifying and monitoring the information to reduce ML/TF risks and ensure regulatory compliance.

UAE AML Laws and Regulatory Expectations for Wire Transfer Services

The UAE AML laws and regulatory expectations for wire transfer services are as follows:

  • The UAE AML/CFT framework for wire transfers requires financial institutions and money service businesses to follow rules to prevent ML/TF risks.
  • Institutions are also required to conduct proper customer due diligence and ensure complete originator and beneficiary information.
  • Regulators expect to maintain proper records, implement ongoing monitoring, and report suspicious activities detected to the relevant authority.
  • During the supervisory inspections, the regulators mainly focus on the effectiveness of AML controls and overall compliance in line with the regulatory requirements.

How AML UAE Services Support Compliance for Wire Transfer Services

AML UAE services support AML compliance for institutions providing wire transfer services by assisting in the design and review of AML controls specific to wire transfers, ensuring that they align with regulatory expectations and UAE AML/CFT requirements.

It also helps businesses implement a transaction monitoring and sanctions screening system to detect suspicious activity linked to wire transfers.

AML UAE helps develop policies tailored to your business and provides staff training to ensure the team understands the AML requirements and risks.

Additionally, AML UAE provides support during audits, inspections, and regulatory remediation, enabling institutions to identify the gaps effectively and ensure regulatory compliance.

FAQs - Wire Transfer Services and AML Compliance

Why are wire transfer services considered high risk for AML?

Wire transfer services are considered high-risk for AML due to speed, high-value transactions, and cross-border fund movement, making it easier to misuse for money laundering.

The AML checks that apply to wire transfers in the UAE include CDD, transaction monitoring, screening, and complete originator and beneficiary information.

Yes, cross-border wire transfers are subject to enhanced due diligence, especially when involving high-risk jurisdictions or unusual transaction patterns.

Non-compliance with AML requirements in the UAE may lead to severe consequences, including penalties, fines, and reputational damage.

Unsure if your watchlist screening meets UAE AML requirements?

Partner with us to strengthen your sanctions and watchlist compliance framework.

Contact Us Now

Explore Our Services:

AML/CFT Policy Drafting

AML Training

AML Software Selection

Regulatory Reporting

Managed KYC and CDD

AML/CFT Health Check

Risk Assessment Report

Contact Us Now

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

AML Regulations for Trust and Corporate Service Providers (TCSPs) in UAE

AML Regulations Applicable to TCSPs in UAE

Pathik Shah

Last Updated: 04/16/2026

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Quick Overview on AML Regulations for Trust and Corporate Service Providers (TCSPs)

  • AML regulations for TCSPs in the UAE apply to any business that, on a commercial basis, forms companies, acts as or supplies a director, shareholder or trustee, provides registered office services or a business address, or acts as a nominee shareholder.
  • Mainland and commercial free zone TCSPs are supervised by the Ministry of Economy and Tourism (MoET) and must comply with Federal Decree-Law No. 10 of 2025, Cabinet Resolution No. 134 of 2025, Cabinet Decision No. 74 of 2020 on targeted sanctions, Cabinet Decision No. 109 of 2023 on beneficial ownership, Cabinet Resolutions No. 71 of 2024 and No. 132 of 2023 on administrative penalties, MoET Circular 4 of 2021 and the Supplemental Guidance for Trust and Company Service Providers (May 2019).
  • The full body of DNFBP-wide guidance issued by MoET, EOCN and the UAE Financial Intelligence Unit also applies to TCSPs alongside this sector-specific framework, as TCSPs are one of the designated DNFBP categories under UAE law.

Who this guide is for

  • This TCSP AML compliance UAE guide is written for trust and company service providers in the UAE mainland and commercial free zones, supervised by the Ministry of Economy and Tourism.
  • If you are licensed inside ADGM, use the ADGM AML page. If you are licensed inside DIFC, use the DIFC AML page. Those jurisdictions apply separate rulebooks and supervisors.

Definition of TCSP

A Trust and Company Service Provider (TCSP) is a business that, on a commercial basis, provides one or more of these services to third parties: forming companies or other legal persons; acting as (or arranging for another to act as) a director, secretary, partner or similar officer; providing registered office services or a business, correspondence or administrative address; providing trustee services for an express trust or equivalent legal arrangement; or acting as (or arranging for another to act as) a nominee shareholder for another person.

Who Counts as a TCSP in the UAE?

Under UAE AML/CFT law, a trust and company service provider is defined by the activities it performs. Article 3 of Cabinet Resolution No. 134 of 2025 (Executive Regulations of Federal Decree-Law No. 10 of 2025) lists the five activities that bring a business within the DNFBP definition of a TCSP. These are the activities at the heart of AML laws for tcsp UAE.

The five TCSP activities recognised by UAE AML law:

  1. Acting as a formation agent of legal persons.
  2. Acting as, or arranging for another person to act as, a director or secretary of a company, a partner of a partnership, or a similar position in other legal persons.
  3. Providing a registered office, business address, correspondence or administrative address for a company, partnership or any other legal person or legal arrangement (registered office services).
  4. Acting as, or arranging for another person to act as, a trustee of an express trust or performing an equivalent function for another form of legal arrangement (trustee services).
  5. Acting as, or arranging for another person to act as, a nominee shareholder for another person.

If your business carries out even one of these activities as part of its regular commercial offering, you are a TCSP for AML purposes. This typically includes corporate services firms, PRO and business setup consultancies acting as registered agents, law and accounting firms offering company formation or directorship on the side, family office administrators holding nominee roles and free-zone registered agents in IFZA, Meydan, SPC, RAKEZ and similar commercial free zones.

Being licensed under a mainland Department of Economic Development or a commercial free zone authority does not change the classification. The moment a licensee offers any of the five activities above, the AML/CFT framework applies in full. This is the position taken in both MoET Circular 4 of 2021 and the May 2019 Supplemental Guidance for Trust and Company Service Providers.

Key TCSP AML Terms

  • BO (Beneficial Owner): The natural person who ultimately owns or controls the customer, typically any individual holding 25 percent or more of shares or voting rights, or exercising control by other means.
  • CDD (Customer Due Diligence): Identifying and verifying the customer, beneficial owner and the purpose of the business relationship.
  • EDD (Enhanced Due Diligence): Additional checks applied to higher-risk customers, such as PEPs or customers from high-risk jurisdictions.
  • SDD (Simplified Due Diligence): Reduced verification measures, permitted only where risk is assessed as low.
  • CRA (Customer Risk Assessment): The customer-level risk rating that drives CDD intensity and ongoing monitoring.
  • STR / SAR: Suspicious Transaction / Activity Report filed through goAML to the UAE Financial Intelligence Unit.
  • TFS: Targeted Financial Sanctions under UN Security Council resolutions and the UAE Local Terrorist List.
  • PEP: Politically Exposed Person, plus family members and close associates.
  • goAML: UAE FIU reporting portal where DNFBPs register and file STRs, SARs, HRC and other reports.

AML Supervisory Authority for Trust and Corporate Service Providers in UAE

The Ministry of Economy and Tourism (MoET), previously the Ministry of Economy, is the supervisory authority for mainland and commercial free zone TCSPs. Supervision is delivered through the MoET Anti-Money Laundering Department, working with the Executive Office for Control and Non-Proliferation (EOCN), the UAE Financial Intelligence Unit and local licensing authorities.

In practice, MoET issues sector-specific circulars, conducts thematic inspections and reviews AML/CFT risk assessments, examines customer due diligence files, and verifies goAML registration and reporting. TCSPs should expect both announced and unannounced inspections, request-for-information exercises and follow-up reviews after remediation.

The two foundational MoET publications for trust and company service providers AML UAE are MoET Circular No. 4 of 2021 and the May 2019 Supplemental Guidance for Trust and Company Service Providers. Together they define the sector, set the core obligations and explain the higher-risk typologies unique to corporate structures and trusts.

Mainland & commercial free zone TCSPs vs ADGM TCSPs vs DIFC TCSPs

The federal AML framework (Federal Decree-Law No. 10 of 2025 and its executive regulations) applies across the entire UAE, including ADGM and DIFC. What differs is the sector rulebook, supervisor and reporting surface.

DimensionMainland & Commercial Free Zone TCSPsADGM TCSPsDIFC TCSPs
Federal lawFederal Decree-Law 10/2025 and Cabinet Resolution 134/2025 apply in full.Federal Decree-Law 10/2025 and Cabinet Resolution 134/2025 apply in full.Federal Decree-Law 10/2025 and Cabinet Resolution 134/2025 apply in full.
Primary supervisorMinistry of Economy and Tourism (MoET)ADGM Registration AuthorityDubai Financial Services Authority (DFSA)
Operational rulebookCabinet Decisions 74/2020 and 109/2023, Cabinet Resolutions 71/2024 and 132/2023,
MoET DNFBPs Guideline, Circulars, May 2019 Supplemental Guidance.		ADGM FSRA AML Rulebook (AML and sanctions) and related guidance.DIFC DFSA AML, Counter-Terrorist Financing and Sanctions Module (AML Module)
and related guidance.
Reporting channelgoAML (UAE FIU)goAML (UAE FIU), plus FSRA notificationsgoAML (UAE FIU), plus DFSA notifications
This guide applies?YesNo. Use the ADGM AML page on amluae.com.No. Use the DIFC AML page on amluae.com.

Not sure if your activity makes you a TCSP?

Our team can review your licence, services and client book and confirm whether the UAE TCSP AML regime applies to you.

AML services for DNFBPs

AML Regulations Applicable to TCSPs in UAE

TCSPs must comply with a layered framework made up of federal laws, executive regulations, Cabinet decisions, overarching guidance, the National Risk Assessment, DNFBP-wide circulars and TCSP sector-specific guidance. The sections below follow the regulatory architecture that the UAE uses to supervise the sector.

AML Regulations Applicable to TCSPs in UAE

AML rules that apply to TCSPs: the five layers at a glance

Layers 1 to 4 apply because a TCSP is a DNFBP. Layer 5 adds the sector playbook. Mainland and commercial free zone TCSPs are supervised by MoET; ADGM and DIFC TCSPs follow their own free-zone AML rulebooks alongside the federal statute.

LAYER 1 | FOUNDATION | 7 INSTRUMENTS

1. Federal AML Laws and Executive Regulations Applicable to TCSPs in UAE

Federal Decree-Law 10 of 2025, Federal Law 7 of 2014, Cabinet Resolution 134 of 2025, Cabinet Decisions and Resolutions on targeted sanctions, beneficial ownership and administrative penalties.

LAYER 2 | CROSS-SECTOR | 14 PUBLICATIONS

2. Overarching AML Guidance Applicable to TCSPs

Cross-sector guidance from EOCN and the UAE FIU on targeted financial sanctions, proliferation financing, red flags, typologies, and EOCN NAS and ARS reporting systems.

LAYER 3 | RISK BASELINE | 1 CORE ASSESSMENT

3. NRA, SRA, and Other Important Guidelines Applicable to TCSPs

The UAE ML/TF National Risk Assessment 2024 sets the sector risk rating that must be reflected in every TCSP enterprise-wide risk assessment and customer risk engine.

LAYER 4 | DNFBP-WIDE | 10 PUBLICATIONS

4. DNFBP Sector-Specific Guidance Applicable to TCSPs

Ministry of Economy circulars and implementation guides that bind all DNFBPs: September 2025 DNFBP Guidelines, CRA and CDD Implementation Guides (November 2024), and 2025 and 2026 circulars on sanctions, NRA emphasis, SDD and high-risk countries.

LAYER 5 | SECTOR-SPECIFIC | 2 PUBLICATIONS

5. TCSP Sector-Specific Guidance

MoET Circular No. 4 of 2021 defining the five covered TCSP activities and core obligations, and the May 2019 Supplemental Guidance for Trust and Company Service Providers covering risk factors, CDD, ongoing monitoring and typologies unique to corporate structures and trusts.

Federal AML Laws and Executive Regulations Applicable to TCSPs in UAE

Federal AML Laws and Executive Regulations Applicable to TCSPs in UAE

Federal AML Laws at a glance

1. Federal Decree-Law 10 of 2025

AML/CFT/PF statute

2. Federal Law 7 of 2014

Combating Terrorism Crimes

3. Cabinet Resolution 134 of 2025

Executive Regulations of FDL 10/2025

4. Cabinet Decision 74 of 2020

Terrorism lists and UN sanctions

5. Cabinet Resolution 71 of 2024

Administrative penalties (MoJ/MoE)

6. Cabinet Decision 109 of 2023

Beneficial Owner procedures

7. Cabinet Resolution 132 of 2023

BO administrative penalties

Federal Decree by Law No. (10) of 2025 Regarding Anti-Money Laundering, and Combating the Financing of Terrorism and Proliferation Financing

Federal Decree-Law No. 10 of 2025 is the foundational AML/CFT/CPF statute in the UAE. It criminalises money laundering, terrorism financing and proliferation financing; establishes the Financial Intelligence Unit, the Supreme Committee for AML/CFT and the National AML/CFT Committee; and sets out the duties of financial institutions, DNFBPs and VASPs. As a DNFBP, every mainland and commercial free zone TCSP must implement the obligations flowing from this law and its executive regulations.

Key obligations that flow to TCSPs include identifying and verifying customers and beneficial owners, assessing and managing ML/TF/PF risk, applying targeted financial sanctions, filing suspicious transaction reports with the Financial Intelligence Unit through goAML, appointing a compliance officer, maintaining records for at least five years, and cooperating fully with supervisors.

Federal Law No. (7) of 2014 Combating Terrorism Crimes

Federal Law No. 7 of 2014 criminalises a range of terrorism-related offences, including the financing of terrorist organisations and individuals. It underpins the UAE Local Terrorist List regime and supports the obligation on TCSPs to screen customers and beneficial owners against both the Local Terrorist List and the UN Consolidated Sanctions List, and to freeze and report any relevant funds or assets without delay.

Cabinet Resolution No. (134) of 2025 Concerning the Executive Regulations of Federal Decree-Law No. (10) of 2025 Concerning Combating Money Laundering, Terrorist Financing, and the Financing of the Proliferation of Weapons

Cabinet Resolution No. 134 of 2025 operationalises Federal Decree-Law No. 10 of 2025. It defines DNFBPs (including the five TCSP activities), sets out the detailed requirements for customer due diligence, simplified and enhanced due diligence, ongoing monitoring, record keeping, internal controls, customer risk assessment and the appointment and duties of compliance officers. For TCSPs, this regulation is the operational rulebook that converts the statute into day-to-day procedures.

Cabinet Decision No. (74) of 2020 Regarding Terrorism Lists Regulation and Implementation of UN Security Council Resolutions on the Suppression and Combating of Terrorism, Terrorist Financing, Countering the Proliferation of Weapons of Mass Destruction and related resolutions

Cabinet Decision No. 74 of 2020, together with its amendments, implements the UAE Local Terrorist List and the targeted financial sanctions arising from UN Security Council resolutions. TCSPs must screen all customers, beneficial owners and related parties at onboarding and on an ongoing basis, freeze funds and assets without delay where a match is confirmed, and report any freeze or attempted transaction to EOCN and the Financial Intelligence Unit.

Cabinet Resolution No. (71) of 2024 Regulating Violations, Administrative Penalties Imposed on Violators of Measures for Confronting Money Laundering and Combating Financing of Terrorism Subject to the Control of the Ministry of Justice and the Ministry of Economy

Cabinet Resolution No. 71 of 2024 sets out the administrative fines and penalties that MoET and the Ministry of Justice can impose on DNFBPs, including TCSPs, for AML/CFT breaches. Fines range from a few thousand dirhams to AED 1,000,000 per violation, depending on severity. Penalties escalate for repeat violations and can include written warnings, suspension of licence, removal of board members or compliance officers and referral for criminal prosecution.

Cabinet Decision No. (109) of 2023 On Regulating the Beneficial Owner Procedures

Cabinet Decision No. 109 of 2023 governs the identification, disclosure and registration of beneficial owners of UAE legal persons. TCSPs are doubly affected because they help clients set up and administer the very entities this regulation targets.

TCSPs must help clients identify the ultimate beneficial owner (typically anyone owning or controlling 25 per cent or more of shares or voting rights, or exercising control by other means), maintain up-to-date beneficial ownership registers and share information with the registrar on request. TCSPs that act as nominee shareholders or nominee directors must disclose their nominee status and the identity of the person they act for. See our guide to beneficial ownership in the UAE for the federal beneficial ownership section in detail.

Cabinet Resolution No. (132) of 2023 Concerning the Administrative Penalties against Violators of The Provisions of the Cabinet Resolution No. (109) of 2023 Concerning the Regulation of Beneficial Owner Procedures

Cabinet Resolution No. 132 of 2023 specifies the administrative fines for breaches of the beneficial ownership regime. Typical TCSP-relevant breaches include failing to maintain an accurate beneficial ownership register, failing to notify changes to the registrar within the prescribed timelines, and failing to disclose nominee arrangements.

Overarching AML Guidance Applicable to TCSPs

The Executive Office for Control and Non-Proliferation (EOCN) and the Financial Intelligence Unit publish cross-sector guidance that binds TCSPs alongside the federal laws. The most relevant pieces are listed below.

Overarching AML Guidance Applicable to TCSPs

Overarching AML guidance at a glance

1. EOCN TFS Guidance

March 2026

2. FIU Terrorist Financing Report

May 2025

3. TFS Case Studies

April 2024

4. PF Institutional RA Guidance

December 2023

5. TF/PF Red Flags Guidance

December 2023

6. Unlicensed VASPs Joint Guidance )

November 2023

7. Counter PF Guidance

November 2022

8. Satisfactory/Unsatisfactory Practice

June 2021

9. TFS Circumvention Typologies

March 2021

10. Grievance Procedures Guideline

11. Grievance Procedures Guideline

12. Combating PF & Sanctions Evasion

13. EOCN NAS Subscription Guide

14. Registration in the Automatic Reporting System

Guidance on Targeted Financial Sanctions for Financial Institutions, Designated Non-Financial Business and Professions (DNFBPs) and Virtual Asset Service Providers (VASPs) issued by the Executive Office for Control and Non-Proliferation (EOCN) – March 2026

The latest EOCN sanctions guidance restates the expectation that DNFBPs, including TCSPs, screen all customers, beneficial owners and counterparties at onboarding, periodically through the lifecycle and immediately following sanctions list updates. It also clarifies expectations around proportionate list-management technology, subscription to the EOCN Notification Alert System (NAS) and registration on the Automatic Reporting System.

FIU’s Strategic Analysis Report on Terrorist Financing – May 2025

The FIU strategic analysis report flags the misuse of shell and front companies, nominee structures and opaque trusts as recurring terrorism financing typologies. TCSPs should read the report as a risk map, focusing on red flags around rapid changes of ownership, unclear source of funds and clients whose stated business does not match their transaction behaviour.

Strategic Review on Targeted Financial Sanctions Case Studies - April 2024

The EOCN case studies illustrate real sanctions-evasion attempts through UAE corporate structures, including layered ownership, use of nominee directors and diversion of funds through related-party loans. TCSPs should cross-refer the typologies back to their own customer book during enterprise and customer risk assessments.

Proliferation Finance Institutional Risk Assessment Guidance for FIs, DNFBPS, and VASPs - December 2023

This guidance expects DNFBPs to conduct a specific proliferation financing risk assessment (separate from, but aligned with, the ML/TF risk assessment). TCSPs are particularly exposed because front companies in dual-use trade sectors are a classic proliferation financing typology.

Terrorist and Proliferation Financing Red Flags Guidance - December 2023

The red flags guidance lists behavioural, transactional and documentary indicators that should drive enhanced scrutiny and, where appropriate, STR or SAR filings. TCSPs should consider the TCSP-relevant red flags in their customer risk rating engine and ongoing monitoring rules.

Joint Guidance on Combating the Use of Unlicensed Virtual Asset Providers in the UAE – November 2023

Where a TCSP forms or services a client whose activity involves virtual assets, the client must be licensed by the competent UAE VASP supervisor or equivalent. TCSPs must not knowingly enable unlicensed VASP activity and should treat any such red flag as grounds for enhanced due diligence and, if suspicion persists, an STR.

Guidance on Counter Proliferation Financing for FIs, DNFBPs, and VASPS - November 2022

This foundational guidance underpins the UAE proliferation financing framework. TCSPs should use it to structure their proliferation financing policy, controls and staff training.

Joint Guidance – satisfactory/unsatisfactory practice – June 2021

The satisfactory/unsatisfactory practice note sets supervisory expectations by describing examples of good and poor AML/CFT practices observed during inspections. TCSPs can use the unsatisfactory examples as a self-assessment checklist.

Typologies on the circumvention of Targeted Sanctions against Terrorism and the Proliferation of Weapons of Mass Destruction - March 2021

The March 2021 typologies note describes methods used to evade targeted financial sanctions, many of which involve TCSPs unknowingly. It should shape the red flags built into the sanctions screening and ongoing monitoring framework.

Guideline on Grievance Procedures

This guideline explains how regulated entities, including TCSPs, can challenge supervisory decisions or administrative penalties through the online grievance system operated by the supervising authority.

Online Grievance System User Guide

The online grievance system user guide gives step-by-step instructions for submitting and tracking grievances and supporting documentation.

Combating Proliferation Financing and Sanctions Evasion

A practical reference on recognising and responding to proliferation financing and sanctions-evasion schemes, including transaction monitoring techniques and reporting expectations.

Simple Guide to Subscribe to the EOCN Notification Alert System (NAS)

The NAS delivers real-time updates on amendments to the UAE Local Terrorist List and UN sanctions lists. TCSPs are expected to subscribe to and integrate NAS alerts into their sanctions screening workflow.

NRA, SRA, and Other Important Guidelines Applicable to TCSPs

UAE ML/TF National Risk Assessment — 2024

The NRA 2024 confirms that trust and company service providers sit in the medium-high vulnerability band for money laundering and terrorism financing, driven by the sector’s use of nominee arrangements, complex ownership structures and international flows. Every TCSP must read the NRA, reflect its findings in the enterprise-wide risk assessment and document how the NRA drives the customer, product, geography and delivery-channel risk ratings inside the customer risk assessment engine.

DNFBPs Sector-Specific Guidance Applicable to TCSPs

Ministry of Economy and Tourism circulars apply to the entire DNFBP population, but the practical impact on TCSPs is particularly significant because of the way TCSPs interact with ownership, control and cross-border flows.

DNFBPs Sector-Specific Guidance Applicable to TCSPs

DNFBP sector-specific guidance: 10 key publications

1. Circular 1 of 2026

High-risk country list update

2. DNFBP AML/CFT Guidelines

September 2025

3. Circular 3 of 2025

Sanctions list screening

4. Circular 4 of 2025

NRA 2024 emphasis

5. Circular 6 of 2025

Risk-based CDD (SDD focus)

6. Circular 7 of 2025

UN sanctions on Iran

7. Circular 8 of 2025

High-risk country list update

8. CRA Implementation Guide

November 2024

9. CDD Implementation Guide

November 2024

10. Circular 2 of 2022

TFS under UNSCRs 1718 and 2231

Circular No. (1) of 2026 on Updating the Lists of High-Risk Countries, Countries Subject to Increased Monitoring, and Related Measures

Circular 1 of 2026 rolls the latest FATF public statements into UAE supervisory expectations. TCSPs must apply enhanced due diligence and, where required, counter-measures to customers, beneficial owners and transactions connected to jurisdictions identified as high-risk or subject to increased monitoring.

AML/CFT Guidelines for Designated Non-Financial Businesses and Professions – September 2025

The September 2025 DNFBP Guidelines consolidate MoET expectations across the full AML/CFT lifecycle: enterprise risk assessment, customer risk assessment, CDD, EDD, simplified due diligence, ongoing monitoring, sanctions screening, beneficial ownership, record keeping, training, independent audit, governance and reporting. TCSPs should treat the Guidelines as the default baseline and only deviate where a supervisor confirms otherwise.

Circular No. (3) of 2025 on emphasize the importance of screening sanctions and terrorist lists

Circular 3 of 2025 emphasises the importance of screening customers, beneficial owners, counterparties and transactions against both the UAE Local Terrorist List and the UN Consolidated List, at onboarding and on an ongoing basis, including following every list update.

Circular No. (4) of 2025 on emphasize the importance Understanding the Importance of the UAE 2024 National Risk Assessment

Circular 4 of 2025 instructs DNFBPs to embed NRA 2024 findings in their risk frameworks. For TCSPs, this means reflecting the sector rating in the enterprise risk assessment and calibrating CDD intensity, sanctions screening scope and transaction monitoring rules accordingly.

Circular No. (6) of 2025 on Emphasizing the Implementation of Risk-Based Customer Due Diligence Measures (with a Focus on Simplified Due Diligence)

Circular 6 of 2025 clarifies that simplified due diligence is permitted only where the underlying risk is assessed as low and no red flags are present. TCSPs should default to standard CDD and document any application of SDD with a clear low-risk rationale.

Circular No. (7) of 2025 Regarding the Reimposition of United Nations Sanctions Related to Iran Pursuant to United Nations Security Council Resolution No. 1737 (2006) and Subsequent Resolutions

Circular 7 of 2025 addresses the reimposition of UN sanctions related to Iran under UNSCR 1737 (2006) and subsequent resolutions. TCSPs must update screening lists, review existing customer books and file reports as required.

Circular No. (8) of 2025 on Updating the Lists of High-Risk Countries, Countries Subject to Increased Monitoring, and Related Measures.

Circular 8 of 2025 aligns UAE supervisory measures with the latest FATF public statements on high-risk and increased-monitoring jurisdictions.

Implementation Guide For DNFBPs on Customer Risk Assessment (CRA) – November 2024

The CRA Implementation Guide provides a methodology and template for rating individual customer risk. TCSPs should align their customer risk assessment engine to this guidance, covering customer type, beneficial ownership risk, geography, product, delivery channel and transaction risk.

Implementation Guide For DNFBPs on Customer Due Diligence (CDD) – November 2024

The CDD Implementation Guide sets out step-by-step expectations for identifying and verifying natural and legal persons, identifying and verifying beneficial owners, understanding the purpose and intended nature of the business relationship, verifying the source of funds and conducting ongoing monitoring.

Circular No. (2) of 2022 regarding Implementation of Targeted Financial Sanctions (TFS) on UNSCRs 1718 (2006) and 2231 (2015)

Circular 2 of 2022 operationalises targeted financial sanctions in relation to proliferation financing, particularly the regimes around the DPRK (UNSCR 1718 of 2006) and Iran (UNSCR 2231 of 2015).

TCSP Sector-Specific Guidance

TCSP sector-specific guidance

1. MoET Circular No. 4 of 2021

Core sector circular

2. Supplemental Guidance for TCSPs

May 2019 — sector playbook

MoET Circular No. (4) of 2021

MoET Circular No. 4 of 2021 remains the foundational sector-specific circular for corporate and trust service providers. It defines the activities that make a business a company service provider, sets out core obligations around appointment of a compliance officer, customer due diligence, record keeping, STR reporting through goAML, targeted financial sanctions and registration on the supervisory portal, and outlines inspection procedures and supervisory expectations. This is the single most-cited reference in MoET inspections of the sector.

Supplemental Guidance for Trust and Company Service Providers – May 2019

The 2019 Supplemental Guidance is the most detailed publicly available view of how MoET expects TCSPs to manage their specific risk profile. It covers covered activities and services, customer risk factors (including nominee arrangements, complex structures, cross-border beneficial owners, PEPs and high-risk source of funds), CDD expectations at onboarding and through the lifecycle, ongoing monitoring, suspicious transaction reporting typologies, record keeping, training and independent audit. Used alongside the September 2025 DNFBP Guidelines, it is the core playbook for TCSP AML compliance UAE.

Practical TCSP AML compliance programme

The sequence below converts the regulatory framework into a practical implementation path, ordered so that earlier steps feed later ones (for example, the enterprise risk assessment must exist before you can risk-rate customers under the customer risk assessment engine).

  1. Register on goAML as a DNFBP reporting entity and set up users, alert subscriptions and reporting permissions.
  2. Register on the MoET supervisory portal and complete or refresh the AML/CFT returns.
  3. Appoint a Compliance Officer and an alternate, and document the reporting line to senior management or the board.
  4. Carry out an enterprise-wide ML/TF/PF risk assessment that reflects NRA 2024, the DNFBP Guidelines and the TCSP Supplemental Guidance.
  5. Develop AML/CFT policies and procedures covering customer risk assessment, CDD, EDD, SDD, beneficial ownership, sanctions screening, PEP handling, ongoing monitoring, record keeping and reporting.
  6. Build a customer risk assessment engine aligned with the November 2024 CRA Implementation Guide.
  7. Operationalise CDD and EDD at onboarding and throughout the lifecycle, aligned with the November 2024 CDD Implementation Guide.
  8. Implement sanctions and PEP screening at onboarding, periodically and immediately after any list update, including subscription to the EOCN Notification Alert System.
  9. Configure ongoing monitoring with rules and red flags drawn from FIU strategic reports, EOCN typologies and sector-specific guidance.
  10. File STRs or SARs through goAML without delay where suspicion arises and maintain tipping-off controls.
  11. Maintain records for no less than five years after the end of the relationship or the completion of the transaction.
  12. Deliver annual AML/CFT training to all relevant staff, covering typologies and red flags specific to TCSP activity.
  13. Commission an independent audit or review of the AML/CFT programme on a risk-sensitive frequency, at least annually for higher-risk TCSPs.
  14. Escalate any sanctions hit, STR or SAR to senior management immediately, with evidence retained in the case file.

Ready to operationalise your TCSP AML programme?

AML UAE can deliver the full programme for mainland and commercial free zone TCSPs

Compliance officer outsourcing

Conclusion: AML regulations for TCSPs in the UAE

AML regulations for TCSPs in the UAE are comprehensive and exacting for a reason: the sector sits at the gateway of UAE company ownership and control. If you operate as a mainland or commercial free zone TCSP, the practical stance is simple. Treat Federal Decree-Law 10 of 2025, Cabinet Resolution 134 of 2025, Cabinet Decisions 74 of 2020 and 109 of 2023, Cabinet Resolutions 71 of 2024 and 132 of 2023, MoET Circular 4 of 2021 and the 2019 Supplemental Guidance as the non-negotiable spine of your programme. Layer on the September 2025 DNFBP Guidelines, the November 2024 CRA and CDD Implementation Guides and the latest MoET and EOCN circulars as operational detail.

Prioritise beneficial ownership, sanctions screening and customer risk assessment. Keep documented evidence of every risk-based decision. Where uncertainty exists, escalate to senior management and, where appropriate, seek supervisory clarification rather than improvising. And if you are inside ADGM or DIFC, move to the dedicated jurisdiction pages rather than using this guide as your rulebook.

Build a Robust AML Compliance Program

We provide customised AML/CFT Policies and Procedures that are compliant with UAE Laws

Contact Us

Frequently Asked Questions

Who is treated as a TCSPS under UAE AML law?

Any natural or legal person who, on a commercial basis, forms companies, acts as or arranges a director, partner, secretary, trustee or nominee shareholder, or supplies registered office services or a business address for a legal person or legal arrangement. The test is activity-based under Cabinet Resolution 134 of 2025 and MoET Circular 4 of 2021.

The Ministry of Economy and Tourism (MoET) supervises mainland and commercial free zone TCSPs. ADGM TCSPs are supervised by the ADGM Registration Authority, and DIFC TCSPs by the DFSA under their own AML rulebooks.

TCSPs must register on goAML, appoint a compliance officer, run an enterprise-wide ML/TF/PF risk assessment, implement CDD and EDD, verify beneficial ownership, screen against sanctions and PEP lists, subscribe to the EOCN Notification Alert System, conduct ongoing monitoring, file STRs/SARs without delay, keep records for at least five years, train staff and commission an independent audit.

Because TCSPs get involved in various services (company formation, nominee shareholder and trustee services) that are used to obscure ownership. Cabinet Decision 109 of 2023 places strict obligations on the legal person and, in practice, on the TCSP administering it, to identify and keep current the 25% or more beneficial owner or anyone otherwise exercising control, and to disclose nominee arrangements.

Yes. ADGM and DIFC operate as financial free zones with their own AML rulebooks, supervised by the FSRA and DFSA, respectively, with their own rulebook-level penalties. The federal statute Federal Decree-Law 10 of 2025 still overarches the UAE AML system, but the operational rulebook for ADGM and DIFC TCSPs is the free-zone one, not the MoET Circulars. Use the dedicated ADGM and DIFC jurisdiction pages on amluae.com for those regimes.

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Return Fraud​

Pathik Shah

Last Updated: 04/15/2026

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Return Fraud in AML- At a Glance

  • Return fraud refers to the misuse of refund systems to convert illicit funds into legitimate-looking funds.
  • Return fraud presents AML risk in the UAE due to rapid e-commerce expansion, high transaction volume, and cross-border purchases.
  • Common return fraud techniques involve the use of multiple identities, mule accounts, refunds issued to alternate cards, or cycling funds through repeated purchases.
  • AML UAE services help detect and prevent return fraud risks by monitoring suspicious refund patterns, assessing customer risk, and supporting STR reporting.

What Is Return Fraud in Money Laundering?

Return fraud in money laundering is a type of abuse of retail returns policies, which includes returning stolen goods or using a forged receipt to convert illicit funds into legitimate-looking money.

The key difference between customer abuse and organised return fraud lies in intent, as customer abuse typically involves unintentional or accidental mistakes, such as returning an item that was not purchased or not received. At the same time, organised return fraud involves deliberate, repeated schemes using stolen payment methods or fake receipts to disguise illegal funds and make them look legitimate, helping criminals complete the integration stage of money laundering.

Due to this risk, AML programs must treat patterns like frequent returns or high-value refund activity as suspicious, ensuring proper monitoring, investigation, and reporting where required.

Why Return Fraud Matters in AML

Return fraud in AML is beyond consumer fraud; it’s often a recognised money laundering typology, which is used to make illegal funds appear legitimate, as criminals use illicit money to buy goods and then return them to receive funds from legitimate businesses, making the funds appear legitimate.

By exploiting return systems, criminals facilitate the integration stage of money laundering, in which illicit funds are reintroduced into the financial system as legitimate funds.

Return fraud is relevant to UAE retailers, e-commerce platforms, payment providers, and banks due to their high transaction volumes and flexible return policies, making them harder to detect.

Why Return Fraud Presents AML Risk in the UAE

Due to the following reasons, return fraud presents an AML risk in the UAE, which includes:

  • Rapid expansion of e-commerce and omnichannel (multiple connected ways) retail in the UAE, which enables flexible return policies and increased volume of transactions, making it easier to exploit the refund systems.
  • Because of high transaction volumes daily and rapid refund processing, it is harder to detect the suspicious pattern in time.
  • Many transactions involve cross-border purchases and different payment methods such as cards or wallets, which makes tracking the source of funds more difficult.
  • Risk exposure for multiple entities, including merchants, payment service providers, and banks, as they may unknowingly proceed or facilitate illicit refund transactions, increasing the AML risks.

Common Return Fraud Techniques Used to Launder Money

The common return fraud techniques used for money laundering are as follows:

  • Criminals buy items using illegal or stolen funds and return the items to receive legitimate funds.
  • Refunds are directed to different wallets or accounts instead of the original payment methods to hide the money trail.
  • Criminals often use multiple identities or mule accounts for transactions to avoid detection.
  • Criminals target the business with weak return controls and no-receipt policies, making it easier for them to return goods and obtain refunds without proper verification.
  • They also use cycling funds via repeated purchase and return patterns to move and clean the illegal funds.

Return Fraud and Source of Funds / Source of Wealth Concerns

Return fraud creates a key source of funds and a source of wealth concerns, due to the following reasons:

  • Refunds from the legitimate business can make the illicit funds appear genuine, which often hides the real source of funds.
  • Inconsistency in the customer profile that does not match their known income or financial behaviour raises suspicions.
  • Frequent returns, high-value refunds, or refunds to different accounts are red flags and may indicate potential fraud or money laundering.
  • Institutions are required to implement enhanced due diligence for high-risk customers to verify their source of funds and source of wealth.

UAE AML Regulatory Expectations Relevant to Return Fraud

The key regulatory expectations associated with return fraud include:

  • Regulators expect to implement the UAE AML/CFT framework for retail and payment activities to ensure that risks arising from return fraud are properly identified, assessed, and controlled.
  • Institutions are required to implement effective transaction monitoring to detect unusual and suspicious transactional behaviour.
  • The institutions are required to file the suspicious transaction report to the relevant authority in a timely manner whenever suspicious return or refund activity appears.
  • Regulators expect institutions to identify and manage non-traditional money laundering risks, such as return fraud.

How AML UAE Services Help Detect and Prevent Return Fraud

AML UAE services help detect and prevent return fraud risks through fraud-AML risk integration and typology mapping to identify common fraud patterns used for money laundering.

AML UAE helps in designing transaction monitoring rules to identify unusual and suspicious refund abuse, such as frequent returns, high refunds, or different payment methods.

AML UAE enables customer risk profiling and behavioural analysis to identify inconsistencies in customer profiles.

AML UAE also provides support for drafting and filing a suspicious transactions report and supports institutions in meeting regulatory reporting requirements through proper workflows and documentation.

FAQs - Return Fraud in AML

What is return fraud in money laundering?

Return fraud in money laundering is when criminals use refunds to convert illegal money into legitimate-looking funds.

Return fraud is considered an AML risk because it enables illegal money to be disguised as normal refunds from the legitimate business.

Yes, unusual refund patterns such as frequent or high-value refunds should be monitored as part of AML controls.

The key red flags indicating refund-based money are frequent returns, high-refund amounts, or refunds to different accounts.

Yes, businesses in the UAE are required to report suspicious return activity through suspicious transaction reports.

Unsure if your watchlist screening meets UAE AML requirements?

Partner with us to strengthen your sanctions and watchlist compliance framework.

Contact Us Now

Explore Our Services:

AML/CFT Policy Drafting

AML Training

AML Software Selection

Regulatory Reporting

Managed KYC and CDD

AML/CFT Health Check

Risk Assessment Report

Contact Us Now

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Trade Finance Manipulation

Pathik Shah

Last Updated: 04/13/2026

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Key Highlights – Trade Finance Manipulation

  • Trade finance manipulation is a misuse of trade documents to engage in money laundering and terrorist financing activities.
  • Criminals use techniques such as over-invoicing, under -invoicing, and multiple invoicing to move value across borders and avoid detection.
  • Regulators in UAE require DNFBPs and Financial Institutions to implement customer due diligence measures and monitor cross-border trade transactions.
  • Regulated entities must verify trade documents, implement EDD for high-risk customers and provide staff AML training for trade finance fraud detection.

What is Trade Finance Manipulation in AML?

Trade Finance Manipulation means the use of fraudulent practices to alter, fake or misrepresent trade finance documents to mislead financial institutions. Criminals manipulate trade finance to engage in trade-based money laundering (TBML), hiding illicit funds and moving them across borders.

Trade Finance Manipulation involves exploiting trade finance instruments, such as bills of lading and Letters of Credit, to justify funds movement when actually no goods or services exchange took place. It poses a serious risk of money laundering and terrorist financing in UAE, requiring financial institutions and DNFBPs to apply effective AML/CFT controls.

Common Techniques of Trade Finance Manipulation in UAE

Criminals use the following tactics to manipulate trade finance instruments in UAE:

  • Misrepresenting the prices of goods on invoices, either by setting a higher price (over-invoicing) or by stating a lower price (under-invoicing) to transfer value across borders.
  • Using existing trade documents multiple times for a single shipment of goods to justify multiple payments (multiple invoicing).
  • Altering or forging trade documents such as shipping bills, invoices, and LCs to deceive regulated entities.
  • Creating fake shipping documents to represent the shipment of goods that didn’t actually happen (phantom shipping or ghost trading).
  • Disguising the quality or quantity of goods to hide transaction value or move counterfeit goods.

Key Red Flags of Trade Finance Manipulation for UAE Businesses

DNFBPs and Financial Institutions in UAE must identify the following red flags of trade finance manipulation:

  • Mismatch between the market price and the goods value on invoices.
  • Unnecessary moving goods through complex shipping paths or unusual trade routes to hide the origin, destination, ownership or nature of goods.
  • Repeated use of high-risk jurisdictions, those with weak AML controls as flagged by FATF, for layering transactions.
  • Inconsistency between shipping documents and trade transactions or submitted documents appears to be fictitious.
  • Use of shell companies registered in countries with weak AML controls, and that have no clear business purpose.
  • Inconsistency between transaction value and customer profile, representing an attempt to move illicit money or goods across borders.

Regulatory Framework Addressing Trade Finance Manipulation in UAE

The primary AML/CFT law that governs UAE is the Federal Decree-Law No. 10 of 2025 on Anti-Money Laundering and Combating the Financing of Terrorism and Proliferation Financing, and the Cabinet Decision No. 134 of 2025 concerning the executive regulation of this Decree Law.

Further, the Central Bank of the UAE supervises and regulates the financial institutions in the UAE and issues regulations, guidelines, and standards for AML/CFT compliance to prevent trade finance manipulation. The UAE Financial Intelligence Unit is the reporting authority responsible for collecting, analysing, and disseminating Suspicious Transaction Reports (STRs).

Moreover, the Financial Action Task Force (FATF) requires regulated entities to adopt a risk-based approach for combating trade-based money laundering (TBML). Key compliance obligations for DNFBPs and financial institutions include developing policies, implementing customer due diligence, transaction monitoring, record-keeping, staff training and regulatory reporting.

Failure to comply with AML/CFT obligations, including trade finance monitoring, can result in severe penalties and reputational damage.

How AML UAE Services Help Detect Trade Finance Manipulation

AML UAE helps regulated entities to utilise technology such as transaction monitoring systems to combat TBML practices. It assists in choosing the right AML software that helps detect anomalies by analysing trade data. Further, the support involves providing managed KYC and CDD services to help you lower the compliance cost and stay compliant at all times. It helps screen customers against sanctions watchlists and check dual-use goods to prevent financial crime.

AML UAE helps implement enhanced due diligence for high-risk customers to identify complex ownership structures, involvement with high-risk jurisdictions and apply measures to mitigate ML/TF/PF risks. Moreover, AML UAE supports entities in replacing manual reviews and automating processes, offering higher accuracy in detecting trade finance manipulation and ensuring UAE regulatory compliance.

Best Practices to Prevent Trade Finance Manipulation in UAE

Regulated entities must implement the following best practices to prevent trade finance manipulation in UAE:

  • Implement strict customer due diligence, including identifying and verifying customers, beneficial owners, and intermediaries.
  • Utilise AML transaction monitoring systems that integrate trade finance while detecting anomalies and unusual payments.
  • Provide staff AML training to understand TBML risks and typologies and detect them early for further investigation and reporting.
  • Verify trade documents against the government sources and match invoice prices with the current market value of goods and services to prevent ML/TF risks in real-time.
  • Conduct periodic independent AML audits or health checks to identify gaps and manage TBML risks effectively.
  • Support UAE regulatory authorities by documenting records and maintaining audit trails for inspections or STR investigations.

FAQs on Trade Finance Manipulation

What is trade finance manipulation in money laundering?

Trade finance manipulation is a trade-based money laundering practice that involves altering, forging, or misrepresenting trade documents to move money across borders or engage in illicit activities.

Criminals use techniques such as over-invoicing, under-invoicing, multiple invoicing, and phantom shipments to engage in trade-based money laundering in UAE.

Common red flags in trade finance transactions include unusual trade routes, a mismatch between market price and goods value, involvement of high-risk jurisdictions, use of shell companies, and others.

Banks should use automated tools such as advanced transaction monitoring systems that detect anomalies and unusual patterns to identify trade finance fraud.

Criminals use trade finance instruments to convert illicit funds into clean payments by misrepresenting the price, quality or quantity of goods and services, making them vulnerable to money laundering.

Unsure if your watchlist screening meets UAE AML requirements?

Partner with us to strengthen your sanctions and watchlist compliance framework.

Contact Us Now

Explore Our Services:

AML/CFT Policy Drafting

AML Training

AML Software Selection

Regulatory Reporting

Managed KYC and CDD

AML/CFT Health Check

Risk Assessment Report

Contact Us Now

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

High-Cash Flow Real Estate

Pathik Shah

Last Updated: 04/13/2026

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Key Takeaways: High-Cash Flow Real Estate

  • High-Cash Flow Real Estate involves investing in revenue-generating properties.
  • Criminals acquire such properties to engage in money laundering practices and convert illicit funds into legitimate payments.
  • Regulators require regulated entities to conduct customer due diligence, monitor transactions, provide staff training, and submit STR/SAR filings to ensure AML/CFT compliance.
  • AML UAE supports regulated entities such as real estate brokers and agents to identify, assess and manage high-cash-flow real estate risks and meet regulatory obligations for compliance.

Understanding High-Cash Flow Real Estate in the AML Context

High-Cash-Flow Real Estate means purchasing property that generates significant income, after covering all expenses. Such properties attract legitimate investors who seek consistent gains and also illicit actors to engage in money laundering.

Cash-intensive property sectors such as serviced apartments, short-term rentals, hospitality, and mixed-use commercial spaces offer anonymity and frequent cash transaction facilities, making them vulnerable to money laundering.

Factors such as high liquidity, rapid transactional turnover, and fragmented ownership structures elevate AML risks by facilitating the concealment of illicit funds within the legitimate financial system.

Why High-Cash Flow Real Estate is a Target for Money Laundering

Criminals misuse real estate to convert their illicit funds into legitimate revenue, as the sector allows high-value cash transactions. They create fake leases, inflate rent payments, provide tenants with illicit cash to pay advance rents, or engage in sham leases.

Further, money launderers use shell companies or nominee arrangements to hide beneficial ownership or the source of funds to indulge in real estate transactions and evade detection.

Moreover, criminals use property-driven laundering schemes such as manipulation of property values, rapid resale, unusual payment methods, and others to place, layer, and integrate illicit funds.

Key Money Laundering Typologies in High-Cash Flow Real Estate

The following are key money laundering typologies in high-cash-flow real estate:

  • Over-inflating the rental income just to justify a large amount of cash transactions.
  • Use of fake occupancy or false tenancy agreements to deceive regulated entities or authorities.
  • Frequent buying and selling of property in a short duration to hide the ownership.
  • Use of luxury properties to convert illicit funds into legitimate rental income through manipulated or fake bookings.
  • Property transactions that involve high-risk jurisdictions or sanctioned individuals/entities.

UAE AML Regulatory Requirements for High-Cash Flow Real Estate

The primary law that governs the real estate sector in UAE involves the Federal Decree-Law No. 10 of 2025. The Cabinet Decision No. 134 of 2025 ensures that real estate agents and brokers are subject to the AML law that concerns the Implementing Regulation of the Decree-Law.

The real estate sector is included in Designated Non-Financial Businesses and Professions (DNFBPs), which mandate CDD obligations for real estate brokers, property managers, developers, and leasing firms.

The Ministry of Economy (MOE) require real estate brokers and agents to conduct customer due diligence (CDD), including verifying beneficial owners, beneficiaries, and controlling persons. Entities must use a risk-based approach to determine the internal policies, procedures and controls for effective CDD.

Regulators require these entities to document rental agreements, proof of payments, source of fund checks, and ownership proof. With this, they must validate tenant profiles and perform ongoing monitoring to detect anomalies or changes in customers’ profiles.

Customer Due Diligence for High-Cash Flow Real Estate Transactions

Regulated entities, specifically real estate agents or brokers, must identify and verify their customers as part of due diligence. With this, they must identify beneficial owners to understand ML/TF risks linked to property and rental entities.

Further, entities must perform enhanced due diligence for high-risk customers. It involves assessing the source of funds (SoF) and the source of wealth (SoW) for lessors, buyers and tenants to ensure money derived from legitimate sources.

Regulated entities must screen their customers, along with parties such as landlords, managers, tenants and related entities, to identify sanctions, PEP and adverse media individuals.

Technology and Data Controls for High-Cash Flow Real Estate AML Compliance

Regulated entities should use digital onboarding tools to identify and verify customers by conducting effective and accurate due diligence. Entities should also use transaction monitoring systems that ensure real-time monitoring, anomaly detection, and analysis of SoF and SoW.

Further, leveraging explainable AI, smart-rental analytics, and document verification systems instead of manual processes ensures transparency and rational decision-making. Moreover, using these advanced systems supports monitoring high-risk patterns like structured cash deposits, payments through third parties, or rapid short-stay bookings.

Using technology helps regulated entities maintain audit trails, validate rental income, and perform ongoing risk assessments to analyse risks in real-time, ensuring AML compliance.

Common Compliance Gaps in Cash-Intensive Real Estate Operations

Regulators find the following compliance gaps in cash-intensive real estate operations during inspections:

  • Weak measures to onboard tenants and sub-tenants, lacking screening or background checks.
  • Failure to document or track property-management or rental income flows.
  • Failure to identify and verify beneficial ownership that owns or controls several different properties, hidden behind shell companies, trusts, or nominee persons.
  • Failure to perform ongoing transaction monitoring to detect unusual payment behaviours.

How AML UAE Supports High-Cash Flow Real-Estate Compliance

AML UAE assists real estate brokers, property managers, developers, and leasing companies in applying effective AML controls, including designing AML policies and procedures and implementing customer due diligence.

Further, AML UAE helps implement risk-based framework, select screening systems, and establish documentation standards to identify, assess and manage ML/TF risks and avoid regulatory penalties.

Moreover, AML UAE assists through effective AML health checks, helping entities find gaps in their compliance controls and remain ready for regulatory inspections. The staff training support helps educate compliance teams about evolving threats and understand their compliance functions adequately.

FAQs on High-Cash-Flow Real Estate

What AML controls should be implemented for high-cash-flow real estate transactions?

AML controls such as enhanced due diligence, sanctions screening, transaction monitoring, regulatory reporting, record-keeping, staff training, and an independent AML audit should be implemented for high-cash-flow real estate transactions.

High cash flow real estate in AML includes properties such as apartment complexes, hotels, or shopping centres that facilitate large volume transactions, allowing criminals to convert illicit funds into legitimate payments.

Key red flags in high-cash-flow real estate include complex ownership structures, rapid, unusual cash transactions, rapid resale of properties, and use of third parties.

High-cash-flow real estate involves high-value transactions with sometimes weak regulatory oversight, which allows criminals to place, layer or integrate illicit funds into the financial system and engage in money laundering.

Unsure if your watchlist screening meets UAE AML requirements?

Partner with us to strengthen your sanctions and watchlist compliance framework.

Contact Us Now

Explore Our Services:

AML/CFT Policy Drafting

AML Training

AML Software Selection

Regulatory Reporting

Managed KYC and CDD

AML/CFT Health Check

Risk Assessment Report

Contact Us Now

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

United Nations Security Council Resolutions (UNSCRs)

Pathik Shah

Last Updated: 04/07/2026

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Key Takeaways: United Nations Security Council Resolutions (UNSCRs)

  • Relevant UNSCRs adopted under Chapter VII of the UN Charter are legally binding on all UN Member States, including the UAE, and give rise to mandatory targeted financial sanctions (TFS) obligations under FATF Recommendations 6 and 7.
  • The UAE implements UNSCR-based TFS through Cabinet Resolution No. 74 of 2020, converting international obligations into enforceable domestic law applicable to all regulated entities — FIs and DNFBPs alike.
  • UAE-regulated entities must screen all parties — customers, beneficial owners, and transaction counterparties — against the UN Consolidated List and the UAE Local Terrorist List, and must freeze assets without delay upon identification of a true match.
  • The Executive Office for Control and Non-Proliferation (EOCN) is the UAE’s designated competent authority for TFS implementation and coordinates enforcement across sector supervisory authorities.
  • Non-compliance with UNSCR obligations carries criminal penalties under Article 33 of Federal Decree-Law No. 10 of 2025 — a fine of not less than AED 20,000, imprisonment, or both — in addition to administrative sanctions, including licence suspension or cancellation.

Why United Nations Security Council Resolutions (UNSCRs) Matter for AML and Sanctions Compliance in the UAE

United Nations Security Council Resolutions are decisions adopted by the UN Security Council. United Nations Security Council Resolutions adopted under Chapter VII of the UN Charter carry binding force on all UN Member States by operation of Article 25 and Article 103 of the Charter. Chapter VII is invoked when the Security Council determines that a threat to international peace and security exists.

Resolutions adopted under other provisions of the Charter, including those under Chapter VI, are not legally binding in the same mandatory sense. For regulated entities in the UAE, this distinction is operationally critical: only resolutions with Chapter VII authority give rise to mandatory targeted financial sanctions obligations, and those are the resolutions that Cabinet Resolution No. 74 of 2020 domestically implements.

Regulated entities in the UAE must implement sanctions screening, identify designated persons and entities, freeze without delay where required, prohibit making funds or economic resources available, and comply with reporting, escalation, and internal control requirements under UAE law.

What are United Nations Security Council Resolutions (UNSCRs)? Legal Basis and the Binding Force Under the UN Charter

United Nations Security Council Resolutions are formal decisions adopted by the fifteen-member UN Security Council. The Security Council bears primary responsibility under the UN Charter for the maintenance of international peace and security.

Article 25 of the UN Charter provides that UN Member States agree to accept and carry out the decisions of the Security Council. Where resolutions are adopted under Chapter VII — which covers actions with respect to threats to the peace, breaches of the peace, and acts of aggression — they carry mandatory binding force on all 193 UN Member States by operation of Article 103 of the Charter, which provides that Charter obligations prevail over any other international agreement.

Not all Security Council resolutions are binding in the same sense. Resolutions adopted under Chapter VI (pacific settlement of disputes) or through presidential statements are not legally mandatory obligations. For compliance purposes, regulated entities should focus on those resolutions adopted under Chapter VII that establish sanctions regimes, as these are the instruments that give rise to targeted financial sanctions obligations.

How UNSCRs Support AML, CFT, and CPF Objectives

The relevant UNSCRs impose sanctions through Targeted Financial Sanctions (TFS).

The United Nations Security Council (UNSC) has adopted several resolutions that work on disrupting the networks that promote terrorism and proliferation financing.

Relevant resolutions may require measures such as asset freezes and related restrictions against designated persons and entities.

Relevant UNSCRs require targeted financial sanctions against designated persons and entities in order to prevent and suppress terrorism, terrorist financing, and proliferation financing.

The compliance process includes sanctions screening at onboarding, ongoing screening and transaction-related checks, escalation of true or potential matches, immediate freezing where required, and prompt reporting in line with UAE law.

Counter-Proliferation Financing (CPF) Obligations

FATF Recommendation 7 requires countries to implement targeted financial sanctions related to the financing of proliferation of weapons of mass destruction (WMD), separately from and in addition to the CFT obligations under Recommendation 6. These CPF obligations arise principally from the DPRK and Iran sanctions regimes.

For regulated entities in the UAE, CPF obligations include screening against relevant UN lists, refraining from making funds or economic resources available to designated persons and entities, and applying enhanced due diligence to customers or transactions with connections to high-risk jurisdictions identified in the context of WMD proliferation. Federal Decree-Law No. 10 of 2025 addresses these obligations alongside the broader AML/CFT framework.

CPF obligations are distinct from general AML/CFT controls. They apply irrespective of whether a transaction or activity is suspected of being criminal in the traditional sense — the sole trigger is the involvement of a designated person or entity. Regulated entities should ensure that their compliance frameworks explicitly address CPF as a stand-alone workstream.

UAE Implementation: Cabinet Resolution No. 74 of 2020 and the EOCN

As a UN Member State, the UAE is required to implement relevant Security Council decisions, and its domestic framework requires implementation without delay.

The Cabinet Resolution No. 74 of 2020 exists as a mandate that converts these international obligations into a federal mandate. This allows it to be enforced throughout the UAE.

The role of Supervisory Authorities is to supervise, inspect, follow up on compliance, and impose administrative penalties. Under Article 22 of Cabinet Resolution No. 74 of 2020, supervisory authorities receive information from financial institutions and DNFBPs, monitor implementation, conduct office and field inspections, and may impose appropriate administrative penalties where the resolution is violated or not implemented.

A key UAE-specific authority in the UNSCR implementation architecture is the Executive Office for Control and Non-Proliferation (EOCN). The EOCN is the UAE’s designated competent authority responsible for coordinating the implementation of UN and domestic targeted financial sanctions. The EOCN publishes the UAE Local Terrorist List, issues implementation guidance, and liaises with the UN Sanctions Monitoring Teams.

Regulated entities are required to submit reports on frozen assets and any sanctions-related actions to the EOCN in accordance with the timelines and formats it prescribes. All true-match identification events should be escalated internally and reported to the EOCN without delay, in parallel with any obligations to notify sector-specific supervisory authorities.

Regulated entities must understand their screening, freezing, reporting, escalation, and internal control obligations under the UAE targeted financial sanctions framework.

Active UNSC sanctions regimes relevant to UAE-regulated entities include, but are not limited to, the following:

Terrorism and Terrorist Financing

  • UNSCR 1267 (1999) and successor resolutions, including UNSCR 1989 (2011) and UNSCR 2253 (2015) — ISIL (Da’esh) and Al-Qaida Sanctions regime. This is the primary consolidated terrorism sanctions list and is operationally the most significant for UAE DNFBPs and financial institutions.
  • UNSCR 1373 (2001) — Counter-terrorism framework requiring states to maintain domestic terrorist lists. In the UAE, this is implemented through the Local Terrorist List under Cabinet Resolution No. 74 of 2020.
  • UNSCR 1988 (2011) — Taliban Sanctions regime (Afghanistan).
  • UNSCR 2713 (2023) — Al-Shabaab Sanctions Committee under the Somalia framework.

Proliferation Financing

  • UNSCR 1718 (2006) and successor resolutions — Democratic People’s Republic of Korea (DPRK). Includes arms embargoes, asset freezes, and travel bans; significant for trade finance and correspondent banking.
  • UNSCR 1737 (2006) and successor resolutions — Islamic Republic of Iran. Remaining restrictions post-JCPOA focus on ballistic missile and arms-related designations.

Country-Specific Regimes

  • UNSCR 1518 (2003): Iraq 
  • UNSCR 1533 (2004): The Democratic Republic of Congo (DRC) 
  • UNSCR 1591(2005): Sudan 
  • UNSCR 1636 (2005): Lebanon 
  • UNSCR 1970 (2011): Libya 
  • UNSCR 2048 (2012): Guinea-Bissau 
  • UNSCR 2140 (2014): Yemen 
  • UNSCR 2206 (2015): South Sudan 
  • UNSCR 2653 (2022): Haiti 
  • UNSCR 2745 (2024): Central African Republic (CAR) 

Regulated entities must maintain screening coverage across all active UNSC sanctions lists, not only those considered geographically proximate. The UN Consolidated List encompasses all active regimes and should be used as the primary reference, supplemented by the UAE Local Terrorist List.

TFS: Freezing Obligations, Screening Scope and List Coverage

Targeted financial sanctions are measures requiring the freezing of funds or other assets of designated persons and entities, and prohibiting funds or economic resources from being made available to them, directly or indirectly.

Regulated entities in the UAE must screen against two distinct categories of lists. The UN Consolidated Sanctions List contains all individuals, entities, and groups designated under active UNSC sanctions regimes, including the ISIL (Da’esh) and Al-Qaida Sanctions List (maintained under UNSCR 1267/1989/2253), the 1988 Sanctions List (Taliban), and country-specific sanctions committees. Separately, the UAE Local Terrorist List is maintained under Cabinet Resolution No. 74 of 2020 and includes domestically designated persons and entities under UNSCR 1373 (2001). Both lists carry immediate freeze obligations. The listing and delisting procedures, competent authorities, and escalation pathways differ between the two regimes, and regulated entities must maintain screening coverage across both without conflation.

The UAE framework requires screening and ongoing name checks not only for customers, but also for transaction parties, potential clients, beneficial owners, and persons or organisations with direct or indirect relationships to the customer or transaction.

Under Article 4 of Cabinet Resolution No. 74 of 2020, regulated entities must freeze the funds and economic resources of designated persons and entities immediately upon identification of a true match, without prior notice or waiting for regulatory instruction.

In practice, the EOCN and UAE supervisory authorities interpret “without delay” to mean within hours of the match being identified. Entities must therefore ensure that their screening systems and internal escalation protocols are calibrated to support same-session or same-day response capability.

Penalties and Risks of UNSCR Non-Compliance in the UAE

The UNSCRs are imposed in the UAE through Cabinet Resolution No. 74 of 2020, which confers Regulatory Authorities with the power to impose administrative penalties on failure to implement compliance measures corresponding to it.

The penalty framework for UNSCR non-compliance in the UAE operates across two tracks.

  • Criminal liability under Article 33 of Federal Decree-Law No. 10 of 2025 provides that any person who violates instructions issued by the Executive Office or any competent authority related to targeted financial sanctions may be punished by imprisonment, a fine of not less than AED 20,000, or both.
  • Administrative sanctions under Cabinet Resolution No. 74 of 2020 and sector-specific supervisory frameworks, including the Central Bank of the UAE, the SCA, and DNFBP supervisory authorities, include warnings, financial penalties, license suspension or cancellation, and mandatory remediation. The EOCN coordinates enforcement across competent authorities and may refer matters for criminal prosecution. Regulated entities should treat the AED 20,000 statutory minimum as a floor, not a ceiling: enforcement actions in the UAE and internationally have resulted in penalties orders of magnitude higher, alongside reputational and operational consequences.

How AML UAE Helps You Build a Sanctions Compliant Framework

Organisations need to have professionally designed sanctions compliance frameworks in place, which can be implemented to support their fight against financial crime and adhere to international and domestic standards set forth.

This includes integrating systems that can track and manage UNSCR lists, incorporating tools to perform real-time screening, implementing policies and procedures, and regularly training staff.

Many organisations struggle to enforce compliance obligations, which are multifaceted. Leveraging our expert services at AML UAE for managing KYC and CDD and providing customised training helps organisations re-position themselves as fully compliant with international obligations, i.e., UNSCRs, and in the context of the UAE, domestic obligations such as Cabinet Resolution No. 74 of 2020.

Strengthening UAE AML Programs Through Proactive Sanctions Governance

In the UAE, the UNSCRs are binding through the Cabinet Resolution No. 74 of 2020, which imposes the same domestically.

It is essential not to underestimate and indeed to actively reinforce the value of proactive sanctions governance, which collectively includes screening, risk profiling, reporting, and implementing corresponding measures.

Moreover, at the core of AML compliance lie several requirements, including enterprise-wide risk management, synonymously known as business risk assessment.

Organisations can redefine and customise their compliance obligations by leveraging services provided by experts at AML UAE for Sanctions Screening, regulatory reporting, and managing other compliance requirements, safeguarding the organisation from ML/TF risks.

Frequently Asked Questions - UNSCRs

What are United Nations Security Council Resolutions (UNSCRs)?

UNSCRs are resolutions issued to maintain international peace and security. They are aimed at combating terrorism and terrorist financing, proliferation financing, and risks associated with individuals, companies, and entities. Certain UNSCRs require countries to implement targeted financial sanctions (TFS).

They shape a country’s sanctions and AML/CFT framework. Further, some UNSC decisions taken under Chapter VII are binding on UN member states.

Yes, United Nations Security Council Resolutions are legally binding on UAE companies by way of Cabinet Resolution No. 74 of 2020.

UNSCRs are imposed in the UAE through Cabinet Resolution No. 74 of 2020 to uphold AML and sanctions compliance.

Targeted Financial Sanctions are measures imposed under relevant UNSCR regimes and implemented domestically through Cabinet Resolution No. 74 of 2020 requiring the immediate freezing of funds and economic resources of designated persons and entities, and prohibiting such assets from being made available to them, directly or indirectly. TFS address terrorism financing (under FATF Recommendation 6) and proliferation financing (under FATF Recommendation 7). They operate independently from the broader AML controls applicable to money laundering, and non-compliance triggers distinct legal consequences.

UAE-regulated entities must screen all relevant parties, including customers, beneficial owners, transaction counterparties, and connected persons, against the UN Consolidated List, the UAE Local Terrorist List, and any other applicable sanctions lists. Screening must occur at onboarding, at regular intervals, and in real time or near-real time at the point of transaction.

For entities of any meaningful scale, manual screening is insufficient to meet the “without delay” standard. Automated screening solutions integrated with regularly updated list feeds are the expected standard for most regulated entities. Where manual screening is used, entities must document the controls and frequency applied and demonstrate that these are proportionate to their risk profile.

UNSCR non-compliance in the UAE triggers liability across two tracks. Criminally, Article 33 of Federal Decree-Law No. 10 of 2025 provides for imprisonment, a fine of not less than AED 20,000, or both.

Administratively, Cabinet Resolution No. 74 of 2020 and sector-specific supervisory frameworks empower competent authorities, including the CBUAE, SCA, and DNFBP supervisors, to impose warnings, financial penalties, licence suspension or cancellation, and mandatory remediation. The AED 20,000 is a statutory floor; actual enforcement actions in the UAE and internationally have resulted in significantly higher penalties.

The Executive Office for Control and Non-Proliferation (EOCN) is the UAE’s designated competent authority for the implementation of targeted financial sanctions. It maintains the UAE Local Terrorist List, issues implementation guidance to regulated entities, and coordinates with UN Sanctions Monitoring Teams. Regulated entities must report frozen assets and true-match actions to the EOCN without delay.

FATF Recommendation 6 requires countries to implement targeted financial sanctions related to terrorism and terrorist financing, giving effect to relevant UNSCRs, principally UNSCR 1267 and UNSCR 1373.

FATF Recommendation 7 requires countries to implement targeted financial sanctions related to proliferation financing of weapons of mass destruction, principally giving effect to the DPRK and Iran sanctions regimes under UNSCRs 1718 and 1737. Both obligations apply to UAE-regulated entities under Cabinet Resolution No. 74 of 2020 and Federal Decree-Law No. 10 of 2025.

The UN Consolidated List is the unified reference document maintained by the UN Security Council that contains all individuals, groups, and entities designated under active UNSC sanctions regimes. UAE-regulated entities must screen against the UN Consolidated List as a primary reference, in addition to the UAE Local Terrorist List. The list is updated in real time and must be incorporated into screening systems with corresponding refresh frequencies.

Unsure if your watchlist screening meets UAE AML requirements?

Partner with us to strengthen your sanctions and watchlist compliance framework.

Contact Us Now

Explore Our Services:

AML/CFT Policy Drafting

AML Training

AML Software Selection

Regulatory Reporting

Managed KYC and CDD

AML/CFT Health Check

Risk Assessment Report

Contact Us Now

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Proliferation Financing Institutional Risk Assessment by FIs, DNFBPs, and VASPs

Pathik Shah

Last Updated: 04/1/2026

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Proliferation Financing Risk Assessment: At a Glance

  • Proliferation Financing Risk Assessment is the process of identifying, analysing, and mitigating risks related to the financing of Weapons of Mass Destruction (WMD).
  • The Federal Decree Law 10 of 2025 and Cabinet Resolution 134 of 2025 make PR Risk Assessment a mandatory part of the AML/CFT & CPF framework, particularly for DNFBPs, FIs, and VASPs.
  • Guidance from EOCN and FATF requires businesses to assess PF risk at both enterprise and customer levels.
  • The PF Risk Assessment process includes evaluating inherent risk, control effectiveness, residual risk, and ongoing monitoring.
  • A robust Proliferation Financing Compliance Framework integrates governance, risk assessment, and control mechanisms across the business.

What is Proliferation Financing Risk Assessment?

Proliferation Financing Risk Assessment is the process of identifying, analysing, and assessing the risk that a business may be exposed to activities involving the financing of weapons of mass destruction (WMD).

In simple terms, Proliferation Financing Risk Assessment enables businesses to assess their exposure across customers, geographies, products, and transactions, and implement appropriate PF risk control measures to prevent and mitigate PF risks.

Identifying and assessing your business’s vulnerabilities to the threats of proliferation financing is essential.

The Executive Office for Control and Non-Proliferation (EOCN)has issued a Proliferation Financing Institutional Risk Assessment Guidance for FIs,DNFBPs, and VASPs.

In its recommendations, the FATF included a thorough assessment of the PF risk and the development of adequate counter-proliferation financing (CPF) measures for managing this risk. As an active member of FATF, the UAE commits to developing detection, prevention, and mitigation measures against PF.

Let us discuss the key highlights of the guidelines and the authority’s recommendations to the private sector.

EOCN’s Guidance on Proliferation Financing Risk Assessment

EOCN released a guidance on Proliferation Financing Institutional Risk Assessment for Financial Institutions (FIs), Designated Non-Financial Businesses and Professions (DNFBPs), and Virtual Asset Service Providers (VASPs).

The guidelines discuss various risk categories and factors associated with proliferation financing, the methodology the regulated entities must consider in assessing the overall PF risk the business is exposed to, the customer-specific PF risk, and the risk mitigation measures to be implemented as part of CPF.

Let us now understand the importance of proliferation financing risk assessment in safeguarding the business.

Why Proliferation Financing Risk Assessment is Important?

Proliferation financing means supporting or facilitating the proliferation of weapons of mass destruction (WMD) and their delivery systems. It means providing funds for or facilitating the following activities related to nuclear, biological, and chemical weapons:

  • Manufacturing
  • Using
  • Developing
  • Possessing
  • Transporting
  • Brokering
  • Trading
  • Transferring
  • Transshipping
  • Stockpiling

It also includes financing or facilitating the delivery of these weapons or their related materials, i.e., dual-use goods or technologies used for illegal purposes.

Unless you identify the potential vulnerabilities, your business may be unknowingly exploited for the above-mentioned proliferation financing activities. Thus, to counter proliferation financing risk, you must assess the potential PF threats at the business level and also at the business relationship level. You must learn how your business is vulnerable to PF risks. You must know the characteristics of PF risks, which you can spot and raise an alert.

You will face enormous penalties if you do not apply CPF measures or willingly or unwillingly engage in proliferation financing activities. It may result in various national and international sanctions, leading to irreversible reputational damage and loss of customer trust and revenue.

So, it becomes essential for you to identify and prevent the proliferation financing risks. This is possible with timely and accurate PF risk assessment and developing an integrated risk management framework, combing anti-money laundering, combating terrorism financing, and countering proliferation financing. The PF risk assessment at the entity level is popularly known as Proliferation financing Institutional Risk Assessment, Proliferation financing Business Risk Assessment, or Proliferation financing Enterprise-Wide Risk Assessment.

Steps in Proliferation Financing Risk Assessment

The guidelines also elaborate on the various questions that can be included in the Know Your Customer (KYC) and Customer Risk Assessment process to assess the PF risk posed by each customer or transaction.

The guidelines also discuss some of the best practices the regulated entities must implement to identify and counter the proliferation financing risk.

While evaluating the risks of ML and TF, entities must also assess the PF risks. During this procedure, you must handle the following steps:

Assess inherent risks

You must analyze the inherent proliferation financing risk your business is exposed to considering the following risk factors:

  • Customer and the nature of business activities the customer is associated with
  • Geography
  • Products, services, and transactions
  • Delivery channels
  • Cyber risks to software and systems

The assessed inherent PF risk can be classified as low, medium, or high, considering the PF vulnerabilities, the risk appetite of the business, etc.

Check the adequacy and effectiveness of controls

The next step is checking the adequacy and effectiveness of control measures. These measures aim to manage and mitigate the inherent risks identified in Step 1.

A control measure is adequate only if it is accurate in risk detection and prevention. The control effectiveness must be determined considering the quality of the control design and the operation efficacy of the controls. The outcome of the control effectiveness can be determined only based on the degree and extent of how well the controls can manage the impact of the risk on the business.

Based on the analysis of the adequacy or deficiencies in the design and operation of the controls, the control measures can be classified as effective, partially effective, or ineffective.

You must conduct frequent reviews of control measures to test effectiveness and sufficiency. If found otherwise, you must take corrective actions.

Identify residual risks

Residual risk = inherent risk (less) controls’ effectiveness

It means whatever risk remains from the inherent risk after considering control measures is the residual risk.

Ongoing risk assessment

When new, emerging risks arise, a risk assessment must be conducted. Based on these new risk scenarios, your control measures must change. Thus, you must frequently review and update PF risk assessment for the business and particular customer.

Key Risk Factors in PF Risk Assessment

A documented proliferation financing risk framework is essential for DNFBPs. A well-designed PF assessment ensures that the risk assessment for proliferation financing is proportionate to the nature, size and complexity of the business.

DNFBPs should document their understanding and assessment of PF risk. The approach for PF risk assessment should be commensurate with DNFBP’s nature and size of business. DNFBP’s PF risk assessments shall include the following categories:

a. Geographic Risk: 

Geographic risk in proliferation financing involves exposure to high-risk or sanctioned jurisdictions. Regional risks PF extend beyond sanctioned countries, as proliferators often rely on third-country routing. A proper geographic PF assessment considers both direct and indirect geographic exposure.

DNFBPs should identify and assess their business locations, where it conducts business and their target markets.  

As mentioned above, North Korea and Iran are the major source of PF risk. However, it is pertinent to note that geographic risk is not limited to these countries only, as such countries and terrorist groups depend on global networks, such as using neighbouring countries to route the money or procure the proliferation materials. 

b. Customer Risk:

Customer risk in proliferation financing is primarily identified through PF customer screening and may arise from the following aspects:  

Sanctions Exposure – Where the customer is a UN-sanctioned person or entity. 

Entities owned by UN-sanctioned persons – During the CDD process, DNFBPs must identify the UBO of such entities and screen them against the TFS list.  

Customer business activities – Customers producing proliferation-sensitive goods can pose PF risk on DNFBPs.  

Geographic exposure– DNFBPs shall assess customers’ locations (residence and business place).  

c. Product and Service Risk:

Product and service risk in proliferation financing exists where products and/or services can be misused to raise, move, or disguise funds or procure sensitive goods.

DNFBPs shall assess the PF product risks that their products or services may be exploited for proliferation financing in any way; either to obtain funding for WMD activities or to disguise the funds or to obtain proliferation-sensitive goods.  

Proliferation Financing Risk Assessment as part of AML/CFT Framework

An effective proliferation financing risk assessment should form an integral part of an organisation’s AML/CFT Framework.

Integrating PF Risk Assessment within the AML/CFT framework ensures alignment with UAE regulatory requirements, FATF Recommendations, and targeted financial sanctions (TFS) obligations.

A comprehensive proliferation financing assessment enables DNFBPs to evaluate PF risk in AML/CFT across customers, products, services and geographic exposure.

Businesses need to understand the Key Components of Proliferation Financing Risk Assessment:

1. Proliferation Financing Threats

Proliferation Financing threats refer to persons and entities that have previously caused or have the potential to evade, breach, or exploit a failure to implement TFS related to Proliferation. 

Key risk factors associated with PF threats include links to sanctioned countries like North Korea and Iran, sanctioned entities, front or shell companies, and actors involved in the procurement of dual-use goods.

Terrorist organisations and illicit networks may also present PF threats where there is an interest in acquiring nuclear, chemical, or biological materials.

2. Proliferation Financing Vulnerabilities 

Vulnerabilities in proliferation financing refers to weaknesses that may facilitate the breach, non-implementation, or evasion of TFS related to Proliferation.

Vulnerabilities may include features of a particular sector, a financial product, or a type of service that make it attractive for a person or entity engaged in the breach, non-implementation, or evasion of TFS related to Proliferation. 

PF vulnerabilities may be based on factors such as business structure or sector (banking or insurance), products or services (virtual assets or money transfer services), customers and transactions (customers from high-risk jurisdictions like Iran). 

To identify the PF vulnerabilities, DNFBPs should consider the international reports on PF typologies and the sectoral reports on PF issued by UAE authorities. 

What is the principal vulnerability and driver of proliferation financing?

Principal Vulnerability refers to the immediate PF risk that a business is exposed to. The principal vulnerability would differ from business to business, depending on its PF risk assessment. The Drivers of such principal vulnerability will also differ from one business to another, as no two businesses are the same, including their PF risk factors.

3. Proliferation Financing Consequences  

Consequence  refers to the outcome where funds or assets are made available to proliferators, which could be used to procure the materials, items, or systems for developing illicit nuclear, chemical, or biological weapon systems, causing the threat of use of WMD.  

The consequences of proliferation financing are severe. The risks of financing proliferation include enabling the procurement of WMD materials, compromising global security, and exposing DNFBPs to regulatory sanctions, criminal liability and reputational damage.

Proliferation Financing Risk Mitigation Measures

The business must apply adequate PF risk mitigation measures based on the assessed risk and adopt a risk-based approach.

The measures you apply to combat ML and TF risks may also help you fight the PF risks. But pay attention to the PF risk factors while applying these measures to avoid missing the PF-specific threats to your business. These risk-mitigating measures include:

KYC and CDD during client onboarding

During this process, you will identify customers and verify their identities. You learn about customer’s:

  • Backgrounds
  • Sources of wealth/funds
  • The purpose of the relationship
  • Their ultimate beneficial owners (in the case of a legal entity)
  • Connection with sanctions or the presence of any adverse media
  • Association with Politically Exposed Person (PEP)
  • Primary market and customer base
  • Engagement in dual-use goods or other controlled goods and, if so, license to trade in such goods

Further, you must include detailed questions in the KYC and customer risk assessment questionnaire to uncover the PF risk the customer may pose. Such questions may relate to the following:

  • geographies the customer is associated with,
  • the jurisdictions proposed to be involved in the transactions,
  • the consistency between the proposed transaction and the customer’s social and economic profile,
  • ease and cooperation in identifying the UBOs,
  • ease in identifying the customer’s source of funds and wealth,
  • delivery channels used – mode of interacting with and onboarding the customer,
  • customer’s business segment, whether associated with a high-risk industry,
  • nature of the products or services requested by the customer,
  • customer’s legal structure – is it overly complex,
  • reasonableness of the transaction value,
  • frequency of the transactions executed by the customer, etc.

As applied to the customer, the KYC and  customer due diligence measures must also be adopted for the beneficial owners, senior management, power of attorney, and authorized signatories of the customer.

Understanding the customer’s association with dual-use goods or controlled items, either as direct trading or involvement in the shipment or transshipment of goods, is essential to assessing the PF risk.

The customer details must be periodically reviewed to ensure their validity, relevance, and accuracy and to identify any change in the customer profile that may impact the customer’s PF risk assessment.

Customer screening against sanctions and adverse media

As one of the CPF measures, you must screen your customers against a comprehensive and accurate database pertaining to sanctions, watchlists, and adverse media. You must screen the customer and connected persons, including the ultimate beneficial owners, directors, attorney holders, and authorized signatories.

Screen them against various lists to find matches with:

  • Adverse media or news
  • Criminal cases
  • PEPs or close relations with PEPs
  • Sanctions or association with sanctioned persons
  • Links with proliferators or proliferation financing activities

The screening results must be considered for determining the customer’s risk profile and the risk mitigation measures required.

Enhanced Due Diligence (EDD)

When the PF risk arising from a business relationship is high, you must apply enhanced due diligence measures. The following is an illustrative list of customer attributes that call for EDD measures:

  • If a customer is a PEP
  • If the customer is residing in or has business operations in a high-risk jurisdiction
  • If the customer engages in products or services with higher risks of PF
  • If the customer has a highly complex and opaque ownership structure
  • If the customer is associated with a high-risk business sector
  • If the customer uses international corporate vehicles for asset structuring and investment needs

Considering the above and other factors, if the customer is assessed as posing an increased risk, you must collect more information from independent sources for customer identification and identity verification purposes. In such high-risk corporate customers, you may reduce the beneficial ownership threshold from 25% to 10% to apply checks on more individuals associated with the customer.

You must conduct frequent and more rigorous transactions and business relationship monitoring. Check their financial data, litigation history, and criminal records to build their risk profile. Whether you start, continue, or exit the business relationship with them, you must get approval from the senior management.

Ongoing monitoring – Business Relationship and Transaction

You must continuously monitor the customer profile and transactions to check the consistency between the customer’s risk profile and the transactions executed by the customer. The frequency of reviewing and updating the KYC and CDD details highly depends on the existing risk profile of the customer. If a customer’s risk profile changes, necessary measures must be immediately applied to manage the changed level of risks, e.g., if the risk changes from low to high, EDD measures must be applied. You must note and report anything found suspicious in a transaction or customer.

Suspicious Activity Reporting

Stay alert to unusual behaviour while onboarding the customer, managing the transaction, and performing ongoing monitoring. If you detect any suspicion indicating the involvement of proliferation financing or customer’s association with PF, conduct further investigation, and if required, submit a Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR) via the goAML portal.

Employee screening and training

Besides screening your customers, conduct employee screening before hiring them. Check for their competence, integrity, and ethical behaviour. Assess their background to find any linkages with proliferation financing activities.

Everyone in the entity must align with the goals to fight against ML, TF, and PF. So, they must undergo relevant training to detect and deter the exploitation of the business for proliferation financing activities. All employees, including senior management, must participate in PF-specific training. Customer-facing employees or those whose job duties expose them to PF risks must undergo specialized training. Employees who perform transaction monitoring, CDD, KYC, EDD, risk assessments, and screening must get focused training to identify the PF risks while performing their duties.

In order to mitigate PF risks adequately, businesses must adopt the following Best Practices for Proliferation Financing Risk Management.

Want to contribute to a safe and trustworthy global business environment?

Conduct Proliferation financing Institutional Risk Assessment with the help of our experts!

Contact Us Now

Best Practices for Implementing a Proliferation Financing Compliance Framework

Implementing an effective PF compliance framework requires a well-structured approach that aligns. risk assessment, governance, and control mechanisms across the business.

All these measures help you identify, assess, and combat PF risks. For effective implementation of the counter-proliferation financing framework, adopt the following best practices:

  • Including the proliferation financing risk factors while conducting an overall Enterprise-Wide Risk Assessment.
  • Including and integrating CPF in the business’s overall governance framework.
  • Information manuals on proliferation financing risks must be developed and communicated across the organization, covering the policies, procedures, and controls to identify and effectively mitigate PF risk.
  • CPF policies must provide guidance on dealing with dual-use goods and detecting and reporting PF-related suspicious activity.
  • Adequate screening systems that enable timely detection of customers associated with dual-use goods and sanctioned lists must be implemented.
  • A proper process and system must be deployed to apply asset-freezing measures when any designated entity or person is identified entities. It should also support prompt termination or suspension of business relationships and timely reporting to the EOCN.
  • The effectiveness and adequacy of the CPF measures must be periodically tested and enhanced.
  • Before launching new products or services, the entity must assess the PF vulnerabilities.
  • Process and system must be implemented for mandatory senior management approval before onboarding a customer posing PF risk.

AML UAE’s role in proliferation financing institutional risk assessment

Since you have understood the necessity of assessing and combating the proliferation financing risk, why not give it the importance it deserves? You must be proactive enough to include them in your overall AML/CFT framework. If you need any support, AML UAE is at your service.

We are a leading provider of AML, CFT, and CPF compliance services in the UAE. We help our clients fight well against financial crimes, including money laundering, terrorism financing, and proliferation financing. Besides AML compliance services, our consultants and expert professionals help you:

  • Understand the importance of CPF in the context of financial crimes
  • Detect and assess the emerging risks of PF
  • Identify the appropriate measures against PF
  • Implement these CPF measures and controls to mitigate or prevent PF risks

Intend to stop the risks of proliferation financing to your business?

Partner with AML UAE to assess PF risks and apply mitigation measures.

Contact Us Now

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Responsible AI Adoption in AML Compliance

How to Ensure Responsible AI Adoption in AML Compliance

Pathik Shah

Last Updated: 03/31/2026

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Responsible AI Adoption in AML Compliance: Key Takeaways

  • Businesses are increasingly relying on Artificial Intelligence (AI) to streamline transaction monitoring, customer risk profiling, and AML investigations.
  • Responsible AI Adoption in AML Compliance ensures that AI systems are established with controls proportionate to their regulatory and operational impact.
  • AI use cases that influence regulatory reporting or AML compliance decisions require stronger oversight and human review.
  • Effective AI Governance in AML compliance includes model validation, human oversight, data governance, and continuous monitoring, which supplements responsible AI Adoption in AML compliance.
  • Aligning AI risk management with existing risk-based AML frameworks helps businesses adopt AI responsibly while ensuring regulatory compliance.
  • Embedding Human-in-Command, Human-in-the-Loop, and Human-on-the-Loop oversight within existing AML governance frameworks helps ensure responsible AI Adoption in AML Compliance with UAE laws.
  • The UAE’s regulatory framework, guided by the National Committee and Supervisory Authority, recognises the impact of new and developing technologies, including AI, in financial crime detection and calls for responsible AI Adoption in AML compliance.
  • UAE regulations consistently emphasise that Senior Management and the appointed Compliance Officer remain fully accountable for the outcomes of AI-assisted compliance processes.
  • The Senior Management is legally vested with the authority to make strategic decisions and is required to approve all internal controls, acting as the ultimate “Human-in-Command”.

Definition: Responsible AI Adoption in AML Compliance

Responsible AI Adoption in AML Compliance refers to the practice of responsibly implementing artificial intelligence systems according to their potential impact on regulatory reporting, AML compliance decisions and financial crime risk management

With this approach, businesses can apply governance controls that are proportionate to the extent of ML/TF and PF risk associated with each AI application. This ensures that AI tools support AML compliance processes without undermining regulatory accountability or professional judgment.

What Is Responsible AI Adoption in AML Compliance?

A Responsible AI Adoption in AML Compliance involves evaluating and implementing AI applications according to their potential impact on regulatory compliance, operational risk, and financial crime detection outcomes.

This concept aligns with the risk-based approach already embedded in AML/CFT frameworks, where businesses allocate resources and controls in proportion to the level of financial crime risk.

In terms of practical application, responsible AI Adoption in AML compliance or risk-based AI governance involves:

  • Identifying where AI is used within AML compliance and ML/TF, and PF risk mitigation processes
  • Assessing the risks associated with such AI applications
  • Implementing governance controls commensurate with those risks
  • Maintaining human accountability for AML compliance decisions.

By applying commensurate oversight, businesses can ensure that AI tools used during ML/TF and PF risk mitigation measures support AML compliance operations without replacing human judgment.

This structured approach ensures that AI improves operational efficiency concerning compliance obligations without undermining regulatory compliance or accountability or exposing the business to unidentified or incidental risks arising from relying on AI tools.

Why Businesses Are Using AI in AML Compliance

Businesses face increasing pressure to detect and report financial crime schemes while managing growing volumes of data. AI technologies offer a tremendous opportunity to simplify and streamline AML programs by improving the speed and accuracy of analysis and output. AI can support AML compliance teams by:

  • Detecting complex transaction patterns and anomalies
  • Assisting with Customer Risk Profiling
  • Accelerating investigative and reporting workflows
  • Summarising large volumes of due diligence documentation and case files.

These capabilities of AI tools allow compliance professionals like KYC Analysts, Screening Analysts, Transaction Monitoring Analysts, Risk Analysts, and AML Compliance Officers to focus on high-risk cases and regulatory reporting activities, improving the overall efficacy of AML programs.

The use of AI across various ML/TF and PF risk mitigation measures is elaborated below, necessitating responsible AI Adoption in AML compliance with use cases depicting how AI can be leveraged by the compliance function across the AML lifecycle.

AI Use Cases Across the AML Lifecycle

In order to understand the risks of AI use in AML compliance and ensure responsible AI adoption in AML compliance, it’s important to understand some of its use cases where AI is usually relied upon by compliance teams while carrying out AML compliance obligations.

AML Compliance Stages 

Potential AI Use Cases in AML Compliance 

Customer Onboarding / KYC 

Using Gen AI to ingest KYC documentation and customer identity verification 

Sanctions Screening 

Alert analysis, primary disambiguation and entity resolution 

Customer Risk Profiling 

AI-assisted customer risk scoring and customer risk profiling 

Transaction Monitoring 

Pattern detection and anomaly identification 

Enhanced Due Diligence 

Source of Wealth and Source of Funds analysis and comparative analysis with customer profile 

AML Investigations 

Case summarization and evidence review 

Suspicious Activity/ Transaction Reporting 

Drafting internal SAR/STR narratives for escalation to AML Compliance Officer or MLRO 

Ongoing Monitoring 

Trend detection across transactions and behaviour 

Recordkeeping 

Automated compliance documentation, archival, and retrieval 

While these applications of AI in ML/FT and PF risk management can improve team efficiency and reduce output timelines, they must be deployed within a structured governance framework to ensure responsible AI Adoption in AML compliance. 

Thinking of Using AI in Your AML Program?

We provide Risk Assessments and AML Compliance Advisory

Contact Us!

How to Ensure Responsible AI Adoption in AML Compliance

Businesses considering the use of AI in compliance environments should adopt a structured risk evaluation process. This process typically involves four core stages:

  • Step 1: Defining the Context of AI Use in AML Compliance
  • Step 2: Assessing the Regulatory and Operational Impact of Errors
  • Step 3: Categorising AI Applications by Risk Levels
  • Step 4: Applying Proportionate Guardrails and Human Oversight
How to Ensure Responsible AI Adoption in AML Compliance

Let us discuss each step in detail.

Step 1: Defining the Context of AI Use in AML Compliance

The first step is to determine how AI outputs will be used by compliance teams within the organisation. Businesses must be mindful of distinguishing between internal analytical and escalation use and external regulatory reporting use.

Internal uses of AI in AML compliance may include:

  • Summarising transaction monitoring alerts during initial AML investigations
  • Generating case summaries for internal escalation to the AML Compliance Officer or MLRO
  • Analysing transactions as well as behavioural patterns and indicators linked to potential money laundering typologies
  • Supporting customer risk profiling and re-CDD
  • Assisting with instant CDD file reviews
  • Summarising and tracing beneficial ownership documentation
  • Analysing adverse media and sanctions screening outcomes for quicker disambiguation
  • Conducting regulatory research and policy implementation
  • Generating internal risk briefings for compliance committees or senior management for review
  • Assisting with EWRA reviews and recalibrations.

In the context of internal uses, AI primarily functions as a decision support or a productivity tool, enabling compliance teams to process large datasets, identify patterns, and summarise information more efficiently. However, the outputs must remain subject to human review and professional judgment, as businesses regulated under UAE’s AML regime remain responsible for the accuracy and completeness of compliance requirements.

Businesses must ensure that internal AI outputs are validated before influencing compliance decisions such as risk ratings, investigation outcomes, or escalation to the Compliance Officer.

External uses of AI in AML compliance may include:

External use refers to situations where AI outputs contribute towards documents, records, or communications that may be reviewed or inspected by regulators, supervisory authorities, or law enforcement agencies. Examples of AI assistance are as follows:

  • Suspicious Transaction Reports (STRs) or Suspicious Activity Reports (SARs) narratives and details to be submitted to the UAE FIU through the goAML portal
  • Documentation supporting SAR/STR and CNMR/PNMR decision-making
  • Responses to supervisory authorities’ queries or information requests
  • Documentation supporting account freezing or reporting decisions for TFS compliance
  • Internal escalation and investigation reports that may be later disclosed to relevant authorities during inspection.

Under UAE AML legislation, businesses are required to file these reports without delay to FIU. Because these reports may trigger investigations, freezing orders, or other enforcement actions, any AI involvement in their preparation must undergo scrutiny by an AML Compliance Officer or MLRO, as most of these responsibilities come under their accountability under AML law and any inaccuracy could undermine investigations and expose the business to regulatory risk.

Why does the distinction matter?

Defining the context of AI use facilitates businesses to align AI governance with the UAE AML/CFT framework is necessary as AML laws in UAE require regulated businesses to:

  • Identify and assess risks associated with products, services, geography, customers, and technologies.
  • Implement and establish internal policies, procedures and control measures approved by the senior management and overseen by AML compliance officer.
  • Ensure that controls are proportionate to the ML/TF and PF risks the business faces.

By distinguishing between internal analytical uses and externally relied upon outputs, businesses can ensure that governance controls are calibrated according to risk proportion. This helps ensure that internal analytical assistance is separated from outputs that could influence regulatory obligations or supervisory involvement, substantiating responsible AI Adoption in AML compliance by businesses.

Step 2: Assessing the Regulatory and Operational Impact of Errors

Once the intended use of the AI system has been established, businesses need to evaluate the consequences of potential errors. Questions that businesses should consider include:

  • Could inaccurate outputs by AI-assisted or AI-generated compliance processes affect regulatory reporting?
  • Could the use of an AI system influence customer risk classification/ratings?
  • Could errors create legal, financial, or reputational consequences, such as fines, penalties, a ban, or license revocation?

Where the potential consequences due to AI system use, or errors, are materially significant, businesses should apply stronger oversight mechanisms and validation procedures to make sure their operations are embedded with responsible AI Adoption in AML compliance.

Step 3: Categorising AI Applications by Risk Levels

Following the risk assessment of the regulatory and operational impact of errors, AI applications or tools used by businesses need to be further categorised according to their potential impact on AML compliance outcomes.

  • Low-Risk AI Applications: These involve routine operational activity with minimal regulatory implications. Examples include administrative summarisation tasks or internal documentation support. The oversight model that can be relied upon to mitigate risk is a human-in-the-loop supervision, where compliance teams monitor AI outputs and intervene if and when necessary.
  • Medium-Risk AI Applications: These involve AI systems whose use may influence investigative workflows or compliance analysis, but do not directly determine regulatory outcomes. Examples include transaction monitoring analysis or document summarisation at the time of due diligence reviews. The oversight model that can be relied upon to mitigate risk is human-in-the-Loop (HITL) validation prior to decision-making, to ensure that AI outputs are reviewed before influencing compliance actions.
  • High-Risk AI Applications: These involve AI use cases that directly contribute to regulatory reporting or compliance decisions with legal implications. Examples include SAR, STR, CNMR, PNMR, and similar regulatory reporting activities, as well as communications with regulatory or supervisory authorities. The oversight model that can be relied upon to mitigate risk is human-in-the-loop (HITL) review and approval, which needs to be mandatory, while human-in-command (HIC) governance helps ensure that AI systems used in such sensitive processes operate within the business’s risk appetite.

Step 4: Applying Proportionate Guardrails and Human Oversight

After categorising AI systems by risk levels, businesses need to implement controls that are strictly proportional to the risk materiality of the AI system’s use case. Because KYC and AML reporting processes pose a high risk, they may require rigorous, extensive enforcement of guardrails. Chief among these is HITL, with mandates that human experts review and validate the extracted data and retain ultimate responsibility for the final compliance decision.

The guardrails involving human oversight and their categories are discussed. More at length in further paragraphs, enabling businesses to understand responsible AI Adoption in AML compliance.

Aligning Human Oversight Models with UAE AML Regulatory Expectations

When AI is used within AML programs, the responsibilities of Senior Management and the AML Compliance Officer (or MLRO) could ideally align closely with locally as well as internationally recognised and layered human oversight models, which guide a responsible AI Adoption in AML compliance.

Three human oversight models that are commonly applied to ensure responsible AI Adoption in AML compliance are:

  • Human-in-Command (HIC)
  • Human-in-the-Loop (HITL)
  • Human-on-the-Loop (HOTL)

These models help businesses implement risk-based AI governance for AML compliance while maintaining accountability under UAE law.

Aligning Human Oversight Models with UAE AML Regulatory Expectations

Human-in-Command (HIC)

Human-in-Command refers to the highest level of oversight in AI governance. Under this model, humans retain ultimate strategic authority over the establishment, governance, and risk appetite for the use of AI systems.

UAE Governance Alignment: In accordance with legal requirements, Senior Management functions as the Human-in-Command layer for the overall AML/CFT governance framework. Their responsibilities for the HIC layer include:

  • Approving and finalising AML/CFT policies, internal controls, and procedures
  • Defining the business’s ML/TF/PF risk appetite
  • Approving technology and monitoring systems used in AML programs
  • Reviewing AML compliance reports submitted by the AML Compliance Officer
  • Directing enhancements to AML systems and controls where deficiencies are identified.

In the context of AI governance, Senior Management ensures that AI systems used in AML compliance operate within the business’s approved risk management framework, which helps ensure responsible AI Adoption in AML compliance.

Human-in-the-Loop (HITL)

Human-in-the-Loop oversight refers to direct human review and approval before a medium- or high-risk decision is finalised. This model is essential where AI outputs directly influence regulatory reporting or compliance decisions.

UAE Governance Alignment: In accordance with legal obligations, both Senior Management and the Compliance Officer act as HITL control points for critical compliance decisions.

– Senior Management HITL responsibilities: Include approval of certain high-risk business decisions, including:

  • Continuing or establishing business relationships with Politically Exposed Persons (PEPs)
  • Approving correspondent banking relationships
  • Authorising specific high-risk financial transactions and business relationships.

These approvals require mandatory human review before high-risk actions are taken.

– Compliance Officer HITL responsibilities: The AML CO or MLRO acts as the primary HITL for suspicious activity or transaction detection and reporting. Their responsibilities include:

  • Reviewing alerts generated by monitoring systems
  • Analysing customer records, transaction patterns, and reports or files created
  • Making a final decision on whether to file SAR/STR or CNMR/PNMR with the FIU when internal reports are escalated to them.

Even when AI or automated systems detect anomalies, the AML CO or MLRO must independently review and validate their findings before initiating regulatory reporting to ensure responsible AI Adoption in AML compliance.

Human-on-the-Loop (HOTL)

Human-on-the-Loop oversight refers to continuous monitoring of systems rather than reviewing every individual output. The human supervisor oversees system performance and intervenes when anomalies or risks arise.

UAE Governance Alignment: In alignment with UAE laws, the AML Co or MLRO performs the HOTL role for ongoing AML operations, including:

  • Overseeing transaction monitoring systems
  • Reviewing alerts generated by automated or AI-assisted monitoring tools
  • Assessing whether internal processes are aligned with the prevailing regulations
  • Identifying emerging financial crime risks and system weaknesses
  • Recommending improvements to AML controls and systems.

Through this function, the AML CO or MLRO ensures responsible AI Adoption in AML compliance and makes sure that including AI tools remains effective, compliant, and responsive to emerging ML/TF risks.

Accordingly, regulated Businesses in UAE must demonstrate the following measures to substantiate that there exists a responsible AI Adoption in AML compliance:

  • Documented AI Governance Frameworks: Internal policies, controls, and procedures must be expressly approved by Senior Management.
  • Clear accountability for AI-assisted decisions: Ensuring the Compliance Officer maintains independent decision-making authority for reviewing and analysing suspicious transactions or activities, serving as the required human-in-the-loop.
  • Proactive Risk Assessments: Documenting risk assessments conducted prior to the launch or use of any new AI technologies, products, or processes.
  • Transparent Validation and Ongoing Monitoring: Deploying an independent audit function to test the effectiveness and adequacy of the AI-assisted internal policies and controls.

However, businesses remain exposed to risks when relying on AI for their compliance programs, a fact that warrants adequate consideration.

AI Risks in AML Compliance Programs

The introduction of AI into AML processes introduces a number of distinct risk categories that regulated businesses must manage. These risks include: Model Risk, Data Privacy Risk, Regulatory Risk, Bias Risk, Operational Risk, and Vendor Risk.

AI Risks in AML Compliance Programs
  • Model Risk: Arises where AI systems produce inaccurate alerts or flawed findings, such as customer risk ratings, due to training data limitations or model design issues.
  • Data Privacy Risk: Arises when sensitive customer information is processed through AI systems without explicit consent, unclear purpose limitations, and appropriate safeguards.
  • Regulatory Risk: Emerges if AI-generated outputs contribute to inaccurate regulatory reporting and incorrect or inadequate regulatory submissions and correspondence.
  • Bias Risk: Presents itself when training data leads to unfair or inaccurate customer risk ratings or risk allocation.
  • Operational Risk: Develops when compliance teams become overly reliant on automated outputs and fail to implement risk-based HITL, HOTL, or HIC oversight.
  • Vendor Risk: Arises where businesses depend on third-party AI systems which lack transparency, governance controls or adequate safeguards.

These risks reinforce the importance of structured governance of AI-reliant compliance frameworks to ensure responsible AI Adoption in AML compliance.

Unsure How to Assess AI Risks in AML Compliance?

We assist with the AML Health Check support

Call Now

Governance Controls for AI in AML Compliance

Effective governance for AI systems used for AML compliance requires both technical safeguards and operational oversight. Key governance measures to ensure responsible AI Adoption in AML compliance usually include:

Governance Controls for AI in AML Compliance
  • Establishing robust human oversight mechanisms for high-risk outputs, such as HIC or HITL
  • Conducting AI model testing and validation to ensure accuracy and reliability
  • Establishing strong governance frameworks aligned with UAE AML laws to protect sensitive information, as well as ensure cybersecurity, and ensure data integrity
  • Relying on explainability tools or taking measures to allow AI outputs to be interpreted and justified in the event of regulatory inspections
  • Creating detailed audit trails and documentation to support regulatory review and ensure compliance with record-keeping requirements
  • Conducting continuous monitoring to identify model drift or performance degradation and take remedial measures to bridge the gap between expected outcomes and achieved outcomes.
  • Ensuring comprehensive vendor risk management when engaging with third-party AI providers.

These controls help ensure that AI systems remain aligned with both regulatory expectations and institutional risk management standards.

AI Guardrails Businesses Can Implement Across the AML Lifecycle

Guardrails are safety measures that businesses can implement across various use cases of AI in AML compliance. Some of the AML obligations, example use cases, corresponding risks and recommended guardrails are tabulated hereunder:  

 

AML Obligations 

Example of AI Use Case 

Key Risks When Relying on AI Tools 

Recommended Guardrails to Mitigate Risks of AI in AML Compliance  

Customer Onboarding / KYC 

CDD Document extraction and UBO identification in complex ownership structures 

Data Privacy risks 

Human review and secure AI systems 

Sanctions Screening 

Alert analysis and disambiguation 

False Positives or Negatives 

Analyst validation 

Risk Profiling 

Customer risk scoring and profiling 

Model bias 

Model validation and explainability 

Transaction Monitoring 

Pattern detection through behaviour and transaction analysis 

Model drift 

Continuous monitoring 

AML Investigations 

Case summarization and reporting 

Hallucinated or inaccurate outputs 

Fact-checking 

Enhanced Due Diligence 

Sources of Funds and Sources of Wealth analysis 

Inaccurate analysis 

Cross-checking information 

Regulatory Reporting 

Draft narratives and preliminary internal reports 

Regulatory inaccuracies or misalignment 

Human approval  

Ongoing Monitoring 

Trend analysis in terms of behaviour and transactions 

Model degradation and redundancies 

Periodic recalibration of ongoing monitoring model 

Implementing governance safeguards directly into AML processes ensures that AI adoption remains consistent with the broader risk-based framework used in financial crime compliance and ensures responsible AI Adoption in AML compliance.   

Best Practices for Responsible AI Adoption in UAE AML Compliance

Businesses implementing AI within AML programs should adopt several practical measures to ensure responsible use that complies with Federal Decree Law and Cabinet Resolutions pertaining to AML compliance. These best practices include: Establishing Internal AI Governance Policies, Documenting AI Use Cases and Associated Risk Assessments, Maintaining Human Accountability for Compliance Outcomes, Conducting Ongoing Model Validation and Performance Monitoring, and Training Compliance Teams on AI Limitations and Risks.

Best Practices for Responsible AI Adoption in UAE AML Compliance
  • Establishing Internal AI Governance Policies: Creating and regularly updating risk-based procedures and controls to mitigate ML/TF and PF risks and ensuring that such procedures and protocols are formally approved by Senior Management and that due process for such approval is followed and documentation maintained.
  • Documenting AI Use Cases and Associated Risk Assessments: Identifying and assessing specific ML, TF, and PF risks that arise from using new AI technologies before they are implemented takes businesses a step closer to responsible AI Adoption in AML compliance.
  • Maintaining Human Accountability for Compliance Outcomes: Making sure that AML CO or MLRO at the management level actively monitors internal reports on filing CNMR/PNMR, implementing freezing measures, suspicious activities and transactions and takes the final decision on regulatory reporting to the FIU through goAML portal helps businesses ensure responsible AI Adoption in AML compliance.
  • Conducting Ongoing Model Validation and Performance Monitoring: Conducting and relying on independent controls and systems audit to ensure that AI systems remain consistent with the provisions of the Decree-Law and Cabinet Decision No. 134 of 2025, ensuring responsible AI Adoption in AML compliance.
  • Training Compliance Teams on AI Limitations and Risks: Developing, implementing, and documenting ongoing training programs and capacity building to ensure that the AML CO/MLRO and compliance team understand technology and related crime-prevention methods and contribute towards achieving responsible AI Adoption in AML compliance.

Together, these best practices support responsible technological innovation while maintaining the compliance integrity demanded by UAE’s financial ecosystem.

How AML UAE Helps with Responsible AI Adoption in AML Programs

At AML UAE, our AML Consultants assist Regulated Entities in responsibly integrating AI into their AML Compliance Program. Our advisory services include risk assessments, AML compliance department setup, AML software testing and validation, and integrating AI controls into existing AML policies and procedures.

This ensures that AI technologies enhance compliance effectiveness while remaining aligned with regulatory obligations, risk-based AML fundamentals, and help ensure responsible AI Adoption in AML compliance.

Final Thoughts: Balancing AI Innovation and AML Compliance

AI presents significant opportunities to strengthen AML compliance programs. However, its responsible adoption in AML compliance must be substantiated by clear governance, structured risk assessments, and strong human oversight.

By relying on a risk-based approach to AI integration, businesses can enhance financial crime detection capabilities while maintaining regulatory compliance and operational resilience within their AML compliance program.

Build a Robust AML Compliance Program

We provide customised AML/CFT Policies and Procedures that are compliant with UAE Laws

Contact Us

Frequently Asked Questions on AI in AML Compliance

Can artificial intelligence replace AML compliance professionals?

No, AI cannot replace AML compliance professionals. AI simplifies and makes the responsibilities of compliance professionals easy by helping them analyse large datasets, identify suspicious transactions or patterns, draft narratives and reports for escalations. In fact, regulatory expectations require human professionals to remain accountable for compliance decisions, regulatory reporting, and communication.

– Main risks of using AI in AML compliance programs are:

  • Model errors
  • Bias in risk scoring
  • Data privacy concerns
  • Over-reliance on automated outputs

Therefore, businesses must take adequate measures to ensure responsible AI Adoption in AML compliance.

Human oversight ensures that AI outputs are reviewed, validated, and accurately interpreted before influencing compliance decisions, such as regulatory reporting and filings. High-risk compliance tasks, such as SAR/STR filings, require human-in-the-loop review and approval.

Yes, AML Consultants can assist businesses in conducting AI risk assessments, designing governance frameworks, validating models and helping businesses with responsible AI Adoption in AML compliance.

Add a comment

Related Blogs

What a real estate broker must actually do
28/04/2026

AML Regulations for Real Estate Agents and Brokers in UAE

AML Regulations for Dealers in Precious Metals and Stones (DPMS) in UAE
28/04/2026

AML Regulations for Dealers in Precious Metals and Stones (DPMS) in UAE

24/04/2026

AML Regulations for DNFBPs in UAE

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

goAML Registration Guide – Dubai, UAE

goaml-registration-guide

goAML registration guide

Last Updated: 03/31/2026

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

goAML Registration Guide: Key Facts

  • goAML is the official online reporting platform used by the UAE Financial Intelligence Unit (FIU) to collect and disseminate suspicious financial transactions related to money laundering, terrorism financing, and proliferation financing.
  • Who must register: Financial Institutions, Designated Non-Financial Businesses and Professions (DNFBPs) and Virtual Assets Service Providers (VASPs)
  • Purpose: Submitting Suspicious Activity Reports (SAR), Suspicious Transaction Reports (STR), other AML compliance-related filings such as HRC, HRCA, and TFS related filings such as CNMR and PNMR
  • goAML Registration Cost: Registration on goAML is free of charges
  • Registration Process: goAML registration is a two-step process
    • SACM Registration
    • goAML Portal Registration
  • Regulator: UAE Financial Intelligence Unit
  • Penalty for goAML reporting failure: Regulated Entities will be subject to fines/penalties and/or imprisonment.
goaml-registration-guide

What is goAML in UAE?

goAML is an official reporting platform used by the UAE FIU to collect and disseminate suspicious activity and transaction reports from regulated entities, related to ML/TF or PF.

The goAML is a software application used by the UAE’s Financial Intelligence Unit (FIU) to curb money laundering and terrorist financing. The ownership of goAML lies with the United Nations Office on Drugs and Crime (UNODC). It is one of the UNODC’s strategic responses to money laundering and terrorist financing.

The goAML portal takes care of data collection, management, analytical, document management, workflow, and statistical needs of the UAE’s Financial Intelligence Unit.

goAML is used by the UAE FIU to: 

  • Receive Suspicious Activity and Transaction Reports (SARs/STRs) 
  • Monitor, disseminate, and analyse SARs/STRs filed 
  • Support AML/CFT and CPF investigations 
  • Ensure compliance with UAE AML/CFT/CPF and TFS laws.  
  • Article 46 of the Cabinet Resolution No. 134 of 2025 empowers the UAE FIU to receive reports from regulated entities, including FIs, DNFBPs, and VASPs. 

What is goAML registration?

goAML registration is nothing but the registration with the goAML portal maintained by the UAE FIU. Once the entities fulfil AML registration requirements, they get an email from the FIU regarding their successful Anti-Money Laundering registration.

Regulated entities in UAE must perform this anti-money laundering registration to report suspicious activities and transactions to the FIU.

Why should you register on UAE FIU goAML portal?

Is goAML registration mandatory?

No AML/CFT matters can be reported to the FIU or the regulatory authorities without registration on the goAML Portal. To ensure timely reporting of the following reports with the FIU and the concerned supervisory authority, the regulated organizations must register themselves on the goAML Portal:

  • Suspicious Activity Report (SAR)
  • Suspicious Transaction Report (STR)
  • Additional Information File without Transaction (AIF) 
  • Additional Information File with Transaction/s (AIFT) 
  • Request for Information without Transactions (RFI) 
  • Request for Information with Transaction/s (RFIT) 
  • Dealers in Precious Metals and Stones Report (DPMSR)
  • Real Estate Activity Report (REAR)
  • Confirmed Name Match Report (CNMR)
  • Partial Name Match Report (PNMR)
  • High-Risk Country Transaction Report (HRC)
  • High-Risk Country Activity Report (HRCA)

Who should register with goAML system in UAE?

In order to curb financial crimes, some businesses in the UAE are required to perform anti-money laundering registration. goAML Dubai is a state-of-the-art platform utilized by regulated entities in Dubai to fight money laundering and ensure regulatory compliance. The regulated organizations subject to the latest AML regulations in the UAE are required to carry out goAML reporting, including Suspicious Activity Report (SAR) and Suspicious Transaction Report (STR), to the FIU and the regulatory authorities. Accordingly, all the following AML-regulated organizations must register on the UAE FIU’s goAML Portal:
  • Financial Institutions
  • Virtual Asset Service Providers (VASPs)
  • Designated Non-Financial Businesses and Professions (DNFBPs)
    • Dealers in Precious Metals and Stones
    • Real Estate Agents and Brokers
    • Trust and Corporate Service Providers
    • Lawyers, Notaries, and independent legal professionals
    • Independent Accountants and Auditors

UAE goAML Registration Deadline

For the regulated organization that existed as on 31st March 2021, the deadline prescribed by the Ministry of Economy for the UAE FIU registration on the goAML portal was 31st March 2021. The date was later extended to 30th April 2021.

The regulated organisations which did not register then as per the deadline mentioned above can still register with the goAML UAE.

The companies newly incorporated in the UAE post the given deadline must register on the goAML system in UAE once they receive their Commercial or Trade License.

What are the documents required for goAML registration in UAE?

The following documents are required for goAML registration in UAE:

  • The organisation’s Authorisation Letter (Click to download goAML Registration Authorisation Letter template) in favour of the designated AML/CFT Compliance Officer
  • A copy of the passport, resident visa, and Emirates ID of the Compliance Officer
  • A copy of the organization’s commercial or trade license

In addition to the documents, the organization must also download the ‘Google Authenticator’ application on the mobile of the registered contact number.

How much does it cost to register for goAML?

The goAML registration does not involve any charges, and it is free for all DNFBPs, VASPs, and Financial Institutions.

UAE goAML Registration Type

The goAML Portal offers three types of goAML registration, as prescribed by the UAE’s Financial Intelligence Unit:

  • Reporting Entity
  • Stakeholder
  • Supervisory Body

Financial Institutions (FIs), VASPs, and DNFBPs must register on the goAML Portal with Registration Type “Reporting Entities”.

What are the steps to register on the goAML Portal in UAE?

Regulated Entities must adhere to the steps enumerated in the goAML System Registration Guide published by the Ministry of Economy and Tourism.

The goAML registration is a two-stage process enabling you to obtain the goAML login in UAE:

Stage 1: Register in the Service Access Control Manager (SACM) system of the UAE FIU to get Username and the Secret Key for accessing Google Authenticator.

Stage 2: Registration on the UAE FIU’s  goAML Portal, furnishing information about the organization and the Compliance Officer.

Stage 1 of goAML Registration: SACM Registration and Obtaining the Secret Key

The first stage is registering the entity to get the username and the SECRET CODE to access the Google Authenticator application on the mobile device.

a. Access https://services.uaefiu.gov.ae/sacm/registration.php and complete this form, attaching the documents mentioned above.

b. goAML Pre-registration Phase Guide – Key considerations to be taken care of while performing SACM Registration:

  • Mandatory fields marked with (*) must be completed
  • Select “Registration Type” as Reporting Entity
  • Appropriate Supervisory Authority must be selected
  • Under “ID Number/Reg. No.” captures the License Number as mentioned in the Trade License
  • Phone number and email address must be entered accurately to receive OTPs
  • Attachment of the supporting documents is allowed as PDF only
  • The documents to be uploaded – Authorization Letter, Trade/Commercial License, copy of Passport, Emirates ID and Residence Visa – must be merged and uploaded as a single pdf file
  • Do not forget to TICK the acceptance of the “goAML Portal Service Terms and Conditions” block
  • Ensure that the e-mail IDs are whitelisted – no-reply.sacm@uaefiu.gov.ae and no-reply.goaml@uaefiu.gov.ae

Upon submission of this form, you will receive an email on the registered email ID, capturing the Email OTP and URL to access the username and the Secret Key for setting up the Google Authenticator application.

The OTP is valid for 24 hours only.

c. Set up Google Authenticator

Install the Google Authenticator application on the mobile, with a contact number registered on the SACM.

Now create an account on the application, capturing the following details:

  • Capture the Account Name as “goAML Portal”.
  • Under Your Key field, enter the Secret Key received via email.

Stage 2 of goAML Registration: Completing goAML Registration

Now, complete the goAML registration.

a. SACM Portal Login https://services.uaefiu.gov.ae/goaml/ and log in using the username received post-SACM registration and a 6-digit code on the Google Authenticator as a Password.

Stage 2 of Goaml Registration

b. Upon Sign In, you will be directed to the goAML homepage.

c. Initiate the registration by clicking “Register as a New organization”.

d. goAML Registration Phase Guide – Key considerations to be taken care of while registering on FIU’s goAML Portal:

  • Select “Registration Type” as Reporting Entity
  • Mandatory fields marked with (*) must be completed
  • Accurately furnish organizational details and the details about the Compliance Officer
  • If you face any issues while registering, you can write to us at info@amluae.com and in case of any Portal related issue, write to goAML@uaefiu.gov.ae

e. Wait for email confirmation about the approval of your registration application, and you will get a unique “Org ID”, which is each organization’s unique goAML identity number.

Simplifying UAE FIU goAML Registration A Visual Guide

UAE FIU goAML Registration Approval

The registration applications submitted on UAE the FIU’s goAML Portal are approved by the organization’s Supervisory Authorities in the UAE. Some of the examples of such supervisory authorities include:

  • Central Bank of the UAE
  • Ministry of Economy and Tourism
  • Ministry of Justice
  • Capital Market Authority
  • Virtual Assets Regulatory Authority
  • Dubai Financial Services Authority
  • Financial Services Regulatory Authority
  • General Commercial Gaming Regulatory Authority

What should I do if I do not receive an email OTP for my goAML Pre-registration request?

Firstly, confirm whether email ID – no-reply.sacm@uaefiu.gov.ae has been whitelisted by your IT team. Also check your spam or junk emails.

If not received, write an email to goaml@uaefiu.gov.ae, with a request to resend the email OTP for the purpose of SACM login on the goAML Platform.

What if a business in UAE fails to Register in goAML?

Is goAML registration mandatory?

All Financial Institutions, VASPs and DNFBPs must register on the UAE FIU’s goAML Portal.

The failure to register on goAML Portal is a failure on the part of the regulated organization to implement necessary procedures to detect and “Report” suspicious transactions related to money laundering or terrorism financing.

What is the penalty for failure to register on the goAML portal?

Article 28 of the Federal Decree Law No. 10 of 2025 states that the failure to report is a violation of the AML/CFT regulations of the UAE and would attract punishment by imprisonment and a fine of not less than AED 100,000 and not exceeding AED 1,000,000, or either of these two penalties

Anti Money Laundering Registration and Subsequent Access to UAE goAML Portal

How do you log in to the goAML portal in the UAE?

Once registered successfully, you can access the UAE FIU goAML portal for your reporting purposes by navigating to the goAML Login URL: https://services.uaefiu.gov.ae/goaml/

Stage 2 of Goaml Registration

Sign-in to this pop-up using the username received post-SACM registration, and your Password would be the 6-digit code appearing on the Google Authenticator.

How to register as a “Person” on the UAE goAML Registration Portal?

Once the regulated organization is registered on the goAML Portal, new users can be added. For this, the person intending to access the organisation’s goAML Portal must first register on the goAML Portal.

Registration on goAML Portal as a “New User”

Following the below-mentioned steps for registering on the goAML Portal as a new user:

1. The new user must register on the SACM Portal by navigating https://services.uaefiu.gov.ae/sacm/registration.php

2. Upon approval of the SACM application or goAML pre-registration, the user will get an email for Username and Security Key

3. Download the Google Authenticator application on the mobile device and set up the app using Secret Key received

4. Access https://services.uaefiu.gov.ae/goaml/

Stage 2 of Goaml Registration

5. Upon Sign In, you will be directed to the goAML homepage.

6. Initiate the registration by clicking “Register as a New Person”.

7. The application for accessing the goAML Portal as a “new user” will be sent to the Compliance Officer of the organization (an ADMIN user for the organization’s goAML Portal access), who shall approve the new user request.

Key considerations to be taken care of while registering on FIU’s goAML Portal as a “New Person”:

  • Capture the “Organization ID” accurately to access your organization’s goAML Account
  • Mandatory fields marked with (*) must be completed

Approval of the “New User” Request by the Compliance Officer on the goAML Portal

Upon accessing goAML Portal, the Compliance Officer will be directed to the homepage.

1. Login https://services.uaefiu.gov.ae/goaml/

2. The Compliance Officer shall navigate the “ADMIN” menu and select “User Request Management” from the dropdown list.

3. The “User Change Request” page shall be displayed, and the Compliance Officer should click “Preview“ to verify the details

4. The Compliance Officer can approve or reject the new use request and may also add the comments for rejection, if any.

5. Upon finalisation of the request by the Compliance Officer, the user will get an email notification on the registered email ID.

Setting Access Rights for Users on the UAE goAML Portal for registered Reporting Entity?

The Compliance Officer of the reporting entity can specify the roles (as ADMIN or as USER) of various users on the goAML Portal, as under:

a. Login https://services.uaefiu.gov.ae/goaml/

b. Navigate the “ADMIN” menu and select “User-Role Management” from the dropdown list.

c. Select the user from the available list and specify the role for the person

The Compliance Officer can also create more roles, apart from ADMIN and USER, if required, by selecting “Role Management” option from the “ADMIN” menu.

Now, the Compliance Officer can add any new roles for the users and specify the corresponding access rights by clicking on “Add a new role for this entity” button.

How to disable an active user on the UAE goAML Portal?

The ADMIN user of the organization’s goAML Account can disable an active use, by clicking on “Disable” icon, as under:

I have forgotten my Password for the UAE goAML Portal. How do I reset it?

The goAML Portal Password can be reset as under:

1. Click on “Forgot Password” button

2. A pop-up will be provided to capture Username and Email ID (registered with goAML Portal)

3. An email shall be received on the registered email ID capturing the link to set a new Password.

I have forgotten my Username for accessing the UAE goAML Portal for 2nd Stage registration. How do I retrieve my FIU UAE goAML Login ID?

To retrieve the forgotten FIU UAE goAML Login Username, write an email to goAML Support Team on goaml@uaefiu.gov.ae, capturing the following information:

  1. Name of the organization
  2. Organization ID
  3. First and last name as registered on the goAML Portal
  4. Registered Email ID
  5. Emirates ID and Passport Number
  6. Date of Birth
  7. Nationality

Do I get UAE FIU goAML Registration Certificate?

The Financial Institutions, Virtual Asset Service Providers, and Designated Non-Financial Businesses and Professions have to register with the UAE FIU goAML system.

Once registered, the FIU UAE will share an email confirming the approval of the registration.

What is the UAE FIU goAML Contact Number?

goAML helpdesk contact number is: +971 2 6915599.

You may also contact goAML helpdesk by email: contact@uaefiu.gov.ae.

How do I update the changes in the organizational details on the UAE goAML Portal?

The Compliance Officer can update the changes in the organizational details as under:

a. Login https://services.uaefiu.gov.ae/goaml/

b. The Compliance Officer shall go to the “My goAML” menu and click on “My Org Details” from the dropdown list.

c. The Compliance Officer can now update the details like –

  • Organization name and address
  • Incorporation number
  • Nature of business activities
  • Website, Email ID and Contact number
  • Contact Person

d. Upon submission of the change details, the Supervisory Authority will verify and approve these changes. The Compliance Officer shall get an intimation for the approval by way of email on the registered email ID.

 

How do I deregister from the UAE FIU goAML Portal?

goAML Deregistration Procedure:

  1. Write an email to aml@economy.ae and cc it to goaml@uaefiu.gov.ae
  2. Include the following information in your goAML deregistration email:
    • goAML Registration Number
    • Entity Name
    • Individual Name
    • Supervisory Body
    • Date of Cancellation of Trade License
  3. Attach your Trade License copy and Clearance Certificate issued by the relevant authority

You should received goAML Deregistration email conformation shortly.

How to access goAML message board?

To access the goAML message board, log in to the goAML portal and select message board from the menu bar. You will be able to see the inbox. Further, the messages can only be exchanged between a registered entity and the FIU.

How to change MLRO in goAML?

In order to change MLRO in goAML, the new MLRO needs to register as an individual using the same organisation ID. 

The regulator will then approve the newly registered MLRO, and then the new MLRO needs to inform the support team of goAML – goaml@uaefiu.gov.ae to deactivate the old MLRO and activate him as the new MLRO.

How AML UAE Can Help with goAML Registration 

Navigating goAML registration and AML compliance requirements in UAE can be complex. AML UAE provides end-to-end support to help regulated entities register efficiently and remain compliant with AML/CFT and CPF requirementsAML UAE helps with: 

  • Identifying goAML registration requirements  
  • Preparing and reviewing required documentation 
  • Assisting with SACM and goAML portal registration 
  • Supporting ongoing reporting obligations such as SAR/STR filings 
  • Advising on AML/CFT policies, procedures, and risk assessments 

With expert AML consultants for support, businesses in UAE can avoid common goAML registration and reporting errors, reduce delays, and ensure compliance with regulatory requirements. 

FIU UAE goAML Registration Step-by-Step Guide

Download UAE goAML registration guide: UAE Financial Intelligence Unit (FIU)

Download goAML Pre-registration Guide
Download goAML Registration Guide
Download goAML Registration Guide eBook

FIU UAE goAML Registration Step-by-Step Guide: Video

What is goAML in UAE?

UAE’s Financial Intelligence Unit (FIU) launched a new anti-money laundering platform called goAML in UAE with the aim to regulate and control organized financial crimes.  

goAML registration is the process that financial institutions and designated non-financial businesses and professions (DNFBPs) must follow to register on the goAML system. It includes registration on the goAML portal’s protection system (SACM) followed by registration on the goAML system.  

goAML is an integrated system used to fight against money laundering and terrorism financing. The United Nations Office on Drugs and Crime (UNODC) built this system. All financial institutions and DNFBPs required to comply with AML guidelines are supposed to register on this platform.  

To register for anti-money laundering in UAE, relevant entities must register into the FIU goAML system. This system collects data on the SAR, STR, REAR, DPMSR, HRC, HRCA, CNMR, and PNMR submitted by entities.

  1. Visit https://services.uaefiu.gov.ae/ Systems >> GOAML
  2. Login using username received from no-reply.sacm@uaefiu.gov.ae &Google Authenticator Passcode as the password
  3. Login using the username and password created at the time of registering on goAML Portal

In response to money laundering and terrorist financing, the goAML application is available to more than 60 member states of the United Nations Office on Drugs and Crime (UNODC) through their country FIUs.

goAML collects data on suspicious transaction reports, Dealers in Precious Metals and Stones Report (DPMSR) and other reports from country-specific FIUs, evaluates them, disseminates intelligence reports to relevant authorities and exchanges reports or data with other global authorities.  

For goAML Login, click on link: https://services.uaefiu.gov.ae/ for goAML login. Then click on Systems, click on goAML, then provide your Username and the Google Authenticator Passcode as the Password. Click Sign In. You will now be redirected to the goAML UAE homepage. Now, click the Login button and provide the Username and Password created at the time of registering on the goAML portal and click login.  

UAE Financial Intelligence Unit (FIU) is empowered to receive Suspicious Transactions Reports (STR), Suspicious Activity Reports (SAR), Dealers in Precious Metals and Stones Report (DPMSR), Real Estate Activity Report (REAR) via a portal specifically maintained for the purpose viz., goAML. DNFBPs and FIs in UAE are required to file these reports with goAML UAE.

DNFBPs in UAE have to register with the goAML portal and provide all mandatory information and supporting documents. The FIU UAE will verify this information and send an email notifying the approval of the registration.

1. If you ever forget your UAEFIU goAML login password, hit forget password button as highlighted below:

goAML Forgot Password

2. It will pop up the reset password request window. You need to enter your user name, registered email, CAPTCHA, and hit submit

goAML Reset Password

3. You will receive a link on your registered email which will help you reset your UAE goAML password

goAML Change your password

In order to update organization detail, the registered user needs to login to the UAE FIU goAML portal, go to the My goAML Menu, and then click My Org Details Menu.

Here, the user can update information like business name, licensed activity, incorporation number, email, website, contact person, telephone number, and address.

The supervisory authority will verify the information, and upon approval, an automated confirmation email will be sent to the organization’s registered email.

Registering for goAML in the UAE involves pre-registration on the SACM portal, where documents such as the trade license, the MLRO’s ID, and the authorisation letter are uploaded, after which the email containing the goAML login credentials is received. The goAML website can be logged in to using credentials received from SACM and Google Authenticator, and registration as a new organisation can be completed.

If you are not receiving emails from CBUAE’s goAML system, make sure you have white-listed the emails no-reply.sacm@uaefiu.gov.ae and no-reply.goaml@uaefiu.gov.ae.

Yes, delegating your CBUAE FIU goAML reporting responsibilities to third parties is possible. You may outsource goAML reporting responsibilities for STR, SAR, DPMSR, REAR, etc., to external parties, but it is recommended that such parties create an account on the goAML portal before providing such services.

The admin user of the goAML portal should click the change Selected Delegating Organization, provide the Organization ID associated with the delegated party, and submit the request. The supervisory authority will verify the information and approve the change.

Yes, you can. Navigate to My goAML menu and make the required changes. The admin user of your organization must approve the change in email, and then the supervisory authority will verify the information and approve the change.

You need to click the preview button before submitting an STR/SAR/DPMSR/PNMR/CNMR/REAR and then click the print button to print the report.

STR Preview button

STR Printing

The CBUAE FIU goAML registration in UAE is approved by the respective regulator or supervisory body.

The goAML Message Board facilitates communication between the FIU UAE and the goAML users. The reporting entities can come to know of the status of their submitted reports immediately through the message board. The FIU also requests its information requirement through the message board. The goAML message board is not specific to a particular user, but it is for the reporting entity as a whole.

The United Nations Office on Drugs and Crime (UNODC) developed the goAML software. It is an integrated system for Financial Intelligence Units to receive, analyse, and distribute Suspicious Transactions Reports (STRs) in an efficient way. The UAE is the first country in the Gulf to adopt this modern STR reporting system.

UNODC is the United Nations Office on Drugs and Crime. You can reach UNODC at https://www.unodc.org/

The goAML portal is maintained by the FIU UAE. For all IT and technical related issues, please send an email to goAML@uaefiu.gov.ae

One can contact the FIU UAE on +971 2 6915599, email: contact@uaefiu.gov.ae.

One needs to register with the UAE FIU goAML portal. The detailed guide for FIU registration process is available here: https://amluae.com/goaml-registration-guide/

goAML is a communication medium between the reporting entity and the Financial Intelligence Unit (FIU). All the suspicion reports and reporting of designated transactions prescribed under AML/CFT regulations will be reported via the goAML Portal. So to submit these reports, a reporting entity shall initially have to register with the goAML.

Failure to register on goAML Portal may result in severe penalties invoked by the Supervisory Authority, ranging from AED 50,000 to AED 5,000,000.

All FIs, DNFBPs & VASPs must register on the goAML portal and implement the policies and procedures to identify and report any suspicious transactions related to money laundering or terrorism financing.

Share via :

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik