AML Laws in UAE: Complete Guide to AML/CFT Legislation 2026

AML/CFT/CPF Legal Framework in the UAE

Pathik Shah

Last Updated: 03/17/2026

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Key Highlights:

  • Federal Decree Law No. (10) of 2025 is the principal regulation dealing with AML/CFT/CPF in the UAE
  • Cabinet Resolution No. (134) of 2025 is the implementing regulation of the Federal Decree Law No. (10) of 2025
  • The respective supervisory authorities issue sector-specific guidelines
  • ADGM and DIFC have their Own Rulebooks, and regulated entities operating from financial free zones must follow Federal Law in addition to these rulebooks

A guide to Anti Money Laundering AML Laws in UAE | 2026

The UAE’s AML framework requires regulated entities to identify customers, assess risk, monitor transactions, screen for sanctions and terrorism financing, and report suspicious activity to the UAE FIU through goAML, supported by strong governance, training, and audit controls.

It is critical to combat money laundering and terrorism financing and safeguard the economy.  In these efforts to identify and mitigate the financial crime risks, here is the comprehensive guide to Anti-Money Laundering (AML) Laws in the UAE for various regulated entities.

AML/CFT/CPF Legal Framework in the UAE

As part of the UAE government’s efforts to fight these financial crimes, AML/CFT regulations have been issued, supported by detailed guidelines from various supervisory authorities that lay down the principles and best practices for identifying financial crime instances and mitigating the risks, in accordance with the federal AML regulations.

AML/CFT/CPF Legal Framework in the UAE

Federal AML/CFT/CPF Laws and Executive Regulations

The Federal AML/CFT/CPF laws and executive regulations apply to banks, financial institutions, DNFBPs, and VASPs operating in the mainland and free zones (commercial as well as financial free zones).

The following are the key AML regulations setting the foundation for the regulated entities to detect and mitigate the ML/FT and PF risks:

Federal AML/CFT/CPF Laws and Executive Regulations

NRA, SRA, and Other Important Guidelines

UAE ML/FT National Risk Assessment

UAE PF National Risk Assessment

The above-referred-to NRAs outline the outcomes of the UAE’s national assessment of financial crime vulnerabilities, threats, and risks across various sectors. It also evaluates the quality of the controls deployed by these regulated sectors to manage the risks.

AML/CFT/CPF Guidance Applicable to All Reporting Entities

The following are the key AML/CFT/CPF and TFS-related guidance and guidelines issued by the concerned authorities, which are relevant to all the regulated entities and guide them in the effective implementation of the federal regulations:

AML/CFT/CPF Guidance Applicable to All Reporting Entities

History of UAE AML Regulations

History of UAE AML Regulations
  • The Federal Decree Law No. (10) of 2025 came into effect from October 14, 2025, and it repealed Federal Decree Law No. (20) of 2018 and Federal Decree Law No. (26) of 2021 (amendments to the 2018 AML law).
  • The Cabinet Resolution No. (134) of 2025 came into effect from December 14, 2025, and it repealed Cabinet Decision No. (10) of 2019 and Cabinet Resolution No. (24) of 2022 (amendments to the 2019 Executive Regulation).
  • Federal Law No. (7) of 2014 Combating Terrorism Crimes came into effect from 1st September 2024, and it repealed Federal Decree-Law No. (1) of 2004 on Combating Terrorist Crimes.
  • Cabinet Resolution No. (74) of 2020 Regulating the Terrorist Lists and Implementing the Security Council’s Resolutions Regarding the Prevention and Suppression of Terrorism and its Financing and Proliferation of Armaments and the related Resolutions came into force with effect from 29th October 2020, and it repealed Cabinet Resolution No. (20) of 2019 Concerning the Regulation of Terrorism lists and the application of the Security Council resolutions and the relevant resolutions on the prevention, suppression of terrorism and its financing and the cessation of weapon proliferation and its financing & the Relevant Resolutions.
  • Cabinet Resolution No. (71) of 2024 Regulating Violations, Administrative Penalties Imposed on Violators of Measures for Confronting Money Laundering and Combating Financing of Terrorism Subject to the Control of Ministry of Justice and Ministry of Economy came into force with effect from 8th July 2024, and it repealed the Cabinet Resolution No. (16) of 2021 Concerning the Unified List of Violations and Administrative Fines Imposed on Violators of Measures for Confronting Money Laundering and Combating the Financing of Terrorism Who are Under the Control of the Ministry of Justice and Ministry of Economy.
  • Cabinet Decision No. (109) of 2023 On Regulating the Beneficial Owner Procedures came into force on 6th November 2023, and it repealed the Cabinet Resolution No. (58) of 2020 regulating Real Beneficiary Procedures.
  • Cabinet Resolution No. (132) of 2023 Concerning the Administrative Penalties against Violators of The Provisions of the Cabinet Resolution No. (109) of 2023 Concerning the Regulation of Beneficial Owner Procedures came into force with effect from 30th December 2023, and it repealed The Cabinet Resolution No. (53) of 2021 concerning Administrative Penalties imposed on Violators of the provisions of Cabinet Resolution No. (58) of 2020 concerning Regulating Real Beneficiary procedures.

Who Must Comply with AML Law in the UAE?

The AML Law in the UAE applies to Financial Institutions, Designated Non-Financial Businesses and Professions (DNFBPs), and Virtual Asset Services Providers (VASPs).

Who Must Comply with AML Law in the UAE

AML/CFT Covered Activities for Banks and Financial Institutions

The Financial Institutions undertaking the following activities would be subject to AML compliance:

  • Accepting deposits and other repayable funds from the public.
  • Lending, including consumer credit and mortgage lending and financing commercial transactions, including the purchase of export bills and debts.
  • Financial leasing, excluding financial leasing related to consumer products.
  • Money or value transfer services.
  • Issuing and managing means of payment, such as debit cards, credit cards, cheques, payment orders, banker’s drafts, and electronic money.
  • Financial guarantees and commitments.
  • Trading in money market instruments such as cheques, bills of exchange, certificates of deposit, derivatives and related instruments; or foreign exchange; or currency, interest rate and index instruments; or other financial derivatives; or negotiable financial instruments; and trading in commodity futures contracts.
  • Participating in securities issuance and providing financial services related to such issuances.
  • Managing funds and portfolios of all types.
  • Safekeeping and administration of cash or liquid securities on behalf of others.
  • Other operations involving investment, management, or administration of funds or money on behalf of others.
  • Underwriting or subscribing to life insurance policies and other investment-related insurance products, including those provided by insurance agents and brokers.
  • Currency exchange.

AML/CFT Covered Activities for Designated Non-Financial Businesses and Professions (DNFBPs)

The Designated Non-Financial Businesses and Professions include: 

  • Real estate brokers and agents conduct transactions related to the purchase or sale of real estate on behalf of their customers.
  • Dealers in precious metals and stones.
  • Lawyers, notaries, other independent legal professionals, and independent accountants, when preparing, conducting, or executing financial transactions:
    • Purchase and sale of real estate.
    • Management of funds owned by the Customer.
    • Management of bank accounts, savings accounts, or securities accounts.
    • Organising contributions for the creation, operation, or management of companies.
    • Creating, operating, or managing juristic persons or Legal Arrangements, or the sale or purchase of business entities.
  • Company and trust service providers, when carrying out a transaction in relation to the following activities:
    • Acting as an agent in the incorporation or creation of legal persons.
    • Acting, or arranging for another person to act, as a director or secretary of a company, or as a partner or in an equivalent position in another legal person.
    • Providing a registered office, business address, residence, correspondence address, or administrative address for a company, another legal person, or a legal arrangement.
    • Acting, or arranging for another person to act, as a Trustee of an express trust or performing an equivalent function for another form of legal arrangement.
    • Acting, or arranging for another person to act, as a nominee shareholder for another person.
  • Operators of Commercial Games (included in the definition of the DNFBP vide Cabinet Decision No. (134) of 2025, effective December 14, 2025.)

AML/CFT Covered Activities for Virtual Asset Service Providers (VASPs) in UAE

Virtual Asset Service Providers shall be subject to AML compliance when undertaking the following activities:

  • Exchange between Virtual Assets and fiat currencies.
  • Exchange between one or more types of virtual assets.
  • Transfer of virtual assets.
  • Safekeeping or administration of virtual assets or instruments enabling control over virtual assets.
  • Providing financial services or activities related to the issuer’s offering, sale, or participation in virtual assets.

AML/CFT Supervisory Authorities in the UAE

For overseeing the enforcement of the above-mentioned federal AML regulations and also to issue the relevant guidance to the supervised entities under their respective purview in line with the powers granted under the federal AML regulations, the following authorities have been designated as the AML Supervisory Authorities:

Supervised Entities

Supervisory Authority

Jurisdictions

Financial Institutions

Central Bank of the UAE

Entire UAE (except financial freezones)

Trusts and Company Service Providers

Ministry of Economy and Tourism

Entire UAE (except financial freezones)

Dealers in Precious Metals and Stones

Ministry of Economy and Tourism

Entire UAE (except financial freezones)

Independent Auditors and Accountants

Ministry of Economy and Tourism

Entire UAE (except financial freezones)

Real Estate Brokers and Agents

Ministry of Economy and Tourism

Entire UAE (except financial freezones)

Lawyers, Notaries and Legal Consultants

Ministry of Justice

Entire UAE (except financial freezones)

Capital Market

Capital Market Authority

Entire UAE (except DIFC and ADGM)

Virtual Asset Service Providers

Capital Market Authority

Entire UAE (except Dubai)

Virtual Assets Regulatory Authority

Emirate of Dubai (except DIFC)

All regulated entities in DIFC

Dubai Financial Services Authority

DIFC

All regulated entities in ADGM

Financial Services Regulatory Authority

ADGM

Operators of Commercial Games

General Commercial Gaming Regulatory Authority

Entire UAE (except financial freezones)

Financial Intelligence Unit (FIU): While the above-mentioned authorities supervise AML implementation by regulated entities, the Financial Intelligence Unit (FIU) remains the central reporting authority from an AML perspective, irrespective of the nature of the business or the location of operations in the UAE.

Executive Office for Control and Non-Proliferation (EOCN): The authority enforcing the targeted financial sanctions regime in the UAE is the EOCN, which is also receiving, reviewing and guiding the regulated entities on implementing the TFS and evaluating the reports made by the regulated entities related to sanctions match (reporting is done through the goAML Portal only).

Sector-Specific AML/CFT/CPF Legal Framework in the UAE

The regulatory framework for AML/CFT/CFP in the UAE is structured across multiple sectors, each governed by dedicated laws, executive regulations, supervisory authorities, and guidance frameworks.

The UAE’s AML/CFT framework imposes comprehensive obligations on a wide spectrum of entities. While all regulated sectors must adhere to the core federal legislation, i.e., Federal Decree-Law No. (10) of 2025 and Cabinet Resolution No. (134) of 2025, they are also subject to detailed sector-specific laws, regulations, and guidance from their respective authorities.

To simplify navigation of this landscape, the following consolidates the primary legislation, rulebooks, circulars, guidelines, compliance publications, and regulatory bodies across all sectors.

AML/CFT/CPF Legal Framework for Designated Non-Financial Businesses and Professions (DNFBPS)

DNFBPs encompass a range of non-financial businesses and professions that are particularly vulnerable to money laundering, terrorism financing, and proliferation financing due to the nature of the products or services they offer. These entities, which include dealers in precious metals, real estate agents, legal professionals, corporate service providers, independent accountants and auditors, and operators of commercial games must comply with federal AML/CFT laws, as well as the sector-specific regulations issued by their respective supervisory authorities.

All DNFBPs have to adhere to:

AML/CFT/CPF Legal Framework for Designated Non-Financial Businesses and Professions (DNFBPS)
  • Implementation Guide For DNFBPs on Customer Risk Assessment (CRA) – November 2024
    The guide focuses on the customer risk assessment process that DNFBPs must perform as part of customer onboarding. It elaborates on the CRA methodology and the risk factors that different DNFBPs must consider.
  • Implementation Guide For DNFBPs on Customer Due Diligence (CDD) – November 2024
    This guide provides practical insights into the CDD process that DNFBPs follow. It aims to assist entities with their day-to-day challenges related to CDD and to guide them on international best practices for CDD.

AML/CFT/CPF Legal Framework for Dealers in Precious Metals & Stones (DPMS)

AML/CFT/CPF Legal Framework for Dealers in Precious Metals & Stones (DPMS)
Supervisory Authority for Dealers in Precious Metals and Stones Sector: 

The Ministry of Economy and Tourism (MoET) is the AML supervisory authority for the dealers in the precious metals and stones sector operating in and from the UAE Mainland and the commercial free zones.

AML/CFT/CPF Laws, Regulations and Guidance Applicable to DPMS Sector:
DPMS Sector-Specific AML/CFT/CPF Guidelines & Circulars:

Along with the above-referred federal decree laws and implementing regulations, and cabinet decisions, the DPMS is required to adhere to the following guidance documents and relevant ministerial decrees:

  • Circular No. 2/2021 Calls for the implementation of AML/CFT obligations by DPMS and explains the supervisory authority’s procedures for onsite and offsite inspection for the compliance of the same.
  • Supplemental Guidance for Dealers in Precious Metals and Stones – May 2019
    The supplemental guidance document is to be read with the above-mentioned DNFBP guidelines. This supplemental guidance details the DPMS activities that shall be subject to AML compliance. It also includes certain illustrations of the sectoral abuse for money laundering and terrorism financing.

AML/CFT/CPF Legal Framework for Real Estate Agents & Brokers

AML/CFT/CPF Legal Framework for Real Estate Agents & Brokers
Supervisory Authority for Real Estate Brokers and Agents: 

The Ministry of Economy and Tourism (MoET) is the AML supervisory authority for real estate agents and brokers operating in the UAE (except those licensed and operating from DIFC and ADGM).

AML/CFT/CPF Laws, Regulations and Guidance Applicable to Real Estate Sector:
Real Estate Sector-Specific AML/CFT/CPF Guidelines & Circulars

Real estate agents and brokers are required to comply with the additional guidance documents, in addition to the above-referred federal decree laws, implementing regulations, and cabinet decisions.

  • Circular No. 1/2021 Calls for the implementation of AML/CFT obligations by real estate agents and brokers and explains the supervisory authority’s procedures for onsite and offsite inspection for the compliance of the same.
  • Supplemental Guidance for the Real Estate Sector – May 2019
    The supplemental guidance document is to be read in conjunction with the DNFBP guidelines. This guidance documents the various real estate-related activities which are vulnerable to financial crime. Various examples of the exploitation of the real estate sector for money laundering and terrorism financing are provided, along with the sectoral ML/FT red flags.

AML/CFT/CPF Legal Framework for Trust & Corporate Service Providers (TCSPs)

AML/CFT/CPF Legal Framework for Trust & Corporate Service Providers (TCSPs)
Supervisory Authority for Trust & Corporate Service Providers: 

The Ministry of Economy and Tourism is the AML supervisory authority for trust and corporate service providers licensed in the UAE Mainland and the commercial free zones.

AML/CFT/CPF Laws, Regulations and Guidance Applicable to TCSPs:
TCSP Sector-Specific AML/CFT/CPF Guidelines

TCSPs are mandated to adhere to the guidance documents, in addition to the federal AML regulations mentioned above.

  • Circular No. 4/2021 Calls for the implementation of AML/CFT obligations by TCSPs and explains the supervisory authority’s procedures for onsite and offsite inspection for the compliance of the same.
  • Supplemental Guidance for Trust & Company Service Providers – May 2019
    The supplemental guidance must be read in parallel with the DNFBP guidelines referenced above. This guidance lists various activities performed by the TCSP that shall be subject to AML measures, and others that are low risk and do not require risk mitigation measures. It also captures the sectoral red flag indicators that the TCSP must be mindful of.

AML/CFT/CPF Legal Framework for Auditors & Independent Accountants

AML/CFT/CPF Legal Framework for Auditors & Independent Accountants
Supervisory Authority for Auditors and Independent Accountants: 

The independent auditors and accountants (licensed in the UAE, except those licensed by the FSRA and DFSA) are subject to AML supervision by the Ministry of Economy and Tourism.

AML/CFT/CPF Laws, Regulations, and Guidance Applicable to Auditors and Independent Accountants:
Auditors & Independent Accountants Sector-Specific AML/CFT/CPF Guidelines & Circulars

Independent accountants and auditors are required to develop the AML program in accordance with the guidance documents listed below, as well as the federal decree law, the cabinet decision, and general AML publications at the federal level.

  • Circular No. 3/2021 Calls for the implementation of AML/CFT obligations by Accountants and Auditors and explains the supervisory authority’s procedures for onsite and offsite inspection for the compliance of the same.
  • Supplemental Guidance for Auditors – June 2019
    The supplemental guidance for auditors is to be considered as a follow-up document to the above-mentioned DNFBP guidelines. This guidance lists various risks that the independent auditors may encounter while discharging their professional duties. The guidance also documents examples of abuse of auditor services, certain known typologies, and sectoral red flag indicators that the auditor should be mindful of.

AML/CFT/CPF Legal Framework for Lawyers, Notaries & Other Legal Professionals

AML/CFT/CPF Legal Framework for Lawyers, Notaries & Other Legal Professionals
Supervisory Authority for Lawyers, Notaries, and Other Legal Professionals: 

The Ministry of Justice (MoJ) is the AML supervisory authority for lawyers, notaries and independent legal professionals operating in the UAE (except the financial free zones).

AML/CFT/CPF Laws, Regulations and Guidance Applicable to Lawyers, Notaries, and Other Legal Professionals
Legal Sector-Specific AML/CFT/CPF Guidelines

Legal professionals, lawyers, and law firms are required to implement an AML program in accordance with regulatory documents issued by the MoJ, as well as the federal AML regulations mentioned above.

  • Lawyers’ Guide on AML/CFT (2026) The guide illustrates the best practices that lawyers and legal professionals should adopt to comply with AML obligations regarding the identification, assessment, and mitigation of ML/FT risks they may face. It places emphasis on firm-level accountability, firm-wide risk assessment processes aligned with FATF standards, integration of CPF controls alongside AML/CFT controls, reliance on data analytics and client behaviour patterns beyond traditional ID checks.
  • Circular No. (1) of 2025 regarding the commitment of law firms to the controls of institutional assessment processes (Available only in Arabic) Requires legal professionals and lawyers to conduct and document institutional risk assessments specifically addressing proliferation financing risks and requires them to update their internal AML/CFT controls to align with FATF recommendations and UAE non-proliferation laws, particularly Federal Decree-Law No. 43 of 2021 on the Goods Subject to Non-Proliferation. It further mandates the Compliance Officers to follow guidance issued by the MoJ and the EOCN to prevent involvement of legal professionals and practitioners in transactions linked to weapons proliferation
  • Circular No. (1) of 2024 regarding simplified due diligence procedures. (Available only in Arabic)
    The circular elaborates on the simplified due diligence measures that the law firms and legal professionals may apply to the customers identified as posing low ML/FT risks.

AML/CFT/CPF Legal Framework for Operators of Commercial Games (New Sector)

AML/CFT/CPF Legal Framework for Lawyers, Notaries & Other Legal Professionals

Supervisory Authority for Operators of Commercial Games: 

The General Commercial Gaming Regulatory Authority (GCGRA) is the AML supervisory authority for the newly brought commercial gaming operators under the AML regime.

AML/CFT/CPF Laws, Regulations and Guidance Applicable to Operators of Commercial Games:

Sector-Specific AML/CFT/CPF Guidelines for Commercial Game Operators: 

For now, the gaming operators are required to comply with the above-referred federal decree laws and implementing regulations, as well as cabinet decisions, while the sector-specific AML/CFT guidelines are yet to be issued by the GCGRA.

Additionally, it is recommended to consider the following:

  • Policy Paper – Commercial Gaming Policy (2025)
    This policy paper has been issued jointly by the NAMLCFTC and GCGRA. The policy paper documents the key ML/FT and PF risks associated with the gaming industry and provides the targeted recommended strategies that can be adopted to mitigate the risks.

AML/CFT/CPF Legal Framework for Virtual Asset Service Providers (VASPs)

All Virtual Asset Service Providers have to adhere to:

AML/CFT/CPF Legal Framework for Virtual Asset Service Providers (VASPs)

VASPs are subject to different authorities depending on the jurisdiction in which they operate. Accordingly, VASPs are expected to comply with the AML guidelines and rulebooks issued by the relevant AML supervisory authority.

In addition to this, the VASPs are required to refer to the following FATF publications when developing their ML/FT risk mitigation framework (mandated by the supervisory authorities):

  • FATF’s Targeted Update on Implementation of FATF Standards on Virtual Assets and VASPs
    The report highlights the FATF’s observations and feedback on the implementation of the FATF standards in the virtual asset sector across various countries. It also discusses the evolving risks and the exploitation of virtual assets for proliferation and terrorism financing. The last section of the report documents the FATF’s recommendations to VASPs and regulatory authorities.

The VASPs are also expected to refer to this report issued by Public Private Partnership Sub Committee and NAMLCFTC  –  Rising Use of Virtual Currencies by Criminals to Launder Their Illegal Profit.” The report documents how virtual currencies are misused for laundering and terrorism financing, lists certain red flag indicators, and includes key recommendations for regulated entities. 

AML/CFT/CPF Legal Framework for VASPs in the Emirate of Dubai

AML/CFT/CPF Legal Framework for VASPs in the Emirate of Dubai
Supervisory Authority for Virtual Asset Service Providers in the Emirate of Dubai

The Virtual Asset Regulatory Authority (VARA) is the AML supervisory authority for the VASPs licensed and operating in or from Dubai.

AML/CFT/CPF Laws, Regulations and Guidance Applicable to VASPs in the Emirate of Dubai:
Sector-Specific AML/CFT/CPF Guidelines for VASPs in the Emirate of Dubai

Along with the above-referred federal decree laws and implementing regulations, and cabinet decisions, the VASPs subject to VARA supervision are required to comply with the following:

  • VARA’s Compliance and Risk Management Rulebook
    Part III of the rulebook provides detailed guidance to the VARA-licensed VASPs on the AML/CFT obligations, including the mandate to adequately assess the business risks arising from virtual asset operations. The rulebook requires VASPs to develop an AML program, led by a fit-and-proper person (Compliance Officer), that assists VASPs with customer onboarding, transaction monitoring, record maintenance, etc.

AML/CFT Legal Framework for VASPs in the UAE (Except in the Emirate of Dubai)

Supervisory Authority for Virtual Asset Service Providers in the UAE (Except in the Emirate of Dubai)

The VASPs, operating in or from anywhere in the UAE, except Dubai and the financial free zones, are subject to AML supervision by the Capital Market Authority of the UAE.

AML/CFT/CPF Laws, Regulations and Guidance Applicable to VASPs in the UAE (Except in the Emirate of Dubai) :
Sector-Specific AML/CFT/CPF Guidelines for VASPs in UAE (Except in the Emirate of Dubai)
  • Guidelines: Regulations of Virtual Assets and VASPs (2023)
    This CMA issued guidelines mandate that VASPs develop and implement a robust AML/CFT and sanctions compliance program, including the appointment of a Compliance Officer, documenting a comprehensive AML/CFT policy and procedures, assessing business and customer risks, applying adequate CDD measures, etc.
  • Circular on CMA’s Examination Observation Report
    The report highlights shortcomings across the sector related to ML/FT and defines expectations for regulated entities to take robust measures to ensure that the developed AML/CFT and sanctions compliance program is aligned with the business risk.
  • CMA Questions and Answers – NRA
    The CMA issued the FAQs in line with the latest NRA, setting out the CMA’s expectations of regulated entities to update their EWRA and align it with the outcome of the latest ML/FT NRA

AML/CFT Legal Framework for Financial Free Zones

The financial free zones in the UAE, i.e. DIFC and ADGM, operate under their own legal and regulatory frameworks that are aligned with federal AML/CFT requirements. These jurisdictions have enacted specific laws and rulebooks to govern business activities within their territories while ensuring consistency with the national AML/CFT strategy.

AML/CFT/CPF Laws, Regulations, and Guidance Applicable to Financial Free Zones

AML/CFT Legal Framework for Financial Free Zones

AML/CFT/CPF Legal Framework for Abu Dhabi Global Market (ADGM)

AML/CFT/CPF Legal Framework for Abu Dhabi Global Market (ADGM)
Supervisory Authority for Abu Dhabi Global Market: 

All the entities operating in or from ADGM are subject to oversight and supervision of the Financial Services Regulatory Authority (FSRA).

AML/CFT/CPF Laws, Regulations and Guidance Applicable to ADGM
ADGM AML/CFT/CPF Legal Framework and Key Deviations from the Federal AML/CFT/CPF Law:

Compared to the federal AML regulations, the scope of DNFBP is wide, covering a larger number of entities within the AML ambit, where the possibility of abusing the sector for ML/FT is high. In ADGM, DNFBP includes the following:

  • a real estate agency which carries out transactions with other persons that involve the acquiring or disposing of real property,
  • a dealer in precious metals or precious stones,
  • a dealer in any saleable item of a price equal to or greater than USD 15,000,
  • an accounting firm, audit firm, insolvency firm or taxation consulting firm,
  • law firm, notary firm or other independent legal business, and
  • Company Service Provider.
ADGM-Specific AML/CFT/CPF Laws, Regulations and Guidance

The FSRA-regulated entities are required to adhere to the following additional regulatory rulebook and guidance documents, along with federal decree laws and implementing regulations, as well as cabinet decisions.

  • Review the new laws in detail
  • Analyse the impact of the new law on their AML/CFT and TFS compliance framework
    • Update their AML/CFT and TFS policies, procedures, manuals, and tools to ensure complete alignment with the new laws.
  • FSRA – FCCP – Notice No. 91 of 2025 – Updated on Targeted Financial Sanctions (TFS) Guidance Requires all relevant persons to refer to updated TFS guidance to ensure compliance with screening and ongoing enforcement procedures.
  • goAML Registration Quick Guide (for DNFBPs) This quick guide is aimed at assisting DNFBPs with registering on the goAML system to enable filing mandatory reports with UAEFIU and ensure compliance with ADGM AML requirements.
  • ADGM Quick Guide – Know Your Customer (KYC) (for DNFBPs) The quick guide on KYC helps regulated DNFBPs understand the key elements of the KYC process for onboarding individual and corporate customers. It also includes certain examples of the KYC measures to be followed under different scenarios.
  • RAs Self-Assessment Form for DNFBPs Regulator’s Self-Assessment Form is provided to serve as supplementary information to the ADGM Registration Authority (ADGM RA) as evidence to showcase that DNFBPs have implemented AML/CFT Policies and Procedures in alignment with ADGM AML Rules.
  • Checklist – Appointment of MLRO ADGM RA has published MLRO appointment checklist to enable regulated entities to ensure that they appoint a suitable MLRO by verifying the qualifications, experience, eligibility and independence of the candidate. It also helps ensure that all required documents and information are collected and submitted to the FSRA for approval of the MLRO appointment.  Lastly, the checklist helps regulated entities demonstrate that they have conducted adequate due diligence and governance checks prior to the appointment of an MLRO.
  • 2024 DNFBP Common Findings Report The report gives out common findings identified by the RA during onsite assessments of DNFBPs, especially recurring observations across the majority of the firms.
  • ADGM Financial Crime Report 2021-2022 Elaborates how FSRA supports its objectives of prevention of financial crime and aligns with UAE’s national AML/TFS agenda through RA and the Financial and Cyber-Crime Prevention unit (FCCP).

 

AML/CFT/CPF Legal Framework for Dubai International Financial Centre (DIFC)

AML/CFT/CPF Legal Framework for Dubai International Financial Centre (DIFC)
Supervisory Authority: 

The Dubai Financial Services Authority (DFSA) is the licensing and AML supervisory authority for entities operating in or from DIFC, regardless of their nature of activities, whether as a DNFBP, VASP, or a company carrying out financial activities.

AML/CFT/CPF Laws, Regulations and Guidance Applicable to DIFC
DIFC AML/CFT/CPF Legal Framework and Key Deviations from the Federal AML Law:

The definition of DNFBP is different from what is provided under the federal AML law, bringing in more non-financial activities under the AML regime. The entities conducting the following activities are considered DNFBP in DIFC:

  • a real-estate developer or agency which carries out transactions with a customer involving the buying or selling of real property,
  • a dealer in precious metals or precious stones which carries out any single cash transaction or several transactions that appear to be connected and the value of which is equal to or greater than USD 15,000,
  • a person who issues, or provides services relating to Non-Fungible Tokens or Utility Tokens (with certain exceptions),
  • a law firm, notary firm, or other independent legal business,
  • an accounting firm, audit firm or insolvency firm, and
  • a company service provider.
DIFC-Specific AML/CFT/CPF Laws, Regulations and Guidance

Compliance with the rulebook below is mandatory for DFSA-regulated entities, in addition to federal decree laws, implementing regulations, and cabinet decisions.

  • DIFC Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Rulebook The rulebook provides for the key AML/CFT obligations of a regulated entity operating in or from DIFC, guiding them in adequately identifying and mitigating the financial crime risks. The Dubai Financial Services Authority (DFSA) systematically updates its Anti-Money Laundering, Counter-Terrorist Financing and Sanctions (AML) Module to respond to emerging ML/FT and PF risks, technological advancements and shifts in UAE legislation by publishing Rule-Making Instruments (RMIs). The RMIs published from 2024 to date (March 2026) are intended to showcase the trajectory of the DFSA AML regime.

AML/CFT/CPF Legal Framework for Banks and Financial Institutions Supervised by CBUAE

Entities within the UAE’s financial sector operate under a stringent AML/CFT regime supervised primarily by the Central Bank of the UAE (CBUAE) and other specialised authorities like the Capital Market Authority (CMA). Compliance obligations extend across banking, insurance, capital markets, and payment services, and other financial activities, with sector-specific regulations supplementing the federal AML/CFT framework.

All banks and financial institutions have to adhere to:

AML/CFT/CPF Legal Framework for Banks and Financial Institutions Supervised by CBUAE

Along with the above-referred federal decree laws and implementing regulations, and cabinet decisions, the financial institutions shall be subject to the following guiding publications by the relevant supervisory authorities:

AML/CFT/CPF Legal Framework for Insurance Sector (Insurance companies, insurance agents/brokers)

AML/CFT/CPF Legal Framework for Insurance Sector (Insurance companies, insurance agents/brokers)
Supervisory Authority: 

CBUAE is the supervisory authority overseeing the effective implementation of AML/CFT regulations by insurance and reinsurance companies, as well as insurance brokers/agents.

AML/CFT/CPF Laws, Regulations and Guidance Applicable to the Insurance Sector
Insurance Sector-Specific AML/CFT/CPF Guidance

Additionally, the adherence to the following regulatory documents is also mandatory:

  • CBUAE AML/CFT Guidance for the Insurance Sector – October 2022
    The guidance focuses on the AML/CFT obligations of the entities engaged in insurance activities. It helps entities understand the potential exposure to financial crime and the mitigation measures required to safeguard the insurance sector and remain compliant with the regulatory regime.

AML/CFT/CPF Legal Framework for Registered Hawala Providers

AML/CFT/CPF Legal Framework for Registered Hawala Providers
Supervisory Authority: 

CBUAE is the supervisory authority overseeing the effective implementation of AML/CFT regulations by registered hawala providers.

AML/CFT/CPF Laws, Regulations and Guidance Applicable to the Registered Hawala Providers
Registered Hawala Providers Sector-Specific AML/CFT/CPF Guidance

Additionally, the adherence to the following is also mandatory for the registered hawala providers:

CBUAE AML/CFT Guidance for registered Hawala providers and Licensed Financial Institutions providing services to Registered Hawala Providers – August 2021

The guidance focuses on registered hawala providers’ AML/CFT obligations, including registration requirements, developing their AML/CFT program, and the AML reporting mandate.

AML/CFT/CPF Legal Framework for Exchange Houses

AML/CFT/CPF Legal Framework for Exchange Houses
Supervisory Authority: 

CBUAE is the AML supervisory authority for the exchange houses operating in the UAE.

AML/CFT/CPF Laws, Regulations and Guidance Applicable to the Exchange Houses
Exchange Houses Sector-Specific AML/CFT/CPF Guidance

Additionally, the exchange houses must comply with the following:

AML/CFT/CPF Legal Framework for Securities, Commodities and Capital Markets

Supervisory Authority: 

The Capital Market Authority (CMA) of the UAE is the licensing and AML supervisory authority for entities engaged in capital market operations across the entire UAE (except the financial free zones).

AML/CFT/CPF Laws, Regulations and Guidance Applicable to CMA-Regulated Entities
CMA-Specific AML/CFT/CPF Guidance

Along with the above-referred federal decree laws and implementing regulations, and cabinet decisions, the capital market players are required to adhere to the following rulebook, guidance documents, etc., issued by the CMA:

  • Circular on CMA’s Examination Observation Report
    The report highlights shortcomings across the sector related to ML/FT and defines expectations for regulated entities to take robust measures to ensure that the developed AML/CFT and sanctions compliance program is aligned with the business risk.
  • CMA Questions and Answers – NRA
    The CMA issued the FAQs in line with the latest NRA, setting out the CMA’s expectations of regulated entities to update their EWRA and align it with the outcome of the latest ML/FT NRA.
History:

Earlier, the AML/CFT guidance for the CMA-regulated entities was driven through the CMA Board Chairman’s Decision No. (21/Chairman) of 2019, which documented the AML/CFT procedures

UAE’s Strategic Goals related to AML/CFT

First, let’s understand the UAE’s strategic goals related to AML and CFT.

UAE’s 12 Strategic Goals 

Strategic Goal 1: Continue deepening the understanding of risk.

Strategic Goal 2: Increase the standing of the FIU within the UAE’s national AML/CFT framework.

Strategic Goal 3: Improve law enforcement authorities’ efforts in detecting and investigating money laundering (ML).

Strategic Goal 4: Use provisional and confiscation measures more frequently and effectively.

Strategic Goal 5: Adjudicate and prosecute ML effectively and apply proportionate and effective sanctions.

Strategic Goal 6: Improve the effectiveness of regulatory and supervisory efforts for financial institutions and designated non-financial and business and professions, prioritising higher-risk sectors and taking dissuasive enforcement actions.

Strategic Goal 7: More vigorously identify and intercept unlicensed money remittance services.

Strategic Goal 8: Enhance implementation of targeted financial sanctions without delay.

Strategic Goal 9: Align company registration frameworks across the UAE.

Strategic Goal 10: Strengthen the level of assistance the UAE provides to its International Partners

Strategic Goal 11: Continue to effectively investigate, prosecute and convict TF offences

Strategic Goal 12: Continue to modernise the UAE’s legal framework.

UAE's 12 Strategic goals related to AML and CFT

AML/CFT Governance & Coordination Structure in UAE

The UAE operates a centralised and multi-layered AML/CFT/CPF governance structure as given below, ensuring strategic oversight, regulatory coordination, and operational execution across all sectors.

1. Supreme Committee for AML/CFT/CPF

It serves as the apex national authority for AML/CFT/CPF and is responsible for setting strategic priorities and the national policy roadmap.

2. National Committee (NAMLCFTC)

It functions as the central coordination body for AML/CFT implementation, driving national strategy, ensuring regulatory alignment, facilitating coordination between the concerned authorities, and representing the UAE at the international level.

3. General Secretariat of NAMLCFTC

The General Secretariat, formerly the Executive Office for AML/CTF, now acts as the operational engine of the national AML framework by facilitating execution, monitoring and inter-agency coordination.

4. Sub-Committees under NAMLCFTC

  • Supervisory Authorities Sub Committee: it ensures supervision across all regulated sectors.
  • Investigative Authorities Sub Committee: it coordinates law enforcement and prosecution efforts.
  • National Risk Assessment (NRA) Sub Committee: it leads the assessment of national ML/TF risks.
  • Terrorism Financing (TF) Sub Committee: it focuses specifically on terrorism-financing threats, typologies, and mitigation measures.
  • Technical Compliance Sub Committee: it examines the legal and regulatory framework, ensuring alignment with FATF requirements and addressing technical compliance gaps.
  • Companies Registrar Sub Committee: it strengthens corporate transparency by overseeing beneficial ownership frameworks and coordinating the national company registry ecosystem.
  • International Cooperation Sub Committee: it manages the UAE’s engagement with FATF and other international bodies, facilitating cross-border collaboration and information exchange.
  • Public–Private Partnership (PPP) Sub Committee: it supports structured engagement between government and the private sector, encouraging information-sharing, and implements strategies for public-private sector collaboration.

What is NAMLCFTC and Its Mandate in UAE?

The National Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations Committee (NAMLCFTC) is the UAE’s primary policy-making body for combating money laundering, terrorism financing, and proliferation financing.

Legal Basis: Established under Federal Law No. 4 of 2002 (Articles 9 and 10), with expanded mandate under Federal Decree-Law No. 20 of 2018 and continuing under Federal Decree-Law No. 10 of 2025.

Key Mandates:

  • Develops the national AML/CTF strategy, proposes policies, regulations and procedures in coordination with competent authorities, and monitors their implementation.
  • Assesses and determines national ML/TF risks.
  • Identifies high-risk countries, evaluates jurisdictions with weak AML/CTF controls, determines required countermeasures, and instructs supervisory bodies to enforce enhanced due diligence on FIs, DNFBPs, VASPs and NPOs where needed.
  • Facilitates information-sharing and coordination among all represented government and supervisory entities.
  • Collects and analyses statistics and data from competent authorities to evaluate the effectiveness of AML/CTF measures and regulatory outcomes.
  • Represents the UAE internationally in matters related to AML/CTF.
  • Proposes internal regulations for the functioning of the Committee and submits them to the Minister of Finance.
  • Handles any additional AML/CTF matters referred to it under law or by competent authorities.

Common AML compliance mistakes we see in UAE entities

Even well-intentioned organisations fail AML inspections due to avoidable gaps.

Common issues include:

  1. Weak customer risk assessment methodology with no supporting rationale

  2. Beneficial ownership not verified or evidence not retained

  3. Screening done only at onboarding, not ongoing

  4. STR decisions made informally, with no documented reasoning

  5. No clear audit trail for alerts, investigations, or match clearance

  6. Policies copied from templates that do not match business activities

  7. Inadequate staff training, especially for frontline teams

A good AML programme is not only about having documents. It is about proving implementation through records, controls, and consistency.

Key Takeaways: 5 things regulated entities must do

If your business is regulated in the UAE, your AML/CFT programme should, at a minimum, cover:

  1. Risk Assessment: maintain an Enterprise-Wide Risk Assessment (EWRA) and Customer Risk Assessment (CRA)
  2. Customer Due Diligence (CDD): verify identity, beneficial ownership, and purpose of relationship
  3. Screening: conduct sanctions and terrorism financing screening at onboarding and on an ongoing basis

  4. Monitoring and Reporting: detect suspicious activity and file STRs/SARs via the UAE FIU goAML portal

  5. Governance: appoint an MLRO/Compliance Officer, ensure staff training, record-keeping, and an independent AML audit

UAE AML Regulations: A Core Compliance Checklist

Here is the checklist of the core AML/CFT obligations entrusted upon the DNFBPs by the UAE AML Laws: 

  • Have you registered yourself with goAML Portal? 
  • Do you have a competent AML/CFT Compliance Officer to manage your AML compliance? 
  • Have you identified and assessed your business’s exposure to ML/FT risks? 
  • Are your AML/CFT policies, procedures, and controls effective and aligned with AML/CFT laws and Enterprise Wide Risk Assessment (EWRA)? 
  • Is your Customer Due Diligence process well-defined? 
  • Is your implementation of Targeted Financial Sanctions (TFS) effective? 
  • Have you assessed your customers’ risk, considering relevant ML/FT risk factors? 
  • What Enhanced Due Diligence measures do you apply? 
  • Do you have a set process for identifying and reporting Suspicious Transactions and other relevant reports on the goAML Portal? 
  • Do you retain all your AML/CFT records for at least 5 years? 

Need Help Implementing AML Compliance in the UAE?

Understanding AML laws is important, but implementation is what regulators assess.

If you need professional support with:

You can reach out to AML UAE for practical, regulator-aligned assistance.

Download a guide to Anti Money Laundering AML Laws in UAE

Share via :

We help you prepare and implement

a robust Anti-Money Laundering Program.

Contact Us Now

FAQs About UAE AML Law

What is AML compliance, and why is it important in the UAE?

Anti-Money Laundering (AML) refers to laws and regulations designed to detect, prevent, and report disguising of illicit funds. In the UAE, AML compliance is critical for maintaining financial integrity, national security, and ensuring compliance with international standards set by the FATF.

All the financial institutions, DNFPBs, VASPs, Gaming Operators, Non-Profit Organisations, and other Regulated Entities must follow AML laws in the UAE.

The core framework is built on Federal Decree Law 10 of 2025 and its Executive regulations under Cabinet Decision No. 134 of 2025, supported by regulatory guidance, directives, and circulars issued by supervisory authorities, including those related to reporting obligations, sanctions compliance and other sector-specific requirements.

goAML is the official platform for submitting Suspicious Transaction Reports (STRs), Suspicious Activity Reports (SARs), and other AML filings to the UAE’s FIU.

The registration process involves first registering through the FIU’s SACM system to obtain access credentials, followed by completing the entity profile on the goAML portal and appointing a Compliance Officer. Reporting access is granted only after FIU approval of both steps.

CDD is required at customer onboarding, before establishing a business relationship, when conducting transactions above specified thresholds (e.g., AED 55,000), and whenever suspicion arises, regardless of the amount.

CDD may also be required post-transaction if red flags emerge or inconsistencies are identified after the transaction has taken place.

Non-compliance can lead to financial penalties, license suspension, criminal prosecution, business restrictions, asset freezing and reputational damage.

Criminals often use high-value assets like real estate and luxury goods to launder money. Regulating these sectors ensures that illicit funds cannot be easily integrated into the economy through property or valuable commodities.

Under the Federal decree Law 10 of 2025, it is defined as an act involving the transfer, conversion, or concealment of proceeds from a predicate crime (e.g., fraud, corruption) with the intent to disguise its illicit origin, or assisting another person in doing so.

Supervision and enforcement are led by UAE authorities such as the Central Bank, Ministry of Economy and Tourism, Ministry of Justice, Securities & Commodities Authority, Financial Free Zone Regulators (FSRA and DFSA), Free Zone Regulators, General Commercial Gaming Regulatory Authority, and the UAE FIU.

Banks, exchange houses, investment firms, insurers, VASPs, DPMS, auditors and accountants, lawyers, corporate service providers, real-estate brokers, and gaming operators are subject to AML supervision.

Entities must apply CDD/EDD, conduct ongoing monitoring, screen against sanction lists, maintain records for at least five years, and report suspicious activity through goAML while ensuring strong internal policies and risk-based controls.

The primary legal framework for AML/CFT in the UAE is now governed by Federal Decree Law No. 10 of 2025, which replaces the earlier Federal Decree Law No. 20 of 2018. The implementing regulation is set by Cabinet Decision No. 134 of 2025, which has become effective from 14 December 2025, superseding Cabinet Decision No. 10 of 2019.

Money laundering in the UAE carries severe penalties under Federal Decree-Law No. (10) of 2025:

  • Imprisonment: Up to 10 years (life imprisonment in aggravated cases)
  • Individual fines: AED 100,000 to AED 500,000
  • Corporate fines: Up to AED 100 million
  • Additional consequences: Asset confiscation and potential deportation for non-nationals

The UAE’s AML framework is led by Federal Decree Law No. (10) of 2025, supported by Cabinet Resolution No. (134) of 2025, along with sector-based supervisory guidance and compliance requirements.

Yes. DNFBPs such as jewellery traders, real estate brokers, auditors, accountants, TCSPs, commercial gaming operators, and legal professionals must comply with UAE AML obligations based on their regulated status and activities.

Yes. Entities in DIFC and ADGM are required to follow UAE federal AML laws and may also be subject to additional rulebooks and supervisory expectations issued by DFSA and FSRA.

The UAE AML framework aims to prevent and detect money laundering, terrorism financing, and proliferation financing by enforcing strong customer due diligence, monitoring, and reporting systems.

goAML is the UAE FIU’s reporting portal where regulated entities submit suspicious transaction reports and maintain reporting compliance. It plays a central role in enforcement readiness and regulatory supervision.

Penalties may include financial fines, restrictions, licence actions, and regulatory enforcement measures depending on severity, control gaps, and repeat findings.

Common documents include:

  • AML/CFT policy and procedures

  • EWRA and CRA evidence

  • KYC records and risk classification

  • Screening results and clearance rationale

  • Alert investigations and STR documentation

  • Training records and audit reports

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

What is smurfing in money laundering? Smurfing technique, risks, and protective measures

What are the risk indicators related to the smurfing in money -W

Pathik Shah

Home Author Archives: Pathik Shah
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Smurfing in Money Laundering: At a glance

  • Smurfing in money laundering refers to a technique where criminals split large sums of illicit proceeds into multiple small transactions to avoid AML reporting thresholds and detection by regulators.
  • In anti-money laundering (AML) compliance, smurfing is considered a structuring technique used to bypass regulatory reporting thresholds and alerts and conceal the source of illegally obtained funds.
  • Smurfing occurs at the placement stage of money laundering where criminals introduce illicit proceeds into the financial system through multiple deposits, transfers, or cash transactions.
  • A common smurfing example in AML involves multiple individuals depositing cash amounts below the reporting limit across different bank branches or cash deposit kiosks.
  • Financial institutions detect smurfing using AML smurfing detection methods, such as transaction monitoring systems and AI-based analytics, to identify suspicious transaction patterns.
  • Common smurfing redflags in AML include frequent deposits just below reporting thresholds, transactions inconsistent with customer profiles, and multiple depositors using the same beneficiary account.
  • Understanding structuring vs smurfing in money laundering helps compliance teams detect complex schemes, including variations such as cuckoo smurfing.

Smurfing in money laundering is a method commonly used by criminals to inject illicit proceeds into the legitimate financial system by breaking down large amounts of money into multiple small transactions to avoid AML reporting thresholds and detection. It is also known as structuring and commonly takes place during the “placement” stage of money laundering.

This article provides insights into identifying smurfing instances and how financial institutions can safeguard themselves against them and prevent the same.

What is Smurfing in Money Laundering?

Smurfing means breaking down large amounts of cash into smaller amounts deposited with financial institutions to avoid detection and reporting thresholds. Owing to its characteristics of manipulating the transaction values, the technique is also known as “Structuring.”

However, smurfing is more complex than the conventional way of structuring a transaction where in a single individual is involved. In contrast, in the case of Smurfing, more than one individual is involved.
One of the widely used money laundering techniques, smurfing, poses a high risk to Financial Institutions worldwide.

Laundering of illegal money using the smurfing method can be carried out by individuals or organized crime groups, which leaves devastating consequences on financial institutions and society.

What Stage of Money Laundering Does Smurfing Usually Occur?

Smurfing generally occurs at the placement stage of money laundering, it is the phase where criminals introduce proceeds of crime into the financial system to disguise illicit origins of funds and make them appear as legitimate income or profits, ready for further use.

At this stage, criminals use multiple deposits through multiple people and accounts to place illegally obtained money into banks without triggering AML monitoring alerts.

Smurfing vs Structuring in Money Laundering

The difference between smurfing and structuring is simplified in this table:

Differentiating Factors

Smurfing

Structuring

Definition

Relying on multiple individuals to carry out multiple transactions.

Relying on breaking transactions into smaller amounts.

Participants

Usually involves multiple people, known as “smurfs”.

Often carried out by a single person.

Purpose

To avoid AML detection and subsequent due diligence measures.

To avoid reporting thresholds from being triggered, which invite deeper scrutiny into transactions.

Example of Smurfing in Money Laundering

To illustrate how smurfing actually takes place, we can refer to this example. For instance, a criminal attempts to deposit $90,000 in illicit cash to his bank account, but doing so at one go would trigger reporting and enhanced diligence thresholds at the bank. Instead of depositing at one go, they divide the money into multiple small deposits of $3000 or less, and ask members of his criminal syndicate to deposit the same to his account at different branch locations.

By structuring the deposit below reporting and due diligence thresholds, the criminal attempts to avoid AML monitoring and suspicious transaction reporting, as well as internal controls such as enhanced due diligence (if put in place by the bank according to applicable thresholds and their risk appetite).

Before discussing how to prevent smurfing, it is important to understand what it is and how it affects financial institutions. 

What is smurfing in financial institutions?

Smurfing involves splitting a large sum of cash into smaller amounts of multiple transactions below the AML reporting threshold to avoid the applicability of AML measures and detection by financial institutions and regulatory authorities. 

Smurfing is often used to facilitate the placement of illegal funds into the valid financial system of the economy. 

How does smurfing affect financial institutions?

As smurfing is used to launder funds by facilitating the entry of proceeds of criminal activities into financial institutions, it is a significant risk to the security and integrity of the financial institution. When financial institutions allow criminals to use the smurfing technique, knowingly or unknowingly, the financial institutions face legal consequences for aiding in money laundering activities and the breach of regulatory obligation of reporting the money laundering-related suspicious activities. Further, smurfing damages the reputation of financial institutions and adversely impacts public trust. 

Thus, to avoid the loss of public trust and heavy fines for AML non-compliance, it is pertinent that the financial institutions design and implement robust procedures and controls to identify, report and prevent exploitation by smurfing.

Common Smurfing Techniques Used in Money Laundering

Criminals may use multiple methods to conduct smurfing transactions, such as:

  • Making deposits across different bank branches and deposit kiosks.
  • Making multiple small cash deposits below reporting thresholds
  • Using multiple people “smurfs”
  • Transferring funds through multiple bank accounts
  • Structuring electronic payments and wire transfers through multiple bank accounts.
How to prevent smurfing technique of money laundering

Cuckoo Smurfing in Money Laundering

One of the popular methods of money laundering is Cuckoo Smurfing. Let’s understand what Cuckoo Smurfing is, what are the elements of Cuckoo Smurfing, the Step-by-step process of Cuckoo Smurfing, and Cuckoo Smurfing indicators.

What is the Cuckoo Smurfing method in money laundering?

Cuckoo Smurfing is a money laundering method where criminals target bank accounts of legitimate customers expecting to receive funds from overseas. They split large transactions into smaller amounts of less than the regulatory threshold to avoid reporting to the FIU. Cuckoo smurfing is the comingling of criminals with money transfer agents to disguise the illicit proceeds and make them look like they have come from a legitimate source. This method is called Cuckoo Smurfing because it is like how Cuckoos lay their eggs in the nests of other species of birds and make them believe it’s their own. Here, the person receiving the funds is unaware that they are proceeds of crime and the source does not belong to them.

What are the elements of the Cuckoo Smurfing method of money laundering?

Here are the common elements of Cuckoo Smurfing in Money Laundering:

  • No physical transfer:- There is no physical transfer of funds in cross-border transactions.
  • Structuring:- Large amounts of funds are split into smaller amounts to avoid reporting thresholds.
  • Involvement of Smurfs:- Multiple Smurfs deposit cash into the bank account of a legitimate customer.
  • Cross-border transaction:- Cross-border transactions wherein the transferor and the beneficiary are located in two different countries.
  • Illicit Money:- Cuckoo smurfing involves cash derived from illegal activities.

Cuckoo Smurfing Methodology: Step-by-step

Overseas Transferor

  1. Overseas transferor wants to make a cross-border money transfer, and he deposits funds with a remitter
  2. The remitter does not transfer funds to the cross-border beneficiary
  3. The remitter asks a professional money laundering syndicate in the beneficiary’s country to deposit cash in the beneficiary’s bank account
  4. Once the cash is deposited into the Beneficiary’s account, the funds are transferred by the remitter to the money laundering syndicate

Beneficiary

  1. Professional money laundering syndicate deposits cash into the beneficiary’s bank account in small amounts to avoid reporting threshold (Structuring)
  2. Beneficiary thinks funds have legitimately arrived from the overseas transferor (Cuckoo’s Nest)

Red flags indicating Cuckoo Smurfing

Reporting entities are under legal obligations to maintain red flags indicating suspicious transactions and activities and submit a Suspicious Activity Report or Suspicious Transaction Report in case of suspicion. Here are some red flags that indicate cuckoo smurfing:

1. Cuckoo Smurfing: Demographic Red Flags

  • Cash Deposits across multiple bank branches and ATMs on the same day.
  • Cash Deposits from a different location than the home location of the beneficiary
  • Multiple cash deposits in quick succession at the same location
  • Cash deposits in the bank branch and ATMs
  • Cash deposits at remote ATMs with less surveillance

2. Cuckoo Smurfing: Account Indicators

  • The beneficiary is an unemployed person, a student, or a retired person
  • Multiple cash deposits in quick succession
  • Multiple cash deposits for an amount less than the reporting threshold
  • Cash deposits not matching the customer’s profile
  • Cash deposits via ATMs using a single card favouring multiple beneficiaries
  • Cash deposit into a beneficiary’s account matching with an international fund transfer instruction

3. Cuckoo Smurfing:

  • Depositor Indicators
  • Cash deposits into multiple beneficiary accounts by the same person
  • Depositor initiating cash deposits into a beneficiary account from a distant location
  • Multiple depositors using the same beneficiary details and making frequent cash deposits
  • The depositor’s name appears to be fictitious

How to detect Cuckoo smurfing?

How to detect Cuckoo smurfing?

1. Check if there’s a relationship between the depositor and the beneficiary
2. Check if the beneficiary is aware of the cash deposits made into his account
3. Check if the beneficiary is aware of the fund transfer from the overseas account
4. Check with the remitter for the source of funds
5. Check video footage to identify suspicious third-party depositors

How can entities protect themselves from Cuckoo Smurfing?

Business entities can protect themselves from cuckoo smurfing by utilising the services of legitimate financial institutions and money exchange houses. Further, they should monitor their bank account for suspicious bank deposits.

What are the regulatory measures against smurfing in money laundering?

The AML regulatory framework is important to detect and prevent money laundering through smurfing. Financial institutions must understand the risk associated with smurfing and, accordingly, implement the guidelines in the regulations to prevent financial crimes and stay compliant. 

Anti-Money Laundering Regulations against smurfing

Since smurfing is associated with money laundering typologies, the AML regulations in UAE provide for adopting strong and comprehensive AML procedures, controls, and systems to identify and prevent money laundering activities, including laundering through the smurfing method.  

The AML regulations in UAE mandate that financial institutions assess the money laundering risk, including the risk posed by smurfing. Further, the financial institutions must develop and implement a robust AML framework, including policies for performing customer due diligence and regularly monitoring transactions to identify suspicious activities and transactions contrary to the customer profile.  

Financial institutions may implement solid transaction monitoring programs to identify the smurfing instances, using advanced algorithms or Artificial Intelligence to identify unusual patterns or suspicious activity. These systems should be able to trigger transactions inconsistent with a customer’s known financial behaviour. Further, the financial institutions should also conduct periodic reviews of customer due diligence files to identify any update to the customer information or risk assessment of the customers that may be considered suspicious. 

AML Compliance Requirements

Know Your Customer (KYC) and Customer Due Diligence (CDD) Policies against Smurfing

KYC policies include identifying the customer and verifying their identities to ensure that the customer the financial institutions are dealing with is legitimate and has no criminal history or active connection. Financial institutions can reduce the risk of enabling smurfing activities through their activities by implementing an effective KYC process. Please note that KYC is one of the starting measures to identify and prevent smurfing, but it is not sole-sufficient. 

Financial institutions should implement additional Customer Due Diligence measures in case of high-risk customers or where any suspicion has been observed. These additional checks to verify the legitimacy of customer transactions may include understanding the purpose of the transaction, the customer’s source of funds and wealth, etc. 

Know Your Customer - KYC Requirements under AML regulations in UAE

Reporting suspicious activities to UAE’s Financial Intelligence Unit (FIU)

UAE AML regulations mandate that financial institutions identify and report any suspicious activity to FIU by filing a Suspicious Transaction Report (STR) or Suspicious Activity Report (SAR) 

Financial institutions must comply with the regulatory framework and implement the necessary controls and systems to detect and prevent smurfing. 

Difference between suspicious activity and suspicious transaction

What are the risk indicators related to the smurfing in money laundering?

What are the risk indicators related to the smurfing in money -W

Here is a list of potential red flags that the financial institutions must be cautious of, suggesting possible involvement of smurfing:  

  • Multiple small cash deposits a person or group makes into the same account but through different branches. 
  • Regular deposits or withdrawals in amounts exactly matching the AML Compliance cut-off. 
  • Transactions not matching the customer’s usual patterns, such as sudden large cash deposits or frequent transfers to offshore accounts unrelated to the customer or its business. 
  • A customer opening multiple accounts with little to no activity to distribute the funds. 
  • Frequent funds transfers between multiple accounts, specifically to high-risk jurisdictions. 
  • Unnecessary involvement of intermediaries to facilitate transactions without any business sense. 

Our timely and accurate AML consulting services

For your smooth journey towards your goals

Contact Us Now

What measures should a Financial Institution adopt to prevent smurfing in money laundering?

What measures should a Financial Institution adopt to..-W

Implementing effective internal controls

Financial institutions must develop and implement internal solid AML policies, procedures, and controls to detect and prevent smurfing timely. The key AML measures to prevent smurfing are:

Employee training and awareness

Awareness among financial institutions’ employees is crucial to identifying smurfing-related red flags. Employees must be trained to understand the risks associated with smurfing, identify smurfing activities attempted through the financial institution, and report suspicious activities. 

Employees must be trained in-house by the Compliance Officer, or some third-party expert can be hired to impart the training. The training program should include discussion around risk indicators and case studies based on actual real-life scenarios. Case studies can help employees better understand the technique and related red flags. This helps the employees correlate the training with on-job activities and, thus, helps employees understand their roles and responsibilities in preventing smurfing. 

Another important aspect of employee training is ensuring employees stay updated with regulatory amendments and evolving ML typologies, including smurfing methods. Thus, ongoing training of the employees must be ensured through periodic sessions (refreshers course), internal circulars, etc. 

Designing a comprehensive AML Training Program

Ongoing Monitoring Systems 

Real-time or Ongoing Monitoring systems help financial institutions detect unusual transactions or suspicious activities. These systems should be based on robust logic and monitoring rules, suggested being fully automated, and intelligent data analytics should be used to ensure their relevance and effectiveness. 

Using Artificial Intelligence (AI) can help financial institutions identify inconsistent patterns or trends in large datasets considering the past records, overall business risk, and the customer risk profile, suggesting potential risk indicators. AI can also help financial institutions detect new techniques that criminals may use for laundering illegal money. 

Another important aspect of monitoring transactions to identify suspicious activities is to use reliable and independent data sources, such as watchlists and adverse media, to support the internal alerts generated during ongoing monitoring. 

Risk assessment and management 

To effectively manage the risk, financial institutions must first identify the risk exposure, specifically the vulnerabilities to smurfing. A periodic Enterprise-Wide Risk Assessment must be conducted, and basis the risk assessed, the necessary risk mitigation measures must be deployed. 

Moving one step ahead, the finical institutions must also assess the risk each customer poses to the business – customer risk profiling must be conducted using risk scoring models. Considering each customer’s risk profile, the monitoring program can be designed and applied, i.e., high-risk customers should be subject to frequent and increased monitoring. 

Designing and implementing effective internal controls is very important for a financial institution to safeguard itself against smurfing. Financial institutions can help reduce risk exposure and avoid reputational damage with adequate employee training, a strong and comprehensive monitoring program, and timely risk assessment of the business and customers. 

Enhancing customer due diligence 

Financial institutions are critical in preventing money laundering activities, especially smurfing. Financial institutions must adopt additional checks and measures while performing customer due diligence to prevent smurfing. 

Customer due diligence involves identifying the customer and verifying the customer’s identity, customer risk classification, and ongoing monitoring of the customer’s information and transactions. Financial institutions can timely identify money laundering activities by implementing effective customer due diligence processes and avoid non-compliance regulatory fines and reputational damage. 

Enhanced Due Diligence measures under UAE AML Regulations

Verifying customer identity 

Verifying customer identity is the first and most crucial step of the CDD process. Financial institutions must ensure that their customers are genuine and not associated with criminal activities. Customer identity verification includes obtaining customer identification documents such as passports, driver’s licenses, and national identity cards. Financial institutions must also conduct screening against the Sanctions List and perform background verification to ensure the legitimacy of the person and the identity documents. 

Verifying customer identity is essential for preventing money laundering activities and exposing the business to the hands of financial criminals. 

Monitoring customer transactions 

Monitoring customer transactions is another vital aspect of CDD. Financial institutions must regularly monitor customer transactions to detect and report suspicious activities such as depositing or withdrawing vast sums of cash divided into multiple small-value transactions.   

Financial institutions can use various tools and technologies to monitor customer transactions, such as transaction monitoring systems built upon AI or machine learning. These tools can analyze customer transactions in real-time and identify inconsistent customer activities. 

Identifying high-risk customers 

Identifying customers posing the business with higher risk is important to prevent smurfing. High-risk customers include persons whose transactions are inconsistent with the customer’s business activities, persons reluctant to share identity documents, individuals or businesses with active connections with high-risk countries, or politically exposed persons (PEP). 

Financial institutions must develop and implement increased checks and verification measures for high-risk customers. Enhanced Due Diligence (EDD) shall be performed, which includes obtaining information about the customer and beneficial owners’ source of funds and wealth, understanding the purpose of the transaction and business relationship, and seeking senior management approval before establishing a business relationship or conducting transactions with high-risk customers. 

EDD is one of the important measures to identify and prevent smurfing activities, using adequate customer verification processes, continuous transaction monitoring, and identifying high-risk customers, increasing the financial institution’s overall risk. 

Collaborating with regulatory authorities and other financial institutions 

Collaboration with other financial institutions and regulatory authorities is essential to prevent smurfing. This involves smooth information of information, best AML practices, conducting joint investigations, and developing industry-wide control standards. 

Sharing relevant information and best practices to prevent smurfing 

Financial institutions must share information and best practices to identify and prevent smurfing activities. This includes sharing information about known smurfing syndicates, account numbers, and techniques and collaborating on research and development of effective solutions to identify and reduce the impact of smurfing activities. 

Financial institutions can also share the best practices for identifying and reporting suspicious activity related to smurfing to the FIU. 

Joint investigations and operations 

Joint investigations can help to identify and prosecute the individuals and groups involved in smurfing activities. Financial institutions should collaborate with regulatory authorities and other financial institutions to facilitate these investigations, such as providing corroborative evidence to support investigations. 

Developing the best industry-wide standards 

Collaboration and cooperation between financial institutions are necessary to implement industry-wide best measures and standards to identify and prevent smurfing. This includes developing standard operating procedures, AML framework, and aligning AML regulatory requirements. 

Collaboration between financial institutions and regulatory authorities aids in combating smurfing activities. Financial institutions can reduce the impact of smurfing and safeguard the financial system by sharing information on already proven smurfing elements, supporting investigations, and developing the best industry-wide standards. 

Leveraging technology to fight smurfing 

Smurfing is a common technique used to launder illegal money, given its simple nature of breaking large values into smaller amounts to surpass the AML threshold. Here, financial institutions can deploy technology to detect and prevent smurfing activities. 

Advanced technologies like Artificial Intelligence (AI) and Machine Learning (ML) can help understand the trends and track customer behaviour to identify smurfing activities. AI and ML algorithms can analyze the massive volume of transactions and customer information to identify unusual or inconsistent activities. 

Even emerging technologies – Blockchain and Distributed Ledger Technology (DLT) can also provide a secure transactional trail, reducing the risk of manipulating or structuring the transactions, thus reducing the risk of smurfing activities. By leveraging blockchain and DLT, financial institutions can create a transparent and immutable transactional record, making it difficult for criminals to disguise or conceal their activities or conduit financial crime. 

The other technologies that can significantly assist financial institutions in combating smurfing are advanced analytics and data mining that can identify unusual patterns of transactions indicating the possibility of smurfing or other money laundering activities. 

Financial institutions can prevent smurfing activities with the right technology and AML solution. With AI and ML, blockchain and DLT, and advanced analytics and data mining, financial institutions can up their AML compliance and safeguard their operations from the risk of smurfing. 

How can AML UAE assist financial institutions in developing a robust AML framework to prevent smurfing?

AML UAE is an AML consultancy service provider offering end-to-end AML support to financial institutions, Virtual Asset Service Providers (VASPs), and Designated Non-Financial Businesses and Professions (DNFBPs). AML UAE can assist financial institutions in designing robust AML/CFT policies and procedures, implementing adequate internal controls, enhancing the Customer Due Diligence framework, and training employees to stay vigilant in detecting smurfing instances. 

Financial institutions must identify, report, and timely prevent smurfing activities. AML UAE assists financial institutions in identifying the right technology and AML tool to identify the unusual activities suggesting smurfing. 

Frequently Asked Questions on Smurfing in Money Laundering

What is smurfing in money laundering terms

Smurfing refers to breaking down a large amount of illicit proceeds into smaller deposits or transfers to avoid AML reporting thresholds and detection by authorities.

Smurfing, in the context of money laundering, is a technique used by criminals to distribute large amounts of illicit proceeds through smaller transactions to avoid triggering AML reporting thresholds. These transactions are often carried out through different individuals, accounts, and at different locations to make funds appear legitimate.

Smurfing is a money laundering technique that includes breaking down a large amount of proceeds of crime into smaller amounts for depositing and transferring. Smurfing transactions are usually carried out by multiple individuals or through several bank accounts to avoid regulatory scrutiny and prevent financial institutions from detecting suspicious transactions indicating criminal activity.

Smurfing usually occurs in money laundering at the placement stage. At this stage, criminals make attempts to introduce proceeds of crime into the financial system by depositing or transferring smaller amounts of funds to avoid reporting thresholds and monitoring systems.

Cuckoo Smurfing is a type of smurfing technique where criminals deposit structured cash into a bank account of an unsuspecting person expecting an international transfer. The funds appear to be legitimate to the recipient, while the criminal network settles the actual payment sepa

In anti-money laundering, smurfing is a technique, often misused by criminals, to deposit large amounts of illicit proceeds through a small number of multiple deposits, aimed to avoid triggering reporting and monitoring thresholds and introduce illicit proceeds into the legitimate financial system.

Smurfing in money laundering means dividing large amounts of illicit proceeds into smaller transactions to avoid detection by financial institutions and regulators. By spreading transactions across multiple bank accounts, individuals, and locations, criminals attempt to disguise the funds’ illegal origin.

  • Financial institutions detect smurfing using:
  • Transaction monitoring systems
  • Behavioral analytics
  • Customer due diligence (CDD)
  • Suspicious transaction reporting (STR)
  • Artificial intelligence and machine learning

Make significant progress in your fight against
financial crimes,

With the best consulting support from AML UAE.

Contact Us Now

Share via :

About the Author

Linkedin-in

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Dealers in Precious Metals and Stones Report (DPMSR) 

DPMSR Reporting Excellence A Best-Practice Guide for the DPMS Sector

Pathik Shah

Home Author Archives: Pathik Shah
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Dealers in Precious Metals and Stones (DPMS) operate in a sector that is highly prone to Money Laundering (ML), Terrorism Financing (TF), and Proliferation Financing (PF) activities. To address this, DPMS sector Regulated Entities must file Dealers in Precious Metals and Stones Report (DPMSR) for specified high-risk transactions.

Explore DPMSR requirements, common challenges and practical ways DPMS businesses can efficiently report DPMSR.

What is Dealers in Precious Metals and Stones Report (DPMSR)?

Dealers in Precious Metals and Stones Report (DPMSR) is a DPMS sector-specific Regulatory Report submitted for transactions that equal or exceed AED 55,000 in cash or wire transfers.

Who Needs to File DPMSR in UAE?

Dealers in Precious Metals and Stones (DPMS) in the UAE are required to file the DPMSR. This obligation arises when DPMS are involved in covered activities for Anti-Money Laundering (AML), Counter-Financing of Terrorism and Counter Proliferation Financing (CPF) compliance as specified in Article 3 of Cabinet Decision No. (134) of 2025.

When to File a DPMSR?

DPMS sector must submit DPMSR when they are involved in transactions that meet the following specific criteria for reporting:

  • Cash transactions amounting to AED 55,000 or more with resident individuals or non-resident individuals.
  • Cash transactions with corporate entities amounting to AED 55,000 or more.
  • Transactions with corporate entities involving international wire transfers equal to or exceeding AED 55,000
  • All international wire transfers to be reported when the amount equals to or above AED 55,000
  • Any wire transfer conducted through an exchange house, even if the transaction is within UAE.
  • Cash installment or advance payments equal to or exceeding the AED 55,000 threshold, to be reported at the time of receiving funds.
  • Unfixed gold transactions in cash equals to or exceeding AED 55,000 threshold.
  • Transaction between two free trade zone companies settling the payment in USD through international wire transfer.
  • Settlement between a free trade zone company and an onshore company (not part of the same group) in the UAE conducted via international wire transfer.

If the above criteria are satisfied, then DPMSR is filed via the goAML portal.

What Transactions are Exempt from being Reported into a DPMSR?

There are certain transactions that are exempted from being reported into DPMSR. These specific transactions are:

  • Credit card, cheque or bank transfers with individuals, irrespective of the amount.
  • Old gold exchange or old gold/jewellery exchange for new jewellery, where no cash component exceeds the threshold limit.
  • Local wire transfers or cheque transactions from a local bank within the UAE.
  • Gold to gold barter trading, where making charges are paid via cheque or wire transfer.
  • Payment towards Margin calls and loans with banks.
  • Intra-company transfers and intra-company sales or purchases in cash, even if they exceed the AED 55,000 threshold.
  • Cash making charges exceeding the threshold, provided no buying or selling of precious metals and stones is involved in that specific payment.
  • Transactions conducted via Letters of Credit issued by banks.
  • Wire transfer within the same group, such as between a mainland company and a company in a free zone.
  • Transaction between two Free Trade Zone companies, settling the payment through the bank accounts in the same bank in UAE.
  • Local USD transfers between two entities registered in UAE, using accounts at the same bank in the UAE.
  • Settlements between two onshore companies in the UAE conducted in USD through local banks.
  • Physical trade of precious metals and stones with commercial banks that are regulated and operating outside the UAE.
  • Transaction between related parties, even if one is on the mainland and the other is in Free Trade Zone, provided they use UAE bank accounts.

Legal Obligation for Filing DPMSR

Ministry of Economy’s Circular No. 08/2021 on Dealers in Precious Metals and Stones Report is the primary mandate explicitly introducing the DPMSR filing requirement for the DPMS sector in UAE. It has extensively mentioned DPMS transactions that need to be reported.

Article 3 of Cabinet Decision No. (134) of 2025, classifies Dealers in Precious Metals and Stones (DPMS) as Designated Non-Financial Businesses and Professions (DNFBPs) when they carry out single or several linked cash transactions whose value equal or exceed AED 55,000.

By virtue of it, they must comply with AML/CFT/CPF obligations mandated by UAE’s Federal AML/CFT/CPF Laws, Cabinet Decisions and other directives issued by relevant Supervisory Authorities in connection therewith.

Consequences of Failure to File DPMSR

Ministry of Economy and Tourism is a Supervisory Authority that oversees the AML/CFT/CPF compliance in the DPMS sector.

Article 17 of Federal Decree Law No. (10) OF 2025, gives power to MOET to impose severe penalties, including fines ranging from AED 10,000 to AED 5,000,000, potential suspension or revocation of their business license, restriction on business activities for non-compliance with any directives issued by them in connection with the AML/CFT/CPF compliance.

Accordingly, Dealers in Precious Metals and Stones are subject to regulatory penalties from MOET if they fail to report DPMSR when required.

Understanding DPMSR Legal Requirements Can be Complex

Want to Simplify it?

Contact Us Now

What is the Timeline for filing DPMSR on the goAML Portal?

Dealers in Precious Metals and Stones Report (DPMSR) need to be filed on the goAML portal within 2 weeks of the occurrence of a qualified transaction for DPMSR.  

Why is DPMSR Filing Necessary for the DPMS Sector?

DPMSR filing is necessary for the DPMS sector, as it is one of the most lucrative sectors for miscreants to disguise illegal money, according to MOET’s Supplemental Guidance for DPMS. This necessitates stronger regulatory oversight and transparency.

DPMS sector deals in high-value commodities such as gold, diamonds and other precious metals. The transactions pertaining to these high-value items can be misused for Money Laundering (ML), Terrorism Financing (TF), or Proliferation Financing (PF) activities.  

Specified transactions that need to be reported in DPMSR, as stated by MOET, carry a higher risk of ML/TF/PF. Reporting these transactions to the Financial Intelligence Unit (FIU) serves as a preventive compliance measure and helps authorities keep visibility over such transactions.

Common Challenges Faced by the DPMS Sector in Filing DPMSR

While filing the DPMSR, the DPMS sector often faces several problems. These common challenges include the detection of structured transactions below the reporting threshold, understanding DPMSR obligations, an unclear escalation path for reporting, problems navigating goAML, and a lack of skilled resources.

Common Challenges Faced by the DPMS Sector in Filing DPMSR

Understanding DPMSR Obligations

Many DPMS businesses struggle to determine whether a transaction meets the AED 55,000 reporting threshold, especially when payments involve mixed methods, such as partial cash and partial wire transfers.

This creates uncertainty about whether a transaction qualifies for DPMSR and when exactly the reporting is required.

Detecting Linked Transactions Below Reporting Threshold

Detecting linked transactions below the reporting threshold is another major issue for DPMS businesses. Customers may split payments into smaller amounts and make multiple purchases over a short period.

Identifying when such transactions are connected and should be treated as a single reportable transaction can be difficult without robust transaction monitoring tools.

Problems Navigating goAML

DPMSR is filed via the goAML portal; the DPMS sector often struggles to navigate this platform due to a lack of understanding of the portal and technical inabilities.  

Lack of Skilled Resources

Another major problem in submitting DPMSR is that not all DPMS businesses have dedicated compliance staff, as many of them are small enterprises with a lack of economic and human resources.

This can increase the risk of errors or missed reporting because verifying transactions and preparing accurate reports require skilled resources.

Unclear Escalation Roadmap for DPMSR

Many of the DPMS businesses have outdated or inconsistent procedures in place for escalating reportable transactions. Sometimes these procedures exist only on paper; execution is totally scattered.

This creates internal confusion about when and how to file DPMSR, leading to missed or delayed reporting.

Say Bye to DPMSR Submission Challenges!

Let Experts Help You Fix DPMSR Reporting Gaps.

Talk to Our Experts!

Step-by-Step Guide for DPMS Sector to Submit DPMSR

Accurately filing DPMSR requires a structured approach and chronological process from DPMS businesses.

The DPMSR filing process involves identifying DPMSR-specific reporting transactions, obtaining identification documents, logging into the goAML portal, selecting the DPMSR report type, entering mandatory data fields and submitting the report.  

Step-by-Step Guide for DPMS Sector to Submit DPMSR

Identifying DPMSR Specific Reporting Transaction

The first and foremost step is to determine whether the transaction meets the reporting requirements of DPMSR.

As explicitly stated by MOET, when a transaction crosses the threshold of AED 55,000 in cash or international wire transfer, the obligation to file DPMSR arises. If thresholds are met or suspected to be met collectively, the transaction qualifies for DPMSR reporting.

Obtaining Identification Documents

The next step is to obtain identification documents of the parties involved in the reportable transaction.

The following identification documents need to be collected:

  • Resident individual: obtain an Emirates ID or a passport copy
  • Non-Resident individual: valid Govt. issued ID or passport copy
  • Corporate Entities: Trade License, Emirates ID or passport copy of representative person

Accessing goAML Portal

The following step after obtaining ID documents is to log into goAML portal.

DPMS businesses can log into goAML portal with the credentials given at the time of registration. Also, goAML profile needs to be updated and current.

Selecting DPMSR from the Dropdown Menu

The next step is to select the DPMSR report type from the given dropdown menu.

After logging into goAML portal, click on the web report tab, navigate to the report type dropdown menu and select Dealers in Precious Metals and Stones Report (DPMSR) from the list of reports given.   

Entering Mandatory Data Fields

The next step for DPMS sector Regulated Entities is to enter mandatory data fields on goAML portal before submission.

Reporting Entities need to complete all fields marked with an asterisk (*) as these are mandatory for submission.

Key sections include transaction information, details of parties involved in the transaction, and the reason for reporting.

While entering these data fields, Regulated Entities should ensure that no required data is missing, as it can cause system rejection.

Submitting DPMSR

Once the mandatory data fields are filled out, the next step is to click on the submit button and complete the filing of DPMSR.

Before clicking on the submission, it is advisable to review the report for accuracy and completeness. The supporting documentation, such as ID documents, proof of address, deposit slips, and client information, is attached post-saving the report.

It should be noted that each attachment must be under 5 MB in size as a total of 20 MB is allowed per report, and attachment file names should be short and without any special characters.

Post-Filing Action

The final step following the submission of DPMSR is to retain and maintain a submission copy of DPMSR and its supporting documents for at least 5 years, subject to the obligation of record-keeping under the UAE’s AML/CFT/CPF laws.

Need Help in Navigating goAML for DPMSR Filing?

Let Our Experts Guide You to File an Accurate DPMSR

Contact Us Now!

DPMSR Reporting Excellence: A Best-Practice Guide for the DPMS Sector

Dealers in Precious Metals and Stones Report (DPMSR) is not just a generic compliance obligation, but it safeguards the financial system from any kind of potential ML/TF/PF risks arising out of high-value PMS transactions.

Regulated Entities in the DPMS sector must maintain accuracy and timeliness while filing DPMSR by adopting some of the best practices.

These best practices include leveraging advanced transaction monitoring tools, setting clear reporting triggers in policies, inculcating staff with DPMSR-specific knowledge, maintaining audit-ready documentation and establishing a transparent escalation workflow for swift filing.  

DPMSR Reporting Excellence A Best-Practice Guide for the DPMS Sector

Leverage Advanced Transaction Monitoring Tools

Regulated Entities must implement advanced transaction-monitoring tools and calibrate their rules to align with the DPMSR triggers.

Transaction monitoring tools ensure that DPMSR-specific reportable transactions are identified in real time, especially when payments are split, structured or made through different channels.

Set Clear Reporting Triggers in Policies and Procedures

DPMS sector Regulated Entities must explicitly define the obligation to file DPMSR and set clear reporting triggers for it in their internal AML/CFT/CPF policies and procedures.

Well-documented triggers remove guesswork for staff and ensure consistent reporting decisions.

Inculcate Staff with DPMSR Knowledge

Regulated Entities in the DPMS sector must inculcate DPMSR-specific training for their staff to ensure accurate filing.

Training employees on reporting thresholds, red flags and documentation requirements ensures that they understand why DPMSR is required and what transactions qualify for it.

Moreover, Reporting Entities should also train their employees on how to navigate the goAML platform, as ultimately, they must go and file the report there only.

Maintain Audit-Ready Documentation

Regulated Entities must ensure that audit-ready documentation is in place.

All transaction records, customer identification documents, invoices, and payment proofs must be organised and easily retrievable. Proper documentation supports accurate reporting and demonstrates preparedness for regulatory inspections.

Establish Transparent Escalation Workflow

Regulated Entities in the DPMS sector must establish transparent internal escalation workflows for DPMSR filing.

A clearly defined escalation procedure makes sure that reportable transactions are escalated, reviewed, filed, and submitted by the right person. This closes major reporting gaps such as inconsistencies, delays and ensures swift, efficient DPMSR reporting.

How AML UAE Supports Robust Submission of DPMSR by Mitigating Common Challenges

Despite clearly written regulatory obligations for DPMSR filing, the DPMS sector often faces several problems in executing this compliance measure.

We here at AML UAE support DPMS businesses to develop a strong AML/CFT/CPF compliance framework that resonates with regulatory expectations and DPMS sector-specific requirements. In this, we cover comprehensive solutions for efficient DPMSR filing tailored to your business.

  1. Problem: Regulated Entities often enter incorrect data fields in the goAML portal while filing DPMSR, leading to report rejection.
    Solution: AML UAE assists DPMS sector Regulated Entities in preparing, reviewing and submitting DPMSR accurately on the goAML portal through its AML Regulatory Reporting services
  2. Problem: DPMS businesses struggle to detect linked transactions that cross the threshold of AED 55,000 when multiple purchases are made by the same customer on different days.
    Solution: AML UAE supports DPMS businesses to detect linked transactions by recommending advanced tools and systems that automatically flag such related transactions through its AML Software Selection services.  
  3. Problem: DPMS staff are mostly unsure which payment types or transaction scenarios trigger DPMSR filing and often confuse it with other regulatory reports, leading to incorrect reporting.
    Solution: AML UAE’s AML Training services provide practical guidance for filing DPMSR. These training sessions are tailored to the DPMS sector, which helps teams to understand sector-specific compliance requirements and remove confusion.
  4. Problem: A lot of DPMS sector Regulated Entities maintain compliance documentation but lack alignment with written controls and actual reporting practices.
    Solution: AML UAE, through its AML Health check services, helps DPMS sector Regulated Entities to assess whether the existing framework works effectively in real operation, and through its AML Policies, Controls and Procedures Documentation services, enhances the internal AML/CFT/CPF framework as per DPMS sector-specific AML/CFT/CPF compliance requirements.

Fulfil Dealers in Precious Metals and Stones Report (DPMSR) Reporting Requirement Confidently

Meeting Dealers in Precious Metals and Stones Report (DPMSR) reporting requirement is essential for DPMS sector Regulated Entities for complete compliance with the UAE’s AML/CFT/CPF regulatory obligation.

Even small lapses in identifying reportable transactions, capturing details or filing reports in the required timeline can expose the DPMS businesses to greater ML/TF/PF risks and regulatory scrutiny.

Thus, they need to count on tailored solutions and approaches for accurately filing DPMSR. AML UAE supports DPMS businesses to simplify the complex DPMSR reporting process through its specialised services and expert team. It offers the right guidance and advice that helps entities confidently meet their regulatory obligations.

Manage DPMSR Filing with Clarity and Confidence

Full-proof DPMS Sector AML/CFT/CPF Compliance with Our Expert Support and Efficient Services

Contact Us Now

FAQs on Dealers in Precious Metals and Stones Report (DPMSR) 

What is the minimum reporting threshold for DPMSR? 

Specified transactions that equal or exceed AED 55,000 are to be reported in DPMSR on the goAML portal.

No, both B2B and B2C transactions are to be reported in DPMSR on the goAML portal if transactions exceed the specified amount. 

No, as the transaction involves the local transfer between accounts in the same bank in the UAE.

Yes, as the transaction involves an international wire transfer, the same needs to be reported.

No, the transaction does not involve an international wire transfer, and hence it need not be reported as a DPMSR on the FIU goAML portal.

Share via :

About the Author

Linkedin-in

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Beyond Thresholds: Transaction Monitoring for UAE DPMS Businesses

Risk-Based Transaction Monitoring Model for DPMS Sector

Pathik Shah

Home Author Archives: Pathik Shah

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

In AML/CFT compliance, transaction monitoring is often thought about from the angle of banks, payment firms, or wealth managers. Retail jewellery is different. If one applies standard monitoring logic without adapting it for the Dealers in Precious Metals and Stones (DPMS) sector, one risks missing the real risks or overwhelming staff with false alerts.

That is exactly why this conversation matters for the UAE.

The UAE framework now reinforces risk-based compliance obligations for obliged entities, including DNFBPs such as Dealers in Precious Metals and Stones. Federal Decree Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025 set the broader expectation for customer due diligence, ongoing monitoring, and suspicious transaction reporting through a risk-based approach. The Ministry of Economy and Tourism has provided sector guidance for DPMS, including practical risk signals and supervisory expectations.

In jewellery retail, high-ticket sales are common. However, the nature of goods significantly impacts risk. A business dealing primarily in gold bullion, coins or uncut precious stones faces a different exposure than one selling finished jewellery. A practical monitoring framework must distinguish between these product lines from the outset.

Festival and wedding cycles shift volumes and payment behaviour. Walk-in customers may buy once and never return. Family members often split consideration across multiple instruments. Cash, cards, transfers, and third-party contributions may all appear in one transaction lifecycle. None of this is automatically suspicious, but all of it can mask risk if controls are poorly designed.

The real challenge is not simply to monitor transactions. It is deciding what should genuinely raise concern in a sector where high-value transactions and fluctuating customer behaviour are part of normal business.

To achieve this, a business must understand its own sales patterns. Without analysing the same, one cannot differentiate a genuinely anomalous transaction from a routine high-value sale during a peak season.

5 Questions That Make DPMS Monitoring Actually Work

Most compliance officers from the DPMS sector ask this:

  • What threshold should we set?
  • How do we minimise false alerts?
  • Who should review alerts and when?

Those are useful operational questions, but they are not the first questions to ask. The first line of questions should be:

1. What does normal look like for this specific shop format?

A flagship store in Dubai Mall and a Dubai gold souk outlet do not have the same behavioural baseline. Their average ticket size, customer mix (tourist vs resident), and payment preferences will vary accordingly.

For instance, a flagship store may see average ticket sizes of AED 15,000–50,000 with 70% card payments, while a gold souk outlet may see AED 1,000–10,000 tickets with 60% cash.

Seasonal peaks during Diwali or Eid may triple volumes in both, but the payment mix and customer profiles differ significantly. Without mapping these baselines, compliance teams cannot distinguish genuine anomalies from normal variance.

A practical first step is to segment your business by location and customer type to establish distinct profiles.

2. Which behaviours are commercially normal but risk-relevant?

Split payments can be for customer convenience, but repeated splitting just below internal controls may indicate structuring behaviour.

The key differentiator is often the explanation. A customer who voluntarily clarifies that the payment is split because they are using funds from multiple family bank accounts for a wedding provides a lower-risk context than someone who is evasive about the same payment structure.

3. Where is the highest blind spot: onboarding, point of sale, or post-sale review?

Many firms focus heavily on onboarding and underinvest in transaction pattern analysis. Post-sale pattern analysis is where you connect individual transactions to see the full picture. A single cash purchase may seem normal, but multiple cash purchases by related parties from different branches of the same store in one week are a pattern.

4. Can sales staff identify context, not just collect documents?

Good monitoring depends on asking sensible follow-up questions, not only ticking fields. It requires practical, scripted prompts that guide a conversation without making the customer feel uncomfortable.

5. Do your alerts lead to better decisions or just bigger queues?

If 95% of alerts are closed as false positives, your rules need redesign.

Review your closed alerts on a monthly basis. If the same type of alert is consistently false, modify the rule or remove it; keep the focus on meaningful signals.

If every alert triggers a review that yields no action, staff fatigue sets in, and genuine risks may be overlooked. Monitoring quality is measured not by alert volume, but by timely decision-making and escalation.

Why does the rule only transaction monitoring fail in DPMS?

A simple threshold model sounds attractive. For example, “alert anything above X amount” or “alert any cash usage.” In DPMS, this often fails for three reasons:

  • High value is normal: Expensive items are core business, not exceptions.
  • Seasonality distorts behaviour: Festive peaks can look anomalous in static models.
  • Customer profile variety is high: Tourists, residents, family buyers, collectors, and traders can engage in very different activities.

This is why many stores end up with massive alert volumes and limited analytical value.

The answer is not abandoning rules. The answer is layering rules with context.

A rule that treats all high-cash transactions as the same will drown you in tourist alerts while missing the trader structuring purchases to avoid scrutiny

A monitoring system succeeds not by the number of alerts it generates, but by its ability to disambiguate. Its effectiveness lies in consistently distinguishing true positives from false positives and identifying which alerts require escalation versus those that reflect routine commercial transactions.

Confused with how to mitigate ML, FT, and PF risks within your Regulated Entity?

Contact Us Now

A risk-based transaction monitoring model that works in practice

For UAE retail jewellers, a practical model should include five layers.

Risk-Based Transaction Monitoring Model for DPMS Sector

1. Business baseline mapping

Build behavioural baselines by jewellery store type, product category, and seasonality:

  • Typical ticket bands by jewellery category
  • Payment mix by delivery channel and location
  • Expected festival and wedding uplifts
  • Common customer archetypes

Without this baseline, every busy season looks risky, and every quiet week looks clean.

For example, a cash-paying tourist buying a single high-value piece for personal use is behaviourally different from a resident making monthly purchases on credit, who is different again from a trader buying bullion for business inventory, who is different from a collector acquiring rare gemstones.

Each has a legitimate reason for their behaviour, but each presents different risk indicators. Product type also fundamentally changes the risk exposure. A bullion dealer handling 1kg gold bars operates differently from a diamond merchant or a mixed jewellery retailer.

A practical approach is to review transaction data, segment by store format and product type, then document the ticket size, payment method, and customer frequency. Use this as your benchmark for what constitutes normal variance versus genuine deviation to build these baselines.

2. Risk-weighted triggers, not blunt thresholds

Use weighted indicators instead of a single amount trigger. For example:

  • Repeated split payments on connected parties
  • Sharp mismatch between stated profile and purchase pattern
  • Frequent reversals, cancellations, or quick resale-related signals
  • Use of multiple third-party payments without a clear commercial rationale
  • Patterned use of cash around internal thresholds

Each indicator alone may be benign. Combinations are what matter.

3. Frontline judgement framework

Sales teams are not AML investigators, and they should not be treated as such. But they are the first line of observation. Give them practical, plain language prompts:

  • “Can you confirm who is funding this purchase?”
  • “Is this for personal use, gifting, or commercial purposes?”
  • “Please clarify the relationship between payer and customer.”
  • “Could you explain the payment split structure?”

A short, practical prompt book often outperforms long policy manuals. Integrate these prompts into the sales workflow. The goal is not interrogation, but informed conversation.

4. Second line review discipline

Compliance or nominated reviewers should focus on:

  • Pattern linkage across transactions, not one transaction in isolation
  • Documented rationale for closure decisions
  • Escalation quality and timeliness
  • Learning loops from prior cases and typologies

Reviewers should maintain a simple log that tracks why an alert was opened and why it was closed. This log becomes your audit trail and your training material for future reviews.

5. Governance and calibration cycle

Monitoring models must be recalibrated periodically:

  • Monthly quick checks during high season
  • Quarterly tuning based on false positive and missed case analysis
  • Annual full model review aligned to enterprise and sector risk updates

Monthly reviews should ask: which rule generated the most noise this month, and why? Track the root causes for false positives.

See if most false alerts are from a specific store location, a particular product category, or a single rule? This tells you where recalibration is needed. For example, if your cash threshold rule generates 200 alerts monthly, but 190 are from your gold souk outlet where cash is dominant, the rule is poorly designed for that location.

Your monitoring model must reflect which products you actually sell. A “one-size model” will generate false alerts in areas that don’t apply to your business.

During calibration, engage your frontline staff. Ask them if the current rules are capturing the right behaviours or if they are seeing new patterns that the current model misses. Their practical insight is invaluable for keeping the system relevant.

Practical red flag logic for DPMS

A useful principle is “explainable risk.”

If a transaction is large but readily explainable through profile, source, and purpose, it may be lower risk than a smaller transaction with a weak narrative and inconsistent behaviour.

Consider these examples:

Example A: Large wedding purchase

  • High value, family participation, documented relationship, coherent explanation, and consistent payment trail.
  • Likely low to medium risk depending on full profile.

Example B: Mid-value repeated fragmented purchases

  • Same week, different family members, inconsistent reasons, payer and beneficiary mismatch, frequent threshold adjacency.
  • Potentially higher risk despite smaller values.

Example C: Cash-heavy pattern with rapid product exchanges

  • Repeated product swaps and refunds, multiple locations, unclear economic purpose.
  • Strong escalation candidate.

The point is simple: amount matters, but behaviour matters more. Document the rationale behind every escalation decision. If a pattern like Example C is escalated, the compliance officer’s notes should explicitly reference the combination of factors that triggered the concern, not just the cash element.

Common implementation mistakes

  1. Implementing a bank-style monitoring matrix in the DPMS retail/wholesale business.
  2. Training staff once per year with no scenario practice.
  3. Treating all split payments as suspicious, then ignoring alert fatigue.
  4. Failing to connect the Point of Sale (PoS) data with compliance review notes.
  5. Applying the same threshold and monitoring logic to bullion sales as to rough gemstones or finished jewellery sales, despite their vastly different liquidity and risk profiles.
  6. Assuming a “one-size-fits-all” monitoring approach for all retail locations, ignoring the demographic and behavioural differences between a mall boutique/flagship store and a traditional gold souk shop.
  7. Escalating late because “something felt odd” was never documented properly.

Each of these can be fixed with practical design and governance.

Therefore, it becomes important to document why a transaction was reviewed, what factors were considered, and what decision was reached. This creates an audit trail and improves future decision-making through pattern recognition.

A solution-oriented blueprint for UAE DPMS Businesses

If you are an owner, MLRO, or compliance lead, start here:

  • Define your top 10 risk scenarios specific to the nature and size of your business.
  • Build a tiered alert model: informational, review, escalation.
  • Create a two-page frontline question guide.
  • Introduce a weekly thirty-minute case review huddle.
  • Track three metrics only: true positive rate, time to decision, and escalation quality.
  • Recalibrate monthly during seasonal peaks.
  • Keep an auditable rationale for every material decision.

This provides proportionate, defensible monitoring that is practical for business teams and credible for supervisors. A small retail outlet does not need the same AML controls as a large wholesaler. Scale your operations to your actual transaction volume and risk exposure and apply appropriate risk controls.

Final thought on Transaction monitoring in DPMS

Transaction monitoring in DPMS should not be a borrowed framework from other sectors. It should be a risk-based, operationally realistic model tailored to how jewellery retail actually works in the country.

The right objective is not to produce more alerts. The right objective is to ask better questions, make better decisions, and provide evidence for both.

That is where compliance maturity sits, and that is where global AML/CFT practice meets local UAE reality.

Stay updated on UAE AML rules

Get guidance, regulatory alerts and practical onboarding tips.

Contact Us Now

Add a comment

Related Blogs

How to Ensure Responsible AI Adoption in AML Compliance
31/03/2026

Responsible AI Adoption in AML Compliance

30/03/2026

A detailed analysis of the AML/CFT requirements for lawyers, notaries, and legal professionals in the UAE

28/03/2026

The Complete Guide to the Ultimate Beneficial Owner Verification

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Real Estate Activity Report (REAR) submission by real estate brokers and agents and law firms as per Circular Number: 05/2022

When to File a REAR

Pathik Shah

Home Author Archives: Pathik Shah

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

REAR At a Glance

  • What it is: REAR is a regulatory report filed on the goAML portal for certain freehold real estate transactions to support UAE AML, CFT and CPF compliance.
  • Who must file: Real estate brokers and agents, and lawyers, notaries and other independent legal professionals when they prepare, conduct, or execute property purchase or sale transactions for clients.
  • Main trigger: Filing becomes mandatory where a freehold property transaction involves cash payments of AED 55,000 or more (single payment or cumulative instalments).
  • Virtual assets trigger: REAR is also required if payment is made in virtual assets, or using funds converted from virtual assets, whether in part or in full.
  • Why it matters: REAR strengthens transparency and traceability, helping regulators and the FIU spot ML/TF/PF patterns over time, even where the transaction does not look suspicious at first glance.
  • Non-compliance risk: Failure to file can expose firms to serious regulatory action, including substantial fines and potentially restrictions, suspension, or licence cancellation, depending on the supervisory authority’s powers.

Submitting Real Estate Activity Report (REAR) is a vital Anti-Money Laundering (AML), Counter-Financing of Terrorism (CFT) and Counter Proliferation Financing (CPF) compliance measure for Real Estate sector-specific Regulated Entities in UAE.

Explore how an effective REAR framework supports regulatory compliance, understand its key requirements, and follow the reporting process step by step.

Real Estate Activity Report (REAR)

What is Real Estate Activity Report (REAR)?

Real Estate Activity Report (REAR) is a Regulatory Report that licensed Real Estate Brokers, Agents and Lawyers in UAE are required to submit when they come across freehold property transactions in cash (equal to or exceeding AED 55,000) or virtual assets or funds converted from virtual currencies.

The Rational behind REAR filing is to ensure accountability, transparency and regulatory oversight within the real estate sector is maintained.

The primary purpose is to make sure property transactions that involve significant cash or virtual assets are properly reported and documented so that the related ML/FT/PF risks can be countered effectively.

Who Needs to File REAR in UAE?

Businesses in the Real Estate sector that are involved in activities that fall under the covered activities for AML/CFT/CPF compliance, as classified in Article 3.2 of Cabinet Decision No. (134) of 2025 have a compliance obligation to file REAR.

Real Estate Sector-specific Regulated Entities are mandated to file REAR when they undertake specified transactions or arrangements pertaining to the purchase or sale of real estate properties for their customers. 

  • Real Estate Brokers
  • Real Estate Agents
  • Lawyers, Notaries and other independent legal professionals, when preparing, conducting or executing financial transactions of real estate property purchase or sale for their customers.

When to File a REAR?

The obligation to submit REAR arises when Real Estate Brokers, Real Estate Agents and other legal professionals are involved in transactions that meet the following specific criteria for reporting:

When to File a REAR

The transaction is related to freehold real estate, and the mode of payment for such property transactions has been carried out in one of the following ways; then REAR must be reported without a doubt.

  • The payment for the purchase or sale of such freehold property has been made in a single cash transaction that equals or exceeds AED 55,000.
  • The payment for the purchase or sale of such freehold property has been made in several cash transactions whose aggregate value equals or exceeds AED 55,000.
  • The entire or a portion of the payment for the purchase or sale of such freehold property has been made in virtual assets.
  • The entire or a portion of the payment for the purchase or sale of such freehold property has been made in funds that are converted from virtual assets.

If the above criteria are met, then filing the Real Estate Activity Report on the goAML portal becomes obligatory.  

What are Freehold Property Transactions in UAE?

Freehold property transactions in the UAE are real estate deals that allow buyers absolute ownership of the land and its unit, regardless of their nationality. It allows immigrants to buy, sell or lease properties without any restrictions in designated zones or investment zones.

The Real Estate Regulatory Authority (RERA) regulates and oversees real estate market activities and participants.

If Real Estate Brokers or Agents in UAE are facilitating these freehold property transactions, then they are subject to REAR Regulatory Reporting requirements when specific criteria are met as part of their AML/CFT/CPF obligations.   

Legal Obligations for Filing REAR

Ministry of Economy and Tourism Circular Number: 05/2022 on Real Estate Activity Report is the primary legal mandate explicitly introducing reporting of REAR for licensed Real Estate Brokers and Agents in the UAE. It comprehensively specifies which transactions need to be reported and when.

As per Article 3 of Cabinet Decision No. (134) of 2025, Real Estate Brokers and Agents are classified as Designated Non-Financial Businesses and Professions (DNFBPs) when they conduct activities relating to buying and selling real estate properties on behalf of their customers.

Similarly, Purchase and Sale of Real Estate for clients is one of the covered activities of AML/CFT/CPF compliance for Lawyers, Notaries and Other independent Legal Professionals. By virtue of this, they too are under the mandate of the Ministry of Justice’s circular no. 14 of 2022 regarding the REAR Real Estate Activity Report submission on the goAML portal when they are involved in transactions related to such activities.

Consequences of Failure to File REAR

Article 17 of Federal Decree Law No. (10) of 2025, gives power to Supervisory Authorities to impose severe penalties, including fines ranging from AED 10,000 to AED 5,000,000, potential suspension or revocation of their business license, restriction on business activities for non-compliance with any directives issued by them in connection with the AML/CFT/CPF compliance.

Accordingly, Real Estate Brokers, Agents and Legal Professionals may face regulatory penalties from their relevant Supervisory Authority if they fail to submit REAR.

Stay Updated with REAR Filing Legal Requirements.

Want to Know More?

Contact Us Now

Why is REAR filing Necessary for the real estate sector?

According to the MOET’s Supplemental Guidance for Real Estate Sector, the real estate sector is identified as a highly attractive sector for wrongdoers to launder their illicit funds, which necessitates reporting of REAR.

The Real Estate sector offers high-value property transactions, market stability and ease of use of intermediaries or third parties. These factors provide money launderers a chance to obscure the origin of their illegally obtained money in the guise of expensive property transactions, often using intermediaries to hide true ownership.

The Real Estate Activity Report (REAR) is a preventive compliance measure introduced by the Ministry of Economy and Tourism (MOET) and the Ministry of Justice (MOJ) to close these gaps.  

Through REAR, the mandatory reporting of specified transactions that are deemed to be at high risk due to involvement of large cash volumes or virtual assets ensures that they are brought under the eyes of Regulators as a preventive measure.

Moreover, REAR facilitates transparency for the FIU to perform data analysis. Even if the transaction does not appear suspicious initially, the REAR provides necessary data trails that allow Regulatory Authorities to detect complex ML/TF/PF patterns over time.

Common Challenges Faced by the Real Estate Sector in Filing REAR

The common challenges faced by the real estate sector in filing REAR include detecting transaction thresholds, confusion with different reporting requirements, complex investigations, counting multiple linked transactions, dilemmas in property classification, lack of skilled resources, inconsistent escalation process and technical difficulties.

Common Challenges Faced by the Real Estate Sector in Filing REAR

Detecting Transaction Thresholds

Many Real Estate sector-specific Reporting Entities and law firms often struggle to identify when a transaction crosses the REAR reporting threshold of AED 55,000, especially when payments are made in parts.

Without a robust transaction monitoring tool, there is a high risk of reportable cases being missed.  

Confusion with Different Reporting Requirements

There are various Regulatory Reports in UAE for AML/CFT/CPF compliance, and each regulatory report has different reporting requirements.

A lot of Real Estate Brokers and Agents get confused between when to file REAR and when other reports, such as SAR/STR, CNMR/PNMR, need to be filed. Further, the filing of REAR does not in any way exempt them from their responsibility of filing SAR, STR, CNMR, PNMR, HRC, or HRCA. Many real estate brokers and lawyers fail to understand this.

Complex Investigations

Some property transactions involve a layered ownership structure, third party involvements, and unusual payment arrangements.

Reviewing and understanding the details of complex financial transactions can be time-consuming and difficult.

Dilemmas in Property Classification

REAR is filed for freehold property transactions. However, a lot of Real Estate Agents and Brokers face problems determining whether a property qualifies as a freehold or falls under another category.

This confusion can lead to either a failure to file a mandatory REAR or the submission of redundant data for non-regulated property types.

Lack of Skilled Resources

Another major problem in submitting REAR is that not all Real Estate Agents and Brokers have dedicated compliance staff who understand the intricacy of AML/CFT/CPF obligations.

This can increase the risk of errors or missed reporting, subjecting them to regulatory penalties.

Inconsistent Escalation Process

Many of the Reporting Entities have inconsistent or outdated procedures in place for escalating reportable transactions.

Without a standardised internal escalation path, critical data often gets lost rather than being reported.

Technical Difficulties in goAML

REAR is filed via the goAML portal; however, Real Estate sector-specific Reporting Entities often struggle to deal with the technicalities of this platform.

The struggle intensifies especially when they are unfamiliar with REAR’s format, data fields and submission steps. This can slow down reporting and increase the risk of compliance failures.

Implementing Effective REAR Filing Across UAE: Step-by-Step Guide for the Real Estate Sector and Lawyers to Submit REAR

Implementing Effective REAR filing demands a structured approach and chronological process from Real Estate Regulated Entities.

The process of filing an accurate Real Estate Activity Report (REAR) involves identifying REAR-specific reporting transactions, obtaining significant documents (Emirates ID, Passport copy, Trade License, invoices, sale agreements), logging into goAML portal, selecting the REAR report type, entering mandatory information and uploading relevant documents pertaining to the transaction.

Step-by-Step Guide for the Real Estate Sector and Lawyers to Submit REAR

Identifying REAR Specific Reporting Transaction

The first step begins with identifying REAR-specific reporting transactions.

As explicitly stated by MOET and MOJ, when the purchase or sale of freehold real estate is carried out in cash (that equals or exceeds AED 55,000) or virtual assets or funds converted from virtual assets, the obligation to file REAR arises.

Obtaining and Recording Significant Documents

The second step is to obtain and record significant documents post-identifying a reportable transaction.

This includes collecting identification and real estate transaction-related documents. The following are the mandatory documents that Reporting Entities need to obtain and record before filing REAR.

  • Identification documents of the purchaser and seller.
    – For natural person: Emirates ID or Passport Copy
    – For legal person: Trade License, MOA/AOA, Emirates ID or Passport copy of Ultimate Beneficial Owners (UBOs), Register of UBOs.
  • Receipts, Invoices and Contracts
  • Purchase and Sale Agreement

Accessing the goAML Portal

The next step is to access the FIU goAML portal after obtaining and recording significant documents.

Real Estate sector-specific Reporting Entities need to log in to their goAML portal with credentials given at the time of their registration.

For Reporting Entities, it is very important to ensure that the passwords are updated and their organisational profile on the goAML portal is current.

Selecting REAR from the Dropdown Menu

The following step for Reporting Entities is to select the REAR report type from the given dropdown menu.

Post logging into the goAML portal, click on the “Web Report” tab, navigate to the report type dropdown menu and select Real Estate Activity Report (REAR) from the list of reports given.

While selecting the report type, Reporting Entities need to ensure that they do not get confused between the SAR/STR and REAR. Selecting the correct Report type is critical for an efficient REAR submission.

Entering Mandatory Data

The subsequent step for Reporting Entities is to enter mandatory data fields on the goAML portal before submission.

These data fields are mainly related to the information pertaining to the parties involved in the reportable transaction, transaction details, and property description.

Entering the names of the buyer and seller along with their nationalities and ID numbers, detailing the date, total value of the property and amounts paid in cash or virtual assets and describing the exact address and property type of the real estate in question, fulfils the essentials of REAR submission for Regulated Entities.  

Uploading Relevant Documents

Post entering the mandatory details, the next step for Reporting Entities is to upload relevant documents and click submit to complete the final process.

Attachments pertaining to scanned copies of ID documents, payment receipts, invoices, contracts, and purchase and sale agreements need to be uploaded along with the report. While uploading the attachments, Reporting Entities should ensure the file size meets the goAML portal’s requirements.

After completing each step, click on the submit button to file the REAR to UAE Financial Intelligence Unit (FIU UAE).

Post-Filing Actions

The final step for Regulated Entities after filing REAR is to retain and maintain a submission copy of REAR and its supporting documents for at least 5 years, subject to the obligations of record-keeping under the UAE’s AML/CFT/CPF regulations.

Best Practices for REAR Submission

Real Estate Activity Report filing is not just a generic compliance obligation, but it safeguards the financial system from any kind of potential ML/TF/PF risks arising out of high-value property transactions.

Regulated Entities in the Real Estate sector and legal professionals must maintain accuracy and timeliness in filing REAR by adopting best practices. These best practices include implementing advanced transaction monitoring tools, updating policies and procedures, imparting training, standardising documentation, and maintaining clear audit trails for REAR reporting.

Best Practices for REAR Submission

Implement Advanced Transaction Monitoring Tools

Regulated Entities in the real estate sector and lawyers must implement advanced transaction monitoring tools that can identify reportable transactions quickly and accurately.

These tools can track payment patterns, detect linked transactions, and flag cases that cross reporting thresholds. Automation reduces manual errors, saves time, and ensures that no reportable transaction pertaining to REAR is missed.    

Outline a Clear Escalation Path for REAR in Policies and Procedures

Reporting Entities must define a clear escalation path for REAR reporting in their internal AML/CFT/CPF policies and procedures.

Articulation of who reviews, approves and files REAR when a reportable transaction is identified ensures that cases are handled swiftly and consistently.

Moreover, well-documented policies and procedures demonstrate readiness during regulatory inspections.

Impart Training and Awareness

Real Estate sector-specific Reporting Entities and lawyers must provide regular training and awareness to their employees regarding REAR filing requirements.

Consistent training ensures that staff understand the obligations to file REAR, its reporting thresholds, and red flag indicators.

Moreover, Reporting Entities should also train their employees on how to navigate the goAML platform and technicalities pertaining to that portal, as ultimately, they must go and file the report there only.

Standardise Documentation Procedure

Reporting Entities must ensure that they have standardised documentation procedures in place.

Adopting uniform documentation checklists ensures that all necessary information is collected for every transaction. This improves accuracy, reduces major omissions, and speeds up report preparation.

Establish a Clear Audit Trail

Regulated Entities in the Real Estate Sector must establish a clear audit trail of REAR filing. Clear records of transaction reviews, decisions, and REAR submission must be maintained.

A strong audit trail supports preparedness during regulatory inspections and showcases thorough compliance with the AML/CFT/CPF obligations of the real estate sector to regulatory authorities.

Need Help in Implementing These Best Practices?

Let Our Experts Guide You to File an Accurate REAR

Talk to Our Experts Now

Documentation Requirement for REAR

Documents to be obtained for buyer and seller, if
Individual Corporate
  • Valid Emirates ID; or
  • Passport copy
  • Trade License
  • Articles of Association
  • Register of Beneficial Owners
  • Emirates ID or passport copy for all Beneficial Owners
  • Emirates ID or passport copy for all shareholders/partners

REAR - An Additional Reporting

It is important to note that filing of REAR to report the transaction pertaining to freehold property is an additional requirement.

Real estate brokers /agents and lawyers are also required to file Suspicious Transaction Report / Suspicious Activity Report / Fund Freeze Report / Partial Name Match Report, as and when the same are applicable. Accordingly, along with filing of reports as prescribed earlier for reporting of sanctions or suspicion, additional REAR is to be filed to report all freehold property related transactions as prescribed above.

Summary of compliance requirements for Real Estate Activity Report (REAR)

It is important to note that filing of REAR to report the transaction pertaining to freehold property is an additional requirement.

Real estate brokers /agents and lawyers are not absolved from filing of Suspicious Transaction Report / Suspicious Activity Report / Fund Freeze Report / Partial Name Match Report, as and when the same are applicable. Accordingly, along with filing of reports as prescribed earlier for reporting of sanctions or suspicion, additional REAR is to be filed to report all freehold property related transactions as prescribed above.

Transaction

Mode of payment

(for a portion or entire property)

Actions by Real Estate Brokers/ Agents & Lawyers

Documents to be obtained

Individual

Corporate

Purchase and sale transactions of Freehold Real Estate

Physical cash equal or exceeding AED 55,000

Obtain & record

  • Identification documents
  • Receipts, invoices, contracts and Purchase/Sale Agreement

Submit REAR on GoAML platform

  • Valid Emirates ID; or
  • Passport copy
  • Trade License
  • Articles of Association
  • Register of UBO
  • Emirates ID / Passport for all UBO and shareholders / partners

Virtual asset

Funds converted from Virtual asset

How AML UAE Supports Robust Submission of REAR by Mitigating Common Challenges

Real Estate sector-specific Reporting Entities in the UAE often encounter a number of issues while filing REAR. We here at AML UAE support Real Estate Agents and Brokers and legal professionals to build a robust AML/CFT/CPF compliance specifically customised to their business, which covers comprehensive solutions for efficient REAR filing.

  1. Issue: Reporting Entities struggle to interpret REAR requirements, thresholds and regulatory expectations, leading to missed or incorrect filing.
    Solutions: AML UAE provides comprehensive AML Training on Real Estate Activity Report (REAR) requirements, thresholds and regulatory expectations in line with the UAE’s AML/CFT/CPF laws and sector-specific guidance for Real Estate businesses, lawyers and other legal professionals.
  2. Issue: Regulated Entities do not know when or how to escalate reportable transactions for REAR due to unclear policies and procedures.
    Solutions: AML UAE supports Real Estate sector-specific Regulated Entities and lawyers with its AML/CFT/CPF Policies, Controls and Procedures Documentation services to develop customised policies and procedures that define a clear escalation and reporting path for REAR submission.
  3. Issue: Reporting Entities still rely on manual tracking to detect linked or high-risk transactions.
    Solutions: AML UAE facilitates regulated entities through its AML Software Selection services by recommending solutions that are advanced and can autonomously detect high-value linked transactions.
  4. Issue: Some Regulated Entities have an AML Compliance framework on paper; however, they still face challenges in filing REAR.
    Solutions: AML UAE offers Regulated Entities, extensive reviews of the existing AML/CFT/CPF framework, identifies gaps and provides actionable recommendations through its AML/CFT/CPF Health check services.

Submit Real Estate Activity Report (REAR) Promptly and Adequately Through a Structured Approach

Timely and Accurate submission of Real Estate Activity Report (REAR) is essential for AML/CFT/CPF compliance obligation for Real Estate sector-specific Regulated Entities such as Real Estate Brokers, Agents and Legal Professionals.

Even minor gaps in identifying reportable transactions, documenting details or submitting reports can expose businesses to ML/TF/PF risks and regulatory scrutiny.

AML UAE supports Real Estate Sector Reporting Entities in simplifying the REAR reporting process through its specialised services and expert team. With the right guidance, tools and procedures in place, businesses can confidently manage their REAR obligations as per the requirements of UAE’s AML/CFT/CPF laws.

Ensure Accurate REAR Filing with Confidence

Strengthen Real Estate Sector AML/CFT/CPF Compliance with Our Expert Support and Efficient Services.

Contact Us Now

Add a comment

Related Blogs

How to Ensure Responsible AI Adoption in AML Compliance
31/03/2026

Responsible AI Adoption in AML Compliance

30/03/2026

A detailed analysis of the AML/CFT requirements for lawyers, notaries, and legal professionals in the UAE

28/03/2026

The Complete Guide to the Ultimate Beneficial Owner Verification

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Adverse Media Screening APIs

Pathik Shah

Last Updated: 03/03/2026

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Brief Overview of Adverse Media Screening APIs

  • Adverse media screening APIs scan global and local open sources including news, court records, social media etc., to identify potential ML/TF risks across onboarding and ongoing monitoring. Human oversight is crucial for making decisions and must be assessed for relevance, credibility, and recency. Clear audit trails for onboarding, retention, or escalation decisions are also crucial.
  • Adverse media screening APIs are applied under the risk-based approach to support customer risk assessment and escalation decisions; mishandling outputs can lead to governance failures or missed reporting obligations.
  • Data bias, false positives, and over-automation are major concerns related to adverse media APIs; firms must validate sources, recalibrate tools when triggers arise, and maintain consistent, documented screening procedures.

What are the Adverse Media Screening APIs?

Adverse media screening APIs are software interfaces that analyse global and local sources such as news outlets, criminal records, social media, and other open-source information to identify negative information associated with relevant individuals or organisations. Adverse media screening APIs help entities automate the identification of potential money-laundering or terrorist-financing risks and enable ongoing monitoring.

Regulatory Basis for Adverse Media Screening in the UAE

Adverse media screening in the UAE is a critical regulatory requirement under customer due diligence and the risk-based approach. Federal Decree Law No. (10) of 2025 and the UAE Cabinet Decision No. (134) of 2025 outlines obligations for identifying negative news relevant to ML/TF risk.

The Financial Action Task Force (FATF) recommends Adverse Media Screening as a key measure of the AML/CFT framework. Entities are required to actively monitor reliable sources for news and identify criminal history or financial misconduct, particularly when dealing with high-risk customers. This serves as a risk indicator rather than definitive evidence of criminality.

Automated APIs assist in flagging negative news that is relevant to ML/TF/PF risks during onboarding and throughout the customer lifecycle. Such identification helps determine a customer’s risk profile and decide whether Enhanced Due Diligence (EDD) is required.

Mishandling adverse media screening results can lead to unjustified onboarding decisions or failure to escalate high-risk customers to the Financial Intelligence Unit (FIU) via Suspicious Activity Reports (SARs) and severe administrative penalties.

Where Adverse Media Screening APIs Operate in the AML Lifecycle

Adverse Media Screening APIs are risk-based AML tools that operate throughout the customer lifecycle and are critical to identifying reputational or financial crime risks.

All potential customers, UBOs, directors, business partners, agents, and relevant third parties must be screened for negative news before establishing a business relationship or entering a transaction. It is not a one-time task, but an ongoing process.  Based on the customer’s risk profile, re-screening must be done periodically with the help of adverse media screening APIs to capture newly emerged adverse news.

Negative news screening must also be done on the occurrence of any trigger events such as a change in ownership or management, key control persons, transaction patterns, unusual activities, geographic exposure shifts, or after fresh negative media reports surface. Entities are obligated to enhance their CDD measures and conduct EDD where credible adverse information is identified.

Distinguishing Adverse Media Screening APIs from Sanctions and PEP Screening APIs

Adverse Media screening APIs involve monitoring various public sources, such as news articles, criminal records, and social media, to identify any negative or potentially reputation-damaging customer information, such as involvement in criminal activity, fraud, etc. This is done to safeguard a business’s reputation and enable informed decisions.

Sanction screening APIs, on the other hand, focus on the identification of such individuals or entities that are listed on sanction lists that include the names of entities involved in illegal activities such as terrorism, drug or human trafficking, and severe human rights violations, published by governments and international organisations. Dealing with a sanctioned entity is prohibited.

PEP screening APIs deal with the identification of individuals who are most likely to be high-risk individuals because of their political association and high status. PEPs are not restricted from entering into any financial transaction, but they are subject to enhanced ongoing monitoring. 

Adverse Media APIs PEP Screening APIs Sanctions/TFS APIs
Purpose Identify reputational/criminal risk Identify high-risk officials Identify legally prohibited parties
Regulatory Action Risk-based review/Investigation Triggers Enhanced Due Diligence (EDD), senior approval Requires Asset Freezing/Customer Offboarding/Customer Rejection
Legal Status Varies based on findings Permissible with controls Illegal to engage
Data Scope News, litigation, public records, etc. Political figures, associates, etc. Global and local sanction lists

Adverse media hits are mere risk signals, not grounds for legal prohibitions, and do not trigger automatic rejection or freezing of assets. Incorrectly treating adverse media hits as legal grounds for refusal can lead to misapplication of controls, discriminatory treatment and improper and discriminatory de-risking.

Accountability for Decisions Based on Adverse Media APIs

API-Driven Adverse Media screening tools increase the efficiency and accuracy of risk identification. Although the ultimate responsibility for ensuring that adverse media identification and decisions based on negative news screening APIs are accurate, documented, and risk-based lies with the Reporting Entity.

While negative news screening APIs can go through thousands of media sources on a real-time basis and identify red flags, they must be combined with human oversight to interpret context, relevance, recency, and credibility, particularly for high-risk clients.

All the screening results must undergo manual review, and proper records must be maintained containing screening results and final decisions made.

Decisions affecting onboarding, retention, or escalation must be supported by a clear audit trail.

Automated onboarding approvals, termination of a relationship, or de-risking without the approval of senior management can be seen as a governance failure and lead to severe regulatory penalties, legal consequences, and reputational damage.

Generate Your Adverse Media Report

Track results, classify matches, and maintain a clear compliance trail.

Generate Report Now →

Data Sources, Coverage, and Bias Risks in Negative News Screening APIs

Adverse media screening APIs gather data from various sources such as global news, local Arabic-language media, regulatory notices, blogs, social media and court records, etc. All these open sources have different evidentiary value, verification standards, and bias risk, along with data quality, fairness, and reliability concerns. Reporting entities are expected to understand what sources are covered and which jurisdictions and languages are underrepresented before relying on adverse media API-driven screening outputs to avoid relying on incomplete or biased datasets. Unreliable and incomplete information can lead to high false positives, discrimination based on language or jurisdiction, wrongful allegations, and reputational harm. Therefore, in an effective risk-based AML framework, adverse media outputs must be contextualised and independently assessed.
Source Type Risk Indicator Value Concerns
Local News/Media High (Real-time detection) High false positives; lack of verification
Court Records/Enforcement High (Proven liability) Potential for outdated status (e.g., cleared cases)
Social media/Blogs Medium (Early warning) High, noisy, unverifiable information
Regional Language Media Variable (Context-specific) Language/transliteration gaps (Arabic)

Regulatory Triggers Requiring Review of Adverse Media Screening APIs

Reporting entities must reassess and review their adverse media screening APIs tools when certain events indicate potential deterioration in accuracy, proportionality, or governance control.

Regulators expect a timely review where tool performance or decision outcomes may affect CDD or EDD compliance.

A reassessment is warranted where there is a material increase in adverse media hits that cannot be explained by underlying customer risk, as this may indicate shifts in data coverage, matching logic, or threshold sensitivity.

Reviews are also expected when adverse media screening API providers modify data sources, introduce new jurisdictions or languages, or update algorithms that influence how results are ranked or classified.

Additional triggers include customer complaints or legal challenges arising from onboarding, retention, or exit decisions influenced by adverse media results, as well as supervisory feedback questioning the quality or consistency of CDD and EDD outcomes.

Firms are expected to recalibrate screening parameters, strengthen governance and validation controls, and, where necessary, suspend or restrict automated decision-making until the tool’s performance and proportionality are revalidated.

Common Regulatory Failures in API-Based Adverse Media Screening

When Adverse Media screening relies heavily on API-based automated systems, supervisory reviews can identify various CDD and EDD weaknesses.

One of the common weaknesses is blind reliance on vendor-generated “risk scores” which lack human oversight, and proper independent assessment of relevance, credibility, and recency. This can also lead to insufficient differentiation between allegations and confirmed convictions, causing unjustified customer decisions.

Furthermore, inconsistent application of screening across customer segments can lead to gaps in risk detection.

The absence of a properly documented rationale justifying the decisions can undermine auditability and accountability.

These failures are governance and risk-based approach deficiencies that require integration of qualitative human review in the automated workflow.

Organisations should focus on validating adverse media screening API outputs and ensuring rigorous, consistent, and documented screening procedures to address these regulatory concerns.

Engage AML UAE Services for Adverse Media API Management

AML UAE helps organisations to manage adverse media API screening and support enhanced due diligence (EDD) by providing API validation, compliance governance framework design and review, and remediation.

Specialist AML support is important where adverse media screening outcomes materially influence onboarding, escalation, or customer exit decisions.

Independent review by an expert is particularly crucial when de-risking decisions are challenged, adverse media APIs materially affect CDD or EDD outcomes, or regulators question the proportionality or fairness of such outcomes.

When to engage AML UAE for specialist support on Adverse Media Screening APIs validation:

Decision Factor Internal Review Engage AML UAE Specialist Support
Impact on CDD/EDD outcomes Informational or low materiality Material influence on onboarding, escalation, or exit decisions
Governance maturity Documented methodology, validated thresholds, QA in place Gaps in validation, unclear relevance criteria, weak audit trail
Data/model changes No significant provider or algorithm changes Recent changes to sources, coverage, or matching logic
Challenges or disputes No customer or legal challenges Decisions contested or subject to legal scrutiny
Supervisory posture No adverse feedback on CDD quality Supervisory queries or remediation requirements

Frequently Asked Questions: Adverse Media Screening APIs

Can automated APIs be used for adverse media screening in the UAE?

Automated adverse media screening APIs can be used for adverse media screening as risk-identification tools, but results must be reviewed by humans and properly governed.

For all the negative news identified by AML APIs, relevance, credibility, and recency must be assessed. The impact and any escalation or decision taken must be properly documented.

Adverse media screening identifies unverified, negative news, offering earlier risk warnings, while sanctions screening covers the identification of restricted entities to avoid legal liability, and PEP screening identifies high-risk political figures for enhanced monitoring and EDD.

Adverse media decisions must involve human review, proportionality assessment, and documented approval.

Documentation as to Negative news identified, matched sources, decision rationale, risk rating impact, approvals, and audit logs must all be maintained properly.

Unsure if your watchlist screening meets UAE AML requirements?

Partner with us to strengthen your sanctions and watchlist compliance framework.

Contact Us Now

Explore Our Services:

AML/CFT Policy Drafting

AML Training

AML Software Selection

Regulatory Reporting

Managed KYC and CDD

AML/CFT Health Check

Risk Assessment Report

Contact Us Now

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Sanctions Screening APIs

Pathik Shah

Last Updated: 03/03/2026

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Brief Overview of Sanctions Screening & TFS Compliance APIs

  • Sanctions screening APIs are automated tools that help entities identify sanctioned persons and trigger immediate freezing and reporting obligations under UAE TFS guidelines.
  • Sanctions screening APIs screen customers, beneficial owners, intermediaries and transactions in real time across onboarding, ongoing monitoring, and post-changes reviews against sources such as the United Nations Security Council lists and the UAE Local Terrorist List.
  • Automation does not absolve the responsibility of the reporting entity. They must validate screening logic, update lists in a timely manner, maintain audit-ready evidence, and have robust escalation, freezing, and reporting controls.

What are Sanctions Screening & TFS Compliance APIs?

Sanction screening APIs are automated software interfaces that screen customers, counterparties, transactions, and beneficial owners against relevant global and local sanctions lists. These APIs also help organisations to comply with TFS guidelines by identifying risks, freezing assets, and reporting without delay.

Legal Authority Governing API-Based Sanctions and TFS Screening

TFS compliance is a mandatory legal obligation. The Cabinet Resolution No. 74 of 2020 sets out the regulatory framework in the UAE regarding Targeted Financial Sanctions (“TFS”), and the implementation of the UN Security Council decisions to combat money laundering and terrorism financing.

Governing authorities such as the Central Bank of the UAE (CBUAE) and the Executive Office for Control and Non-Proliferation (EOCN) require automated, real-time screening of customers, beneficial owners, and transactions against the UNSC Consolidated List and the UAE Local Terrorist List.

As per Article 21.2 of Cabinet Decision 74, LFIs are required to conduct regular searches against applicable sanctions lists of their customer databases, parties to any transactions, potential customers, beneficial owners, etc., along with continuous searches of their customer database before conducting any transaction or entering into a business relationship.

Where Sanctions & TFS APIs Operate in the AML Compliance Lifecycle

Sanctions & TFS APIs are risk-based AML tools that operate throughout the customer lifecycle and are critical for identifying sanctioned entities.

Screening begins when customer, counterparty, or transaction data is submitted. At the onboarding and pre-relationship stages, APIs screen parties before any business relationship is established. During transaction processing, APIs conduct real-time or near-real-time screening to prevent prohibited transfers or services.

Ongoing screening ensures continuous checks against updated sanctions and TFS lists. When new sanctions are issued, post-designation screening and retrospective reviews identify past transactions with newly sanctioned entities.

If the system detects potential hits, it automatically routes them to the compliance teams for review. If confirmed, the reporting entity must freeze assets, block transactions, prohibit any further dealings, and submit a Confirmed Name Match Report (CNMR).

If the match cannot be fully confirmed but cannot be reasonably dismissed, the entity must immediately suspend the transaction and file a Partial Name Match Report (PNMR).

Distinguishing Sanctions Screening APIs from Other AML APIs

Sanctions screening APIs help conduct name-based screening against official sanctions lists to identify prohibited individuals or entities and trigger immediate legal obligations. Whereas transaction monitoring APIs analyse behavioural patterns and detect suspicious activity using risk-based thresholds and risk scoring.

A sanction match requires immediate legal action, while transaction monitoring usually generates alerts subject to discretionary review. Treating sanctions hits as ordinary AML alerts can result in severe penalties, as TFS controls are non-negotiable legal obligations.

Sanctions API vs AML Monitoring API
  Sanctions/TFS API (Screening) AML/Transaction Monitoring API
Purpose Immediate blocking of prohibited parties. Detecting, investigating suspicious behaviour.
Trigger Instant, real-time check. Behavioural/Transactional threshold.
Action Mandatory freeze/reject immediately. Escalation, filing STR, investigation.
Flexibility Zero tolerance. Risk-based.

Accountability for API-Driven Sanctions and TFS Decisions

An API-driven sanction screening tool automates the process and increases effectiveness and efficiency, but it does not absolve a Reporting Entity of its legal obligations.

The reporting entity is responsible for ensuring that effective screening controls are in place and that freezing/reporting actions are executed without delay.

Entities are expected to demonstrate effective control over the screening system, including proper documentation, list sources, update frequency, match thresholds, and proper escalation procedures.

Entities must maintain auditable records demonstrating the decision-making process and how quickly obligations were executed.

When organisations rely solely on third-party vendor tools without independent validation, governance, or performance testing, it can lead to missed hits, delayed freezing/reporting, and regulatory repercussions. Over-reliance on automation without human oversight or failing to document the rationale behind decisions can lead to severe penalties.

Regulatory Triggers Requiring Immediate Review of Sanctions & TFS APIs

Certain triggers may affect identification, and risk classification requires an immediate reassessment of API-driven sanction-screening controls.

Key triggers include updates to designation sources issued under United Nations Security Council resolutions or changes to the UAE Local Terrorist List, which require prompt ingestion of lists and re-screening.

Other technical triggers, such as API latency, screening outages, or the discovery of high false negatives, demand instant system recalibration.

When there is expansion into new jurisdictions or products, a proactive reassessment of API logic is essential.

According to CBUAE Guidelines, entities must conduct comprehensive framework reviews, escalate potential matches via the Executive Office (EOCN) or goAML, and document remediation for regulatory audits and inspections.

Data Sources, List Management, and Screening Logic in Sanctions APIs

In the UAE, Cabinet Resolution No. 74 of 2020 requires the implementation of rigorous screening against the UNSC Consolidated List and the UAE Local Terrorist List.

Regulators expect complete data coverage, including beneficial owners, counterparties, and transactions. This must also be supported by real-time automated list updates, version control, and auditable trails.

Effective sanctions screening API implementation must identify matches despite misspellings, transliterations, or aliases, block transactions prior to execution, and perform multi-list screening.

Sanctions List Primary Source API Update Frequency Compliance Risk
UNSC Consolidated UN Security Council Real-time High
UAE Local List EOCN (Executive Office) Real-time High
Other (OFAC/EU) OFAC / EU Portal Daily / Risk-based Medium-High

Common Regulatory Failures in API-Based Sanctions and TFS Screening

Delayed API list updates that lead to missed hits are a common regulatory failure in UAE API-based sanctions and TFS screening, with immediate enforcement consequences.

Inadequate fuzzy matching logic is another weakness with sanctions screening APIs that results in failure in identifying name variations or misspellings, and a lack of real-time transaction screening may result in processing of illicit transactions before detection.

A major violation occurs when entities fail to freeze assets promptly upon a confirmed match.

Weak audit trails with incomplete records of screening inputs, decisions made, or the rationale for dismissing “false positives” constitute a systemic failure to freeze and report effectively. 

The reporting entities have the full responsibility for the operational effectiveness of their automated screening tools and sanctions screening APIs. They must also adopt a proactive control framework that has features that conduct continuous testing, robust documentation, and immediate intervention to ensure compliance and avoid enforcement actions.

AML UAE Services for Sanctions & TFS API Risk Mitigation

AML UAE services become a regulatory necessity when sanctions and TFS controls depend on automated APIs and require proving the effectiveness of such controls.

Engaging AML UAE experts is important for framework reviews, sanctions screening API validation, and list governance, especially where sanctions screening is API-driven.

AML UAE ensures that entities comply with CBUAE/EOCN regulations, automated freezing obligations, and prevent high-risk breaches.

Specialists help implement matching logic, assess list sourcing and update controls, test real-time screening capabilities, and design remediation plans with properly documented evidence trails.

Internal sanctions capability AML UAE specialist support
Limited testing and escalation procedures, CNMR/PNMR handling, lack of proper records Comprehensive framework review, control redesign, and validation of screening and decision processes
Heavy reliance on third-party vendor screening tools, limited governance and human oversight Complete sanctions framework assessment, sanctions screening API configuration review, and governance redesign
Missed matches, delayed freezing/reporting, or lack of proper audit trails Remediation, proper documentation and audit trails, and regulatory AML compliance

FAQs on Sanctions Screening APIs

Can APIs be used for sanctions screening in the UAE?

Yes, APIs can be used for sanction screening in the UAE, provided screening is effective, governed, and initiates immediate freezing/blocking/reporting actions along with human oversight.

Yes, TFS screening APIs are acceptable if lists are updated; matches are escalated without delay and freezing/reporting obligations are executed on time.

The reporting entity remains fully liable if a sanctions API misses a designated person, regardless of vendor or automation.

Sanctions APIs must be updated without delay after any official designation changes.

Audit-ready records of screened data, lists used and update timestamps, match outcomes, decisions, and freezing/reporting actions, including filings to the Financial Intelligence Unit.

Yes, transaction screening must be automated to handle high volumes, providing real-time, event-driven screening against relevant sanctions watchlists.

Unsure if your watchlist screening meets UAE AML requirements?

Partner with us to strengthen your sanctions and watchlist compliance framework.

Contact Us Now

Explore Our Services:

AML/CFT Policy Drafting

AML Training

AML Software Selection

Regulatory Reporting

Managed KYC and CDD

AML/CFT Health Check

Risk Assessment Report

Contact Us Now

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

PNG FATF Grey Listing – Impact on DNFBPs AML Compliance

PNG FATF Grey Listing - Impact on DNFBPs AML Compliance

PNG FATF Grey Listing - Impact on DNFBPs AML Compliance

Home Author Archives: Pathik Shah
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Papua New Guinea FATF Grey Listing: Impact on DNFBPs at a Glance

  • PNG was placed under FATF increased monitoring, i.e., Grey List, in February 2026.
  • The Mutual Evaluation Report identified PNG’s AML Regime weaknesses in conducting ML investigations, asset confiscation, supervising DNFBPs, and maintaining beneficial ownership transparency.
  • Unlike technical compliance gaps, PNGs deficiencies relate to effectiveness across the AML enforcement agencies.
  • DNFBPs in UAE having business relationships with PNG-based customers, suppliers, intermediaries or having presence or branch offices must reassess their geographic risk, monitoring controls, and refresh their re-KYC cycles to ensure regulatory alignment.

Papua New Guinea Added to the FATF Grey List: What Happened?

Papua New Guinea (PNG) was added to the FATF Grey List in February 2026. It is an economy with a GDP of around USD 31.6 billion and a population of over 9 million. Its economy is largely based on extractive industries, such as mining, petroleum, logging, and fishing.

PNG operates predominantly in a cash-intensive environment, with most of its population still outside the ambit of the formal banking system. The 2024 Mutual Evaluation Report (MER) with FATF identified substantial money laundering risks linked to predicate offences such as corruption, bribery, fraud, tax offences, and environmental crimes.

While PNG has an AML/CFT Regime in place, the MER found weaknesses in enforcement outcomes, particularly in money laundering investigations, confiscation of proceeds of crime, beneficial ownership transparency, and weak DNFBP supervision.

Why Was Papua New Guinea Placed Under Increased Monitoring?

PNG was placed under increased monitoring, i.e., FATF Grey List, as the executive summary of the Mutual Evaluation Report highlighted several structural deficiencies in its AML regime, such as:

  • Limited prosecution and asset recovery for money laundering offences and not pursuing investigations.
  • Weak beneficial ownership transparency and unverified or inaccessible beneficial ownership information.
  • Suspicious Activity and Transaction reporting from DNFBPs in PNG is negligible, and their supervision has gaps.
  • Lack of proactive measures around international cooperation to mitigate money laundering risks and confiscate or seize proceeds of crime.

These factors collectively contributed to FATF’s decision to subject PNG to increased monitoring.

What This Means for UAE Businesses with Exposure to PNG?

DNFBPs in the UAE having customers, suppliers, intermediaries, business associates, or branch offices or presence in PNG may require careful reassessment of geographic risk exposure. They must consider the impact of PNG Grey Listing on the following aspects of their AML program.

Enterprise-Wide Risk Assessment (EWRA) Update

The geographic risk component of PNG’s Grey Listing must be incorporated in a DNFBPs EWRA. This would entail reassessing inherent risk, control effectiveness, residual risk, and related factors to align with the business’s risk appetite.

AML/CFT Policy Revision

Upon updating EWRA, DNFBPs need to revise their AML/CFT Policy to reflect the updated status of FATF Grey List countries, including Kuwait, which was also Grey Listed in February 2026 alongside PNG. The DNFBP might also be required to revise or refine their Customer Acceptance or Exit policies to ensure alignment with a risk-based approach.

Customer Risk Assessment (CRA) Methodology Update

DNFBPs are required to include PNGs’ revised Grey Listed status in their risk scoring models as it might impact:

  • Risk categorization thresholds
  • Re-KYC cycle configuration and timelines
  • Appropriate implementation of due diligence measures such as simplified, standard or enhanced.

Software and Screening Reconfiguration

AML Software tools also need reconfiguration in order to:

  • Reflect the name of PNG under increased monitoring
  • Initiate fresh screening and risk-scoring as well as risk classification of customers wherever required in terms of exposure to PNG
  • Re-tune transaction monitoring parameters and alert thresholds according to the risk that requires proportionate mitigation.

Realignment of CDD Measures

A major concern for DNFBPs with PNG is the exposure to the subsequent treatment of existing business relationships, which may require risk-based re-KYC and review. New customer onboarding procedures might also require tweaks or refinement to reflect the risk of PNG’s inclusion on the grey list and its impact to the business’s risk exposure.

Staff Awareness & Governance Documentation

Compliance Officers working within DNFBPs must document Grey List change management in their internal records and report the same to Senior Management and ensure that the staff is adequately trained and updated on geographic risk treatment in the firm’s EWRA, CRA and revised CDD measures, if any, to ensure awareness and readiness to treat geographic risk changes appropriately.

Should Your AML/CFT Risk Assessment Be Updated?

PNG’s Grey Listing does not mandate or lead to automatic enhanced due diligence or blanket de-risking. DNFBPs must take risk-based decisions to ensure structural alignment of EWRA, AML Policy, CRA, AML Software, documentation and record-keeping with UAE’s AML regulations.

DNFBPs should assess whether:

  • PNG’s risk classification and impact are accurately reflected in its EWRA
  • The Customer Risk Assessment (CRA) methodology requires fine-tuning or adjustments
  • AML Software configuration aligns with updated geographic risk
  • Governance documentation reflects the risk-reassessment process
  • Control measures are re-aligned to ensure that the DNFBP does not onboard or continue a business relationship with a PNG-based customer if the risk of doing so exceeds its risk appetite.

Maintaining and recording documentation involved in risk management measures taken by the DNFBP subsequent to PNG’s grey listing strengthens its regulatory auditability.

Is your Business Exposed to Papua New Guinea?

It may be time to recalibrate geographic risk into your EWRA and CRA Parameters!

Contact Us Now!

Practical Compliance Steps for UAE DNFBPs

Following Papua New Guinea’s Grey Listing, UAE DNFBPs should translate changes in their risk identification and assessment measures into operational controls. Some of the practical compliance steps would include the following:

  • Re-Screening PNG-Linked Customers against updated geographic risk classifications and sanctions databases.
  • Conducting targeted Re-KYC Reviews for existing business relationships with clients, business associates, intermediaries, UBOs or suppliers from PNG.
  • Revalidating beneficial ownership information, specifically in cases of complex ownership structures involving multiple layers.
  • Re-tuning Transaction Monitoring Parameters to reflect updated geographic risk, if needed, and avoiding unnecessary alert fatigue.
  • Reviewing High-Risk Business Relationship Approval Workflows to ensure that PNG-linked customers receive appropriate Senior Management oversight
  • Documenting Every Risk-Based Decision for Record-Keeping Purposes related to DNFBPs exposure to PNG-linked customers or business associates.
  • Conducting Focused Personnel Training Sessions to ensure staff awareness and fulfil AML obligations of conducting staff training and awareness.

These practical steps should remain risk-based, that is, proportionate and commensurate to the scale of ML/TF and PF risks faced by the DNFBP from PNG exposure and the nature and size of its business operations as well as its risk appetite.

How Can AML UAE Help DNFBPs with PNG Exposure to Ensure Compliance?

Papua New Guinea’s Grey List inclusion requires DNFBPs in the UAE to reassess the geographic risk element in their EWRA, as well as CRA, to ensure that existing business relationships are within the defined risk appetite.

AML UAE supports DNFBPs with updating and revising EWRA components, recalibrating Customer Risk Scoring parameters, strengthening beneficial ownership verification, and aligning onboarding and monitoring controls proportionately.

AML UAE’s approach ensures that geographic risk adjustments are well-documented, auditable, and consistent with UAE AML regulatory expectations with minimal business disruption.

Grey Listing isn’t a headline risk!

It’s a Governance Test, make sure your AML Framework Aces it!

Request AML Health Check

Frequently Asked Questions – Papua New Guinea Grey Listing

Does PNG’s Grey Listing prohibit business relationships?

No, Papua New Guinea’s Grey Listing requires risk-based decision-making when it comes to business relationships, on the basis of FATF’s recommendation around a risk-based approach.

No, Enhanced Due Diligence measures must only be applied when circumstances warranting EDD present themselves, which could differ from one business to another due to differences in their risk appetite and risk-scoring parameters.

The decision to classify PNG as high-risk solely depends on the business’s inherent risks, residual risks, control measures, and risk appetite. This depends on every business’s own risk-weighing, scoring methodologies, policies and procedures.

PNG was Grey Listed due to systemic weaknesses found in its AML regime, such as poor investigation outcomes, lack of confiscation, unclear beneficial ownership transparency, and lack of proper DNFBP supervision, as identified in the 2024 Mutual Evaluation Report.

The first practical step that UAE DNFBPs can take is to review and document the geographic risk posed by PNG to their business in their EWRA and reassess PNG-linked business relationships accordingly.

Share via :

Add a comment

Related Blogs

How to Ensure Responsible AI Adoption in AML Compliance
31/03/2026

Responsible AI Adoption in AML Compliance

30/03/2026

A detailed analysis of the AML/CFT requirements for lawyers, notaries, and legal professionals in the UAE

28/03/2026

The Complete Guide to the Ultimate Beneficial Owner Verification

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Kuwait FATF Grey Listing – Impact on DNFBPs’ AML Compliance

Kuwait FATF Grey Listing

Kuwait FATF Grey Listing - Impact on DNFBPs’ AML Compliance

Home Author Archives: Pathik Shah
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Kuwait FATF Grey Listing Impact on UAE DNFBPs at a glance:

  • Kuwait was placed on the FATF Grey List in February 2026.
  • The findings in Kuwait’s 2024 Mutual Evaluation Report (MER) identified weaknesses in its Terrorism Financing Risk Assessment and Targeted Financial Sanctions (TFS) implementation.
  • UAE DNFBPs with customers, suppliers, business associates, or branch offices in Kuwait must take risk-based decisions with regard to jurisdiction risk assessments, enhanced due diligence controls, business-wide as well as customer-specific risk assessment parameters.

Kuwait Added to the FATF Grey List: What Happened?

Kuwait is a high-income country due to its strong petroleum-based economy and is ranked 35th most peaceful country in the world by the 2023 Global Peace Index. Despite its economic strength, FATF identified its vulnerabilities related to terrorist acts and terrorist groups operating outside its jurisdiction.

The Mutual Evaluation Report noted that Kuwait’s Obliged Entities have a limited understanding of ML/TF and PF risks they are exposed to, and their AML regime has significant deficiencies in TFS implementation, with a limited scope for freezing and no general prohibition.

Why Was Kuwait Placed Under Increased Monitoring?

The Financial Action Task Force (FATF), the global AML/CFT and CPF watchdog, placed Kuwait on the Grey List after following its standard mutual evaluation procedure.

The FATF 2024 Mutual Evaluation Report assessed Kuwait’s overall effectiveness largely as Moderate, but certain critical areas were rated Low in the context of:

  • Insufficient beneficial ownership transparency
  • Lack of cross-border money laundering investigations regarding currency and bearer negotiable instruments
  • Deficiencies in suspicious transaction reporting (STRs) in non-banking sectors
  • Limited understanding and prosecutions of Terrorism Financing (TF)
  • Inadequate implementation of TFS measures not in alignment with FATF standards.

What This Means for UAE Businesses with Exposure to Kuwait?

UAE-based businesses, such as DNFBPs including real estate agents, brokers, dealers in precious metals and stones, corporate service providers, lawyers and accountants, and gaming sector operators engaging with Kuwaiti customers, suppliers, and beneficial owners, may have practical AML compliance implications.

DNFBPs in the UAE must not apply enhanced due diligence measures or “de-risk” i.e., cut off business ties with all customers belonging to Kuwait; they must apply a risk-based approach.

Customer Risk Reclassification

The addition of Kuwait to the FATF Grey List warrants DNFBPs in UAE to:

  • Reviewing the risk-matrix and risk-scoring parameters of country risk.
  • Re-assessing and re-classifying the ML/TF and PF risk posed by existing Kuwait-linked customers.
  • Documenting and recording the rationale and reasoning behind such customer risk reclassification.
  • Ensuring that risk-adjustments remain proportionate and commensurate to actual ML/TF and PF risk exposure and the business profile of the customer or supplier.

Enhanced Due Diligence Considerations

As established earlier, applying EDD measures as a blanket risk-control mechanism would not align with a risk-based approach. DNFBPs in the UAE must consider taking a risk-based approach and decide whether or not to apply EDD measures, depending on Kuwait-specific factors such as:

  • In the event of coming across corporate customers with unreliable Beneficial Ownership information.
  • Other circumstances warranting EDD, such as:
    • large or unusual transactions
    • transactions without economic or business rationale
    • doubts arising upon the authenticity or veracity of customer information and documents
    • Appearance of red flags in terms of customer behavior or transactions.

Cross-Border Transaction Monitoring

Businesses in the UAE operating in fields like real estate, precious metals and stones, and incorporation services must recalibrate AML/CFT control measures around their cross-border transactions linked to Kuwait so as to ensure that their transaction monitoring frequency is risk-based and commensurate with the risk posed by their Kuwaiti clients or business associates.

Should Your AML/CFT Risk Assessment Be Updated?

Kuwait’s Grey Listing does not automatically require DNFBPs in UAE to apply any blanket control measures, but to take a risk-based approach. DNFBPs must consider how the inclusion of Kuwait in the FATF Grey List impacts the geography risk component of their Enterprise-Wide Risk Assessment (EWRA).

As the geographic risk gets tweaked, based on Kuwait’s inclusion, a DNFBP is required to document and imbibe the same into its AML Programme. Once the AML/CFT Policy is updated, as a result, the Customer Risk Assessment (CRA) methodology needs to be revised to accurately score and classify customers or suppliers from Kuwait. 

DNFBPs are also required to reconfigure their AML/CFT Software and align their Customer Due Diligence measures to ensure that adequate due diligence is performed and risk-based compliance measures are implemented on their existing customers as well as during customer onboarding.

Are your business operations exposed to Kuwait?

You may need to revise and document jurisdiction risk in your EWRA to align with latest FATF Grey Listing.

Get in touch!

Practical Compliance Steps for UAE DNFBPs

DNFBPs in the UAE can take the following practical steps to ensure compliance with AML/CFT obligations.

  • Reviewing Geographic Risk classifications: Enabling reassessment and reconfiguration of risk factors, control measures, risk appetite, and residual risk.
  • Reassessing existing Kuwait-linked clients: Ensuring that changes in their risk profile, if any, have been mitigated with adequate control measures and risk-based decision making.
  • Strengthening Beneficial Ownership Verification: Ensuring that no misuse of corporate structures, complex ownership structures, shell or shelf companies is done to evade UBO identification.
  • Evaluating EDD Thresholds: Ensuring that there is no under- or over-compliance and that due diligence measures remain risk based.
  • Updating Screening and Monitoring Systems: Incorporating Kuwait’s name in Grey Listed countries, Re-KYC cycle configuration, changing transaction monitoring rules, revising triggers for screening, KYC and risk assessment.
  • Documenting Board and Compliance Oversight: Ensuring that no high-risk business relationship with Kuwait based customer or supplier is continued or established without senior management approval.
  • Conducting adequate Staff Training and Awareness: Ensuring that personnel are equipped with the Customer Acceptance Policy and Customer Offboarding Procedures based on inclusion of Kuwait to the FATF Grey List.
  • Implementing adequate Record-Keeping Measures: Ensuring that any changes made to DNFBPs’ policies or procedures, including Kuwait’s name in the FATF Grey List and resultant procedural tweaks, are recorded and documented to fulfil record-keeping obligations and withstand regulatory scrutiny.

How Can AML UAE Help DNFBPs with Exposure to Kuwait?

DNFBPs in UAE having customers, suppliers, intermediaries, or beneficial owners linked to Kuwait may require a focused reassessment of geographic risk factors in their EWRA to ensure that continuing and establishing business relationships with Kuwaiti clients is within their firm’s risk appetite.

AML UAE assists DNFBPs with reviewing EWRA parameters, recalibrating customer risk scoring, strengthening beneficial ownership verification, and aligning screening controls proportionately.

AML UAE’s approach helps DNFBPs ensure that geographic risk remains well documented and consistently aligned with UAE’s evolving AML regulatory expectations, while avoiding under- or over-compliance.

Frequently Asked Questions around Kuwait’s FATF Grey Listing

Does Kuwait’s FATF Grey Listing prohibit business with Kuwaiti clients?

No, FATF Grey Listing does not prevent conducting business with Kuwaiti clients, it only necessitates that businesses take a risk-based approach and continue with the business relationship with Kuwaiti clients after conducting adequate due diligence to mitigate ML/TF and PF risks, if any, posed by them.

UAE DNFBPs need not apply enhanced due diligence as a blanket approach, they must take into account the geographic risk element and decide appropriate due diligence measures. In simple words, stronger due diligence with high-risk customers and simplified due diligence for low-risk customers from Kuwait.

The decision to classify Kuwait as high-risk depends on the individual business’s risk appetite. Many DNFBPs may opt to increase the geographic risk rating, following the FATF grey listing and some may not, depending on their risk appetite. Any adjustment in the internal risk assessments must be adequately documented within the firm’s EWRA.

FATF placed Kuwait in the Grey List due to several deficiencies such as weakness in terrorism financing risk assessment, poor TFS implementation, unclear beneficial ownership transparency in its 2024 Mutual Evaluation Report.

UAE DNFBPs with exposure to Kuwait should consider reviewing geographic risk ratings, conducting KYC of existing customers from Kuwait again, to incorporate geographic risk and re-classify customer risk ratings, reconfiguring AML Software for updating monitoring parameters and documenting the outcome of their compliance review.

Stay updated on UAE AML rules

Monthly guidance, regulatory alerts and practical onboarding tips for DNFBPs.

CONTACT US NOW

Share via :

Add a comment

Related Blogs

How to Ensure Responsible AI Adoption in AML Compliance
31/03/2026

Responsible AI Adoption in AML Compliance

30/03/2026

A detailed analysis of the AML/CFT requirements for lawyers, notaries, and legal professionals in the UAE

28/03/2026

The Complete Guide to the Ultimate Beneficial Owner Verification

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

PEP Screening APIs

Pathik Shah

Last Updated: 02/23/2026

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Brief Overview of APIs for PEP Screening

  • In UAE, PEP screening is a legal requirement as part of AML regulations. APIs help automate the process of identification of PEPs and related parties and applying enhanced due diligence. PEP screening usually requires senior management approval and ongoing monitoring.
  • PEP Screening APIs operate before onboarding and continuously thereafter, supporting risk classification, monitoring status changes, and trigger-based reviews to maintain effective AML controls.
  • APIs for PEP Screening enhance speed and coverage, but reporting entities remain responsible for validation, review, documentation, and corrective actions.

What are the PEP Screening APIs

PEP Screening APIs are software interfaces that determine whether a person is a PEP or related to a PEP, and whether they are a local or foreign PEP. PEP Screening APIs help automate the PEP screening process and enable continuous monitoring of PEP status changes.

Legal and Regulatory Basis for PEP Screening in the UAE

PEP screening in the UAE is a regulatory requirement under customer due diligence and risk assessment requirements. Federal Decree Law No. (10) of 2025 and UAE Cabinet Resolution No. 134 of 2025 outline obligations for identifying PEPs and conducting Enhanced Due Diligence in line with FATF standards.

Regulators also expect that the PEP screening must identify domestic PEPs, foreign PEPs, individuals with prominent positions in international organisations and their family members, and close associates.

APIs automate the identification process by checking individuals with political exposure, along with their associates, by cross-referencing their information against global PEP databases and conducting risk assessments on a real-time basis.

Once the PEP status is identified, entities must apply enhanced due diligence (EDD) and obtain approval from senior management before entering or continuing a relationship with such PEP or related customer.

Reasonable steps must also be taken to establish the source of funds, including the source of wealth.

Failure to properly screen or manage these risks can lead to heavy regulatory penalties, criminal investigations, serious reputational damage, and even business closure.

Where PEP Screening APIs Operate in the AML Lifecycle

PEP screening is not a one-time task; rather, it is an ongoing risk-identification control across the complete customer lifecycle. Customer data is collected, and APIs are used pre-onboarding to screen customers and identify PEP exposure before establishing business relationships.

Customers who are a match, and their associates, are then classified as PEPs, which triggers EDD requirements and are automatically flagged as high-risk.

Entities are obligated to enhance their CDD measures regarding customers identified as PEPs. Senior management approval is required to onboard such high-risk customers, and such transactions are subject to enhanced ongoing monitoring.

These automated APIs run continuously or at scheduled intervals to refresh data to identify if existing clients become PEPs or if their status changes on a real-time basis. Trigger-based reviews must also be conducted when any specific event occurs, such as a change in customer role, new corporate ownership, new regulatory mandates, or high-value transactions.

Ongoing monitoring throughout the customer lifecycle ensures that PEP risk is identified in a timely manner. Delayed or isolated screening compromises the risk-based controls and weakens compliance frameworks.

Distinguishing PEP Screening APIs from Sanctions and Adverse Media APIs

PEP screening APIs deal with the identification of individuals who are most likely to be high-risk individuals because of their political association and high status. PEPs are not restricted from entering into any financial transaction, but they are subject to enhanced ongoing monitoring.

Sanction screening APIs, on the other hand, focus on the identification of such individuals or entities that are listed on sanction lists that include the names of entities involved in illegal activities such as terrorism, drug or human trafficking, and severe human rights violations, published by governments and international organisations. Dealing with a sanctioned entity is prohibited.

Adverse Media screening APIs involve monitoring various sources, such as news articles, public records, and social media, to identify any negative or potentially damaging customer information, such as involvement in criminal activity, fraud, etc. This is done to safeguard a business’s reputation and enable informed decisions.

PEP Screening API Sanctions/TFS API Adverse Media API
Purpose Identify high-risk officials Identify legally prohibited parties Identify reputational/criminal risk
Regulatory Action Triggers Enhanced Due Diligence (EDD), senior approval Requires Asset Freezing/Customer Offboarding/Customer Rejection Risk-based review/Investigation
Legal Status Permissible with controls Illegal to engage Varies based on findings
Data Scope Political figures, associates, etc. Global and local sanction lists News, litigation, public records, etc.

PEP identification only indicates heightened risk, which requires enhanced scrutiny. Treating PEP matches as sanctions hits or criminal findings may result in misapplication of controls, discriminatory treatment, and regulatory confusion.

Accountability for API-Driven PEP Identification and Decisions

API-Driven PEP tools increase the efficiency and accuracy of PEP identification. Although the ultimate responsibility for ensuring that PEP identification is accurate and risk-based lies with the Reporting Entity.

All the PEP matches, including those identified by an API, are required to undergo manual review.

The rationale behind accepting, rejecting, or continuing the business relationship is also required to be documented.

Automated onboarding approvals, termination of a relationship, or de-risking without the approval of senior management can be seen as a governance failure and lead to severe regulatory penalties, legal consequences, and reputational damage. Therefore, automated tools should be used as an aid rather than a replacement for human oversight.

PEP Screening APIs can assist, but cannot take regulatory accountability for the identification of PEPs.

PEP Definitions, Categorisation, and Coverage Risks in APIs

A politically exposed person (PEP) is a natural person who currently holds or has previously held a prominent public function in the UAE or another country.

This includes heads of state or government, senior politicians, senior government, judicial, or military officials, senior executives of state-owned entities, senior political party officials, individuals entrusted with prominent roles in international organisations and their direct family members and associates.

PEPs are usually classified under three subgroups: domestic PEPs, foreign PEPs, and Heads of International Organisations (HIOs).

Although most PEPs are law-abiding, their authority, influence over government decisions, and access to public resources elevate inherent risk compared to the general population.

Risk levels may also vary based on factors such as the PEP’s authority, access to funds, governance environment, corruption exposure in the relevant jurisdiction, and the strength of relationships with associated individuals.

PEP Category API Coverage Risk Compliance Impact
Domestic Failure to identify UAE officials due to outdated local databases Regulatory fines; failure to apply mandatory EDD
Foreign Over-reliance on English-only data, missing non-Latin script names. Onboarding high-risk customers; breach of KYC rules.
HIOs Misclassification of senior staff in regional organisations. Inadequate monitoring of high-risk transactions.
Associates Omission of close, non-familial business partners (RCA). . Inability to uncover hidden beneficial owners or money laundering.

Regulatory Triggers Requiring Review of PEP Screening APIs

Certain triggers may affect identification, and risk classification requires immediate reassessment of API-driven PEP screening controls. Whenever there are updates in legal definitions, supervisory expectations, or regulatory guidance relating to PEP classification, review and updating of screening control is necessary. Revalidation is also required when there are changes in API data sources, algorithms, and risk profiling procedures.

There are various operational events as well that may trigger review of PEP screening APIs, which include high false-negative rates, poor quality databases, inconsistencies between screening results and customer risk profiles, supervisory findings on EDD failures, etc. Entities must conduct comprehensive re-validation, enhance screening controls, increase monitoring frequency, and escalate findings to senior management.

Common Regulatory Failures in API-Based PEP Screening

UAE regulatory reviews have identified various failures in API-based screening frameworks that can affect customer due diligence and enhanced due diligence systems.

A common weakness is reliance on a single external data source without conducting independent validation or periodic quality testing.

Many entities fail to conduct ongoing re-screening, resulting in missed status and regulatory changes after onboarding.

Many times, these systems fail to identify PEP relationships emerging during the lifecycle of a business relationship, including the identification of relatives and close associates.

Lack of proper documentation of EDD measures, risk assessments, approval decisions, etc., is another recurring issue with API-based PEP screening.

Altogether, these weaknesses typically result in high false-negative rates, ineffective risk identification, inadequate monitoring, and non-compliance with regulatory expectations.

AML UAE Services for PEP Screening API Implementation

AML UAE services can help organisations evaluate and strengthen API-driven PEP screening frameworks.

Politically Exposed Person (PEP) screening poses several onboarding, identification and relationship management challenges.

AML UAE can help mitigate these risks by providing specialised independent review, API validation, EDD alignment, and remediation of PEP frameworks.

Engagement with AML UAE experts is particularly important when PEP screening is fully or partially automated, enhanced due diligence practices are inconsistent or challenged, or regulators question PEP identification effectiveness.

Internal Capability Level AML UAE Specialist Support
Documented policies, periodic API validation, consistent EDD approvals, and an effective audit trail Independent technical validation and benchmarking
Partial governance, limited testing of API outputs, and inconsistent EDD documentation Focused framework review and control enhancement
Heavy vendor reliance, minimal oversight, unclear PEP classification logic End-to-end framework assessment and redesign
Findings on EDD failures or missed PEPs Structured remediation and regulatory response support

FAQs About PEP Screening APIs in AML Compliance

Are PEP screening APIs allowed under UAE AML regulations?

In the UAE, APIs can be used for PEP screening; however, the ultimate responsibility of risk assessment and EDD remains with the reporting entity and senior management.

Yes, PEP identification can be automated in the UAE along with human oversight.

If a PEP is missed by an AML API, it can lead to EDD failures, supervisory findings, and potential regulatory breaches.

Screening must be conducted at onboarding and on an ongoing basis, and whenever there are trigger events and data refresh cycles.

PEP screening identifies high-risk political figures for enhanced monitoring and EDD, while adverse media screening identifies unverified, negative news, offering earlier risk warnings, and sanctions screening covers the identification of restricted entities to avoid legal liability.

Entities must properly document and retain screening results, data sources, classification rationale, EDD measures applied, and approval records.

Unsure if your watchlist screening meets UAE AML requirements?

Partner with us to strengthen your sanctions and watchlist compliance framework.

Contact Us Now

Explore Our Services:

AML/CFT Policy Drafting

AML Training

AML Software Selection

Regulatory Reporting

Managed KYC and CDD

AML/CFT Health Check

Risk Assessment Report

Contact Us Now

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik