What skills should an AML compliance officer possess?

What Skills Should an AML Compliance Officer Possess?

Protect your business with reliable and effective AML strategies with AML UAE.

What skills should an AML Compliance Officer Possess?

Every profession and professional requires specific skills, knowledge, and accreditations to operate professionally, and an AML Compliance Officer is not an exception to that. This is quite apparent as professional mistakes can have severe consequences, especially when we are battling against brutal crimes like money laundering and financing terrorist groups or activities. Therefore, such designated officers should meet the fundamental requirements when an organization decides to recruit for this position.

Emphasising that such designated Compliance Officer should meet fundamental AML Compliance requirements and have important skills like Regulatory Expertise, Industry Knowledge, Risk Assessment, Ethical Judgment, Integrity, Critical and Analytical Thinking.

This article discusses the must-have skills for every professional anti-money laundering compliance officer.

What is an AML Officer/MLRO?

An AML Officer or Money Laundering Reporting Officer (MLRO) is responsible for establishing AML Compliance Program to prevent money laundering and assist the organization in complying with the relevant provisions of the Anti-Money Laundering Law. The AML Officer carries out the AML risk assessment, prepares AML policies, procedures and guidelines and implements the same. The MLRO monitors AML related issues on a day to day basis, evaluates and escalates the matter to the senior management and the legal authorities.

Essential skills of an AML Compliance Officer

AML Compliance Officers have critical role in ensuring that a business operates within the regulatory framwork. Therefore, a Compliance Officer must possess certain key attributes like Regulatory Expertise, Strong Ethical Judgment, Analytical and Risk Assessment skills and other relevant knowledge. Here are a few skills that are must for an AML Compliance Officer to manage his or her duties most effectively and efficiently.

Integrity

Integrity is a vital characteristic for all professionals across the globe. Trusting one’s employees is very crucial for any business organization if the business belongs to a high-risk quotient industry. Anti-money laundering Compliance Officers should be transparent with other employees of the Company, and there should be utmost trust among the employees within the same organization. All the employees must know each other in order to minimize the overall margin of error. It will keep any internal confusion, doubts, and identity biases at bay.

Industry knowledge

This is the essential thing and goes even without saying. Without adequate industry knowledge, no professional will be able to perform their assigned responsibilities with utmost perfection and efficiency. Anti-money laundering Compliance Officers should also know and follow their own industry well so as to keep themselves updated on developing trends.

The Compliance Officer should also have prior experience and knowledge in developing robust Customer Due Diligence (CDD) processes and identification of risks. He / She shall also have a certain level of authority necessary to take AML/CFT-related decisions independently.

AML Compliance Officers must be aware of the latest developments in the money laundering segment revolving around the concerned industry. With the constantly evolving state of technology, money launderers might find a loophole in the system and apply a new method of executing their ill intentions. An efficient AML Compliance Officer should have an idea about whether the criminals are developing new and powerful tactics or not.

Attention to details

The technologies related to AML regulations are being renewed and upgraded frequently to trace the money laundering and financing of terrorism. Hence, it requires professionals in the industry to keep themselves updated with the latest changes in order to identify any unusual activity before it is implemented or has any destructive effect on the business or the economy. In addition to that, legal requirements also keep on changing every then and now.

Therefore, to adhere to those rules and regulations, AML Compliance Officer must pay attention to recent updates or upgrades and understand such developments most effectively and efficiently. However, it is essential to note that both technological and legal requirements differ from one jurisdiction to another.

Risk assessment

Risk assessment is an integral part of the entire compliance process. A Compliance Officer is expected to be aware of the risks involved while dealing with finance-based crimes. Employees or professionals working around AML/CFT policy primarily focus on minimizing the risks involved in every possible or doable way.

Anti-money laundering Compliance Officers must consider all the factors that directly or indirectly contribute to risk scoring, as prescribed under their organization’s internal policies and procedures related to AML/CFT.

Considering all of these risk scores, the Compliance Officer will be able to make better and data-driven business decisions. This would also help in gauging the business impact or implications clearly.

Ability to interpret

Anti-money laundering Compliance Officers basically decide whether a particular customer or transaction can be construed as suspicious one the basis of the triggers generated. Data is the only essential element needed for making optimal business decisions. Therefore, the ability to interpret the behavior or indications becomes an integral part of the Compliance Officer’s responsibilities.

There may be plenty of data available to the business organization from different sources, making it challenging to analyze and interpret the data.

However, the Compliance Officers should be adequately trained to determine value from such complex data. While the Compliance Officer is introspecting the voluminous data, extra attention should be accorded to the identification of any unusual transaction or activity, or customer. In addition to that, an AML Compliance Officer must be skilled in drawing logical conclusions from the observations made from the data.

Compliance. Trust. Transparancy

Customized and cost-effective AML compliance services to support your business always

Problem solving

There are pretty high chances that an AML Compliance Officer encounters a lot of problems on a daily basis. Additionally, as the industry is quite volatile, and to keep pace with the same, the Compliance Officer should have a problem-solving approach, with a primary focus on arriving at the appropriate solutions. The financial sector has a high element of risk involved, and hence, the Compliance Officer must have an extravagant problem-solving approach in order to come up with remedial actions or competitive strategies.

It is important to note that practical problem-solving will come up naturally only with analytical and creative thinking, added with experience.

Moreover, Compliance Officers also need to tackle the hardships triggered due to uncertain regulatory changes.

Knowledge about vulnerability

Compliance officers must have knowledge of various policies released by the Government in relation to AML/CFT. This helps detect security vulnerabilities that might arise in the systems without much of hardships or challenges.

In addition, anti-money laundering Compliance Officers are expected to have a clear and better understanding of response regulations, ISO standards, abuse & controlling policies, evaluation & monitoring techniques, and safety standards like performance reporting.

IT knowledge

The use of Anti-money laundering software is quite common among Compliance Officers. Though the Compliance Officer may not be required to operate such software, yet having the basic knowledge is important. Being aware of the latest business technologies that offer an error-free session allows AML Compliance Officer to successfully perform his responsibilities towards AML/CFT regulations.

Critical thinking

Irrespective of the industries the professionals are indulged in, critical thinking is required by all. Analytical and critical thinking is a vital element for analyzing data and making some competitive strategic decisions. The fundamental principles required to inculcate creativity in one’s thinking include situational analysis, open-mindedness, brainstorming, providing contexts and conclusions.

Clear and effective communication

Irrespective of the profession or the industry, in order to perform tasks and duties effectively and efficiently, one should have the skill of clear and effective communication. The financial industry is full of uncertainties and involves high levels of risk. Hence, it becomes incredibly crucial to communicate the details with the relevant stakeholders clearly. Even if one tiniest information is not communicated properly or missed out, there may be some irreversible repercussions on the business organization and economy as well.

In addition to that, clear and effective communication is a must for an anti-money laundering Compliance Officer because he is the one who is in touch with almost all the employees of the business enterprise and also has the responsibility to report suspicious transactions to the Financial Intelligence Unit of UAE on behalf of the organization. Therefore, a Compliance Officer is expected to share essential information with the Company’s staff at a specific time to ensure adherence to AML/CFT regulations.

Final words

All the ten skills mentioned above clearly establish the importance of a Compliance Officer in Financial Institutions(FIs), Designated Non-Financial Businesses and Professions (DNFBPs), and Virtual Assets Services Providers(VASPs). AML Compliance Officer must possess these skills to ensure the smooth and hassle-free working of the Company and safeguarding it against the vice of money laundering and financing of terrorism. However, it is very challenging to find a Compliance officer who possesses all such necessary skill sets. Here we may come to your assistance; we can assist you in recruiting such AML compliance officers from our wide range of databases.

AML UAE provides Anti-Money Laundering Consulting Services to help you remain compliant with UAE AML Laws. Get in touch with us for your Anti-Money Laundering Compliance requirements.

Frequently Asked Questions (FAQs)

A UAE compliance officer is the one who implements the AML program for a company. Their AML roles and responsibilities include undertaking KYC, screening, and risk assessment, reporting suspicious transactions, implementing AML policy, providing AML training to employees, and maintaining records for a period not less than 5 years.

An AML Compliance officer is responsible for ensuring a company’s compliance with the AML policy. They must have the necessary compliance officer skills to manage the AML compliance requirements.

An AML compliance officer or money laundering compliance officer ensures that the company complies with all the requirements and processes of AML regulations.

Here are a few responsibilities of an AML compliance officer.

Creating, implementing, along with managing an organization’s compliance program

Coordinating with regulatory authorities

Planning, implementing, and overseeing the problems related to various types of AML/CFT risks

Developing and coordinating proper reporting channels for issues pertaining to effective compliance

Building effective communication channels for the Company’s compliance with AML/CFT regulations

Coordinating and scheduling necessary compliance training for the concerned employees

To become a Compliance Officer in AML, you need combination of following skills:

Proven experience of working as an AML Compliance Officer

Hands-on experience in risk management

Sufficient knowledge of legal controls and requirements

Familiarity with professional standards and industrial practices

Extravagant communication skills

Business acumen

Professional ethics

Teamwork skills and people management

Supporting educational degrees or professional certifications

The best possible practice for AML compliance can be the following:

Appointment of a designated competent Compliance Officer
Conducting AML Business Risk Assessments periodically
Developing a robust AML policy containing adequate procedures and controls and keeping them updated per new amendments.
Applying a risk-based approach while conducting CDD and KYC processes.
Proper Record-keeping measures and training of the staffs.

Share via :

Add a comment

Related Blogs

10/12/2025

AML Implications for Politically Exposed Person (PEP)

Benefits of Well-Articulated Business Risk Assessment

09/12/2025

Regulator-Ready Business Risk Assessment for VASPs in UAE

08/12/2025

What is a White-Collar Crime and Its Inter-Relationship with ML/TF

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Customer Identification – A Critical Component of AML Compliance

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

What is Money Laundering?

Money Laundering is the process that hides the origin of illegally obtained money and runs it through banking or any other legit financial institution to make it appear as an income received from legitimate resources. This illicit money is then invested in funding criminal and terrorist activities.

Significance of AML compliance for businesses and financial institutions:

As per AML/CFT legislation in UAE, Financial Institutions, Designated Non-Financial Businesses and Professions (DNFBPs), and Virtual Assets Service Providers (VASPs) are required to establish a comprehensive AML/CFT compliance framework. This framework would support the entities in overcoming vulnerabilities related to money laundering, terrorism financing and proliferation financing.

What is Customer Identification?

Financial Institutions have specific procedures to identify and verify customer identities. Customer Identification is one of the basic steps that DNFBPs, and Financial Institutions and VASPs must follow to verify the identity of the prospective customers. It helps identify legitimate businesses, individuals, and institutions so that one may enter into a business relationship with them. In simple words, the customer identification program demonstrates a series of steps that establish the legitimacy of the customer’s identity.

Role of customer identification in AML compliance

Customer identification is the most crucial stage while conducting AML compliance. This is the stage where various checks are applied to verify the identity of the potential client and beneficial owner. On the basis of identification documents, a decision is made about whether to conduct business with this prospective client. After this stage, the clients are rated based on the ML/FT risk they pose to the business.

Components of the Customer Identification Program

UAE has adopted a progressive approach to AML compliance. The AML regulations and the guidelines issued by the Supervisory Authorities provide stringent customer identification procedures that DNFBPs, VASPs and Financial Institutions must follow to identify suspicious transactions. This customer identification procedure is also generally referred to as Customer Due Diligence.

Each country can determine how it implements the necessary CDD process by making a law or using other enforceable methods. It is noteworthy that the Financial Action Task Force (FATF) provided recommendations around Customer Identification Program – international guidelines to combat money laundering and terrorist financing.

Steps in Customer Identification

The CDD measures implemented involve the following steps:

Verify Customer Identity: Identifying the customer and customer identity using independent reliable data.
Identify UBOs: Determine the Ultimate Beneficial Owners, verify their identity, which provides a satisfactory answer to the DNFBPs, FIs and VASPs about true ownership. It gives a clear idea about the control exercised on the customer. Read The Complete Guide to UBO Verification.
Purpose of Business: Obtaining information about the customer’s business activities and understanding the objective of the business relationship.
Continuous monitoring: Continuous monitoring and due diligence is done on the business association and thorough examination of transactions is carried out during the business relationship.

All the processes mentioned above apply to all the customers.

As per the AML Laws, DNFBPs, VASPs and Financial Institutions should follow the above-discussed process to strengthen their AML framework. The Compliance Officer must ensure the adherence to the norms of the Customer Identification Program and keep the process in sync with the AML laws and regulations as prevalent in the UAE and the FATF Recommendations.

Technology & AML Compliance

With the help of technology and advanced AML software, organizations can create a close-knit AML framework. A good customer identification program must have written policies to follow. A clear protocol for customer identification weeds out any ambiguity and provides the regulated entities an apparent reference while implementing the customer identification policies. The policy should clearly mention the customer’s requirements while establishing the business relationship.

DNFBPs, Financial Institutions and VASPs should be aware of the process listed in the AML rules and regulations to identify unusual patterns and suspicious transactions immediately. It is important to note that continuous monitoring is required to evaluate the risk profile and update the risk assessment process to identify any money laundering instances. AML software is highly beneficial in identifying cases of identity thefts and increasing data security. It helps retain the customers’ trust and protects the institutions’ goodwill in the market.

Strict Verification System

The AML software will introduce an effective customer verification system. It helps prevent identity thefts and verifies the criminals who are trying to hide behind the legal system.

AML training will provide the employees with the correct information and inform them regarding the proper processes to be followed while identifying suspicious activities.

AML software can prevent money laundering. Employees can create risk profiles based on information from multiple sources, such as public records, including information about immigration, current criminal history, and previous legal issues. It also provides information on asset tracking, which verifies if the customers are the real owners of the property they claim to be. On-site inspections can also be conducted if there is any suspicion regarding the details and documents furnished.

An independent audit process is required to fulfill the requirements of the independent anti-money laundering regulatory bodies, which ask for a periodical audit. The CIP will ensure that the organization implements the AML guidelines correctly and adheres to the AML rules and regulations. An independent audit will keep the business on its toes, and it will diligently follow the AML rules and regulations.

UAE follows the recommendations closely by adhering to the CDD and record-keeping processes to identify suspicious accounts and transactions and report suspicious activities.

Creating an effective AML compliance program is crucial for customer identification. The policy with a strict customer identification process identifies and deals with the challenges of the money laundering process and prevents financing of criminal and terrorist activities.

AML UAE: AML Compliance Consultants

If you need help with AML compliance, you can always trust AML service providers like AML UAE. A reliable consulting firm that offers complete AML solutions – it is a one-stop destination for AML compliance dedicated to the UAE market. AML UAE team has the right exposure and the requisite skills, updated knowledge, and training to provide AML and CFT compliance. Get Documentation of AML/ CFT policies, AML training, assistance in Annual AML/ CFT Risk Assessment Report and setting up an In-house AML compliance department, AML software selection and AML/ CFT health check-ups.

FAQs

The customer identification process is the process of identifying customers through verification of their identity documents and other reliable data to assess their risk to your business.

Customer identity can be identified by checking their identity documents and seeing if their name is found in Sanction Lists or PEPs.

Customer identification and verification is a process of obtaining information from customers, verifying it, and recording it to identify each customer that your company is onboarding. You must also check if that customer appears in any Sanction Lists, Politically Exposed Persons (PEPs) lists, or government terrorist lists.

The vital elements of customer identification programs are:

Customer identification and verification
Identification of UBOs
Understanding the objective of their business
Periodic review and continuous monitoring

The customer identification process is carried out in 4 steps:

Verify Customer Identity
Identifying UBOs
Purpose of Business
Continuous monitoring

The documents for customer identification depend on whether the customer is an individual or a corporate.

For individuals:

Documents for identity verification: Passport/Emirates ID/Any other government-issued ID bearing photo

Documents for address verification: Recent Utility Bill/Municipal Tax Record/Property Purchase or Rent agreement/Insurance Policy

For corporates:

Documents for identity verification: Certificate of Incorporation/Memorandum of Association/Articles of Association/Trade License

Documents for address verification: Recent Utility Bill/Municipal Tax Record/Property Purchase or Rent agreement/Insurance Policy

Customer identification is necessary to check any potential client’s background and ensure that the client is genuine and has no criminal or illicit intentions to carry out any financial crime.

Banks can set up a comprehensive framework for customer identification consistent with the regulations set up by the Central Bank of UAE.

There can be various instances where suspicion can arise. But some compliance measures like proper training for the frontline staff, keeping up with the updates of the regulators, using robust screening and monitoring software, etc., can help identify suspicious activities and safeguard entities from financial criminals.

Add a comment

Related Blogs

10/12/2025

AML Implications for Politically Exposed Person (PEP)

09/12/2025

Regulator-Ready Business Risk Assessment for VASPs in UAE

08/12/2025

What is a White-Collar Crime and Its Inter-Relationship with ML/TF

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Money Laundering risk associated with nominee shareholders and directors!

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

Money Laundering risk associated with nominee shareholders and directors

There is a significant Money Laundering risk involved with Nominee Shareholders and Directors as they are misused by criminals to conceal the true identity of the beneficial owners.

What is Nominee Shareholder/Director?

To conceal the identity of the true beneficial owner or the controlling interest, the entities get into an arrangement wherein a nominee shareholder or director is appointed. A nominee shareholder is a person whose name the shares are registered, however, for the benefit of some other person. At the same time, a nominee director is appointed to the entity’s board to represent somebody else’s interests. In most cases related to the nominee arrangement, the person appointed as shareholder or director is just for the namesake. At the same time, the actual beneficiary or the controlling party is different, and a contract governs the entire arrangement.

Various professional service providers, such as Trust & Company Service Providers, Lawyers and Accountants, offer formal nominee services by allowing their name to be used as nominee shareholder or director against professional fees.

Sometimes, informal nominee arrangements are used to hide the beneficial ownership through families and friends.

Why is the Nominee Shareholder/Director arrangement used?

Some of the nominee arrangements are backed by law, wherein the law mandates the presence of a legal representative in the country of operations, different from the country of the beneficial owner. However, the primary purpose of the nominee arrangement is to hide the identity of the beneficial owners by creating a false layer of ownership or management structure.

Such nominee shareholders and directors are vulnerable to being exploited by financial criminals to administer and control the entity to conduct money laundering or terrorism financing (ML/FT) activities without being disclosed as beneficial owners owning or operating the entire nominee structure.

Red flags associated with nominee shareholders and directors

When the public filings about the entity happen in the name of the registered shareholder or director, who is acting on behalf of someone else, then the actual controlling parties hide behind the veil of nominee arrangement.

The money laundering and terrorist financing potential risk indicators associated with nominee arrangement include the following:

Ultimate Beneficial Owner (UBO) declared for the entity is also listed as UBO of the other registered business entities, and UBO is a professional corporate Service provider,
The reason for the nominee arrangement is not apparent or does not make business sense,
Family members acting as nominee shareholders or directors without any business rationale,
When the actual controlling person is a Politically Exposed Person (PEP) or an individual having negative media reports,

The nominee shareholder or the director is not able to explain the entity’s business activities and corporate history,
The nominee shareholder or the director refuses to provide the necessary information and documents required for registration,
The name of the entity does not match the business activities of the entity.

Mitigating the Money Laundering risk associated with nominee shareholders and directors

To combat the money laundering and terrorism financing risks posed by the nominee arrangement, the UAE authorities have implemented various regulations mandating the nominee shareholders and directors to self-declare such nominee arrangements to promote transparency around the ownership structure.

In one of the documents issued by the Ministry of Economy, named “Nominee Shareholder/Director – formal or informal”, the Ministry requires the Company Registrars to apply enhancing controls for monitoring and regulating the nominee arrangements in the UAE to ensure transparency around beneficial ownership. The Registrar must obtain the details from the registered shareholder about their status as nominee and, if so, information about the actual controlling person operating the transactions.

The document issued by the Ministry of Economy recommends Registrar to apply the below-mentioned additional measures to mitigate the ML/FT associated with nominee arrangements:

Obtain and review the nominee agreement,
Understand the name of the nominee arrangement and the legitimacy of the purpose of the same,
Classify all the entities with nominee arrangements as “high risk” from ML/FT perceptive,
Apply Enhanced Due Diligence measures,
Ensure that all UBOs are declared, and their identity is verified.

How can AML UAE assist you?

Though the primary responsibility lies on the Registrar to apply enhanced due diligence measures on entities having nominee arraignment, it is recommended that all regulated entities – Financial Institutions, Designated Non-Financial Businesses and Professions and Virtual Asset Service Providers apply due measures when dealing with such nominee shareholders or directors and mitigating the associated ML/FT risks.

AML UAE is one of the leading AML Compliance service providers in the UAE, offering end-to-end support to regulated organizations to manage their AML Compliance and safeguard their business. Let’s together fight the exploitation of the nominee arrangement from being used as a vehicle for conducting money laundering and terrorism financing by customizing our policies, procedures and controls.

Avail comprehensive, expert, and efficient services for
AML compliance matters

Contact our team at AML UAE.

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

TFS Implementation Criteria: Ownership, Control, and Acting on behalf of a Designated Person

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

TFS Implementation Criteria

Targeted Financial Sanctions are restrictions imposed on Designated Persons from the financing of terrorism and proliferation perspective, mandating the business organizations not to make any funds or assets available to such Designated Persons.

Targeted Financial Sanctions Legal Framework in UAE:

Article 16(e) of Federal Decree-Law No. 20 of 2018 (as amended by Federal Decree-Law No. 26 of 2021) requires the prompt application of the directives issued by the UAE’s competent authorities for implementing the decisions of the UN Security Council under Chapter (7) of UN Convention for the Prohibition and Suppression of the Financing of Terrorism and Proliferation of Weapons of Mass Destruction, and other related directives.

UAE Cabinet Decision No. 74 of 2020 establishes the framework regarding Targeted Financial Sanctions (TFS), including the Local Terrorist List and the UN Consolidated List and the procedures to implement TFS.

Any non-compliance with the obligations of Cabinet Decision No. 74 of 2020 or failure to implement procedures to ensure compliance may result in imprisonment for a minimum period of 1 year, up to 7 years, and/or a fine ranging between AED 50,000 and AED 5,000,000. Further, the Supervisory Authorities may impose any other appropriate administrative sanctions, such as issuing a warning letter or canceling the business license for any violation or shortcoming in implementing TFS obligations.

TFS Implementation Criteria 1: Ownership or Majority Interest

While implementing TFS with respect to designated individuals and entities listed on the UAE Local Terrorist List issued by the UAE Cabinet (in line with UNSC 1373) and on the UNSC Consolidated List issued by the United Nations Security Council, it is essential to take into account the following criteria viz., ownership, control and acting on behalf of a Designated Person.

TFS must be implemented on a legal entity if a Designated Person (natural or legal) owns the entity. Suppose the designated individual or entity owns more than 50% of the proprietary rights or has a controlling interest in the entity. In that case, such an entity is considered owned by the Designated Person and is subject to a freezing mechanism.

Since the Designated Individual/Entity owns more than 51% of the non-designated Company A, the funds or other assets of Company A must be frozen immediately.

Since Entity 1 and Person 1 own 24% and 25% shares of Company A, they will not be treated as designated persons, and the freezing mechanism will not be applied to them.

If the Designated Person holds 50% or less of the proprietary rights of a non-designated entity, such an entity is not subjected to the freezing mechanism.

Any funds or other assets due to the designated person’s 31% ownership of proprietary rights in Company A must be subject to a freezing mechanism.

The reporting entities must remain vigilant on the changes in the ownership structures of non-designated entities where the designated person holds 50% or less of the proprietary rights.

TFS implementation Criteria 2: Control

Suppose the Designated Person has control over the non-designated entity despite having a minority interest in such entity. In that case, Financial Institutions (FIs), Virtual Asset Service Providers (VASPs), and Designated Non-Financial Businesses and Professions (DNFBPs) are required to apply freezing measures.

To determine whether the designated person exerts control over the non-designated entity, the following criteria need to be taken into account:

Check if the Designated Person has the right to appoint or remove a majority of the members of the legal entity’s management,
Check if the Designated Person is appointed solely as a result of the exercise of his voting rights as a majority of the members of the management body of a legal person who has held office during the present and previous financial year,
Check if the Designated Person is, alone, controlling the majority of shareholders’ or members’ voting rights in the legal person, pursuant to an agreement with other shareholders in or members of a legal person,
Check if the Designated Person has the right to exercise a dominant influence over a legal person, pursuant to an agreement entered into with that legal person or to a provision in its Memorandum or Articles of Association, where the law governing that legal person permits its being subject to such agreement or provision,
Check if the Designated Person has the power to exert the right to exercise a dominant influence referred to in point (d) without being the holder of that right,
Check if the Designated Person has the right to use all or part of the assets of that legal person, e.g., managing the business of that legal person on a unified basis while publishing consolidated accounts,
Check if the Designated Person shares jointly and severally the financial liabilities of a legal person or guarantees them,
Check if the Designated Person has a power of attorney or authorized signatory arrangement over a legal person.

In the above scenario, despite holding the minority interest in the non-designated Company A, the freezing measures must be applied without delay as the Designated Individual/Entity exerts control over Company A by holding the majority of the voting rights.

TFS implementation Criteria 3: Acting on behalf or at the Direction of the Designated Person

FIs, DNFBPs, and VASPs must apply TFS measures on individuals and entities holding power of attorney or acting as authorized signatories for designated persons.

In the above scenario, the Designated Person exerts control over Company A through a Power of Attorney issued in favor of a Non-Designated Person. Hence the funds and other assets of Company A must be frozen without any delay as it would be treated as being controlled by the Designated Person via Power of Attorney.

About AML UAE

AML UAE is an AML consulting firm assisting FIs, VASPs, and DNFBPs in complying with the AML Laws in UAE. Be it goAML registration, AML/CFT Program design and implementation, AML training, or TFS implementation, AML UAE is your one-stop solution for all your compliance worries. With AML UAE, ensure a robust TFS framework and fight the financing of terrorism and proliferation.

Avail comprehensive, expert, and efficient services
for AML compliance matters

Contact our team at AML UAE.

Share via :

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Adverse media and social media checks under AML compliance

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

Adverse media and social media checks under AML compliance

Customer Due Diligence (CDD) is the most critical element of an AML compliance framework. The purpose of conducting CDD is to collect information about customers and verify their identities and legitimacy around the proposed or executed transactions. Adverse media and social media checks can significantly assist in concluding your search for a customer’s identity and avoiding onboarding the customer involved in money laundering or any criminal activities.

Adverse media means negative news or information about customers in publicly available sources or articles. The media sources may include TV, newspapers, radio, magazines, web articles, blogs, etc. If there is any negative mention of the customer in such media sources, it is adverse media or negative news.

Social media platforms, such as LinkedIn, Facebook, Twitter, etc., contain the customer’s profile, known publicly. Also, such platforms sometimes contain references to negative news about the customer.

Though negative news screening has received very little regulatory attention, it is a critical part of CDD.

As a best practice, companies have incorporated adverse media screening and social media monitoring in their CDD processes. It helps you find your customer’s connections with or involvement in suspicious activities.

This article focuses on understanding its importance in CDD measures.

Regulations on adverse media and social media checks

The Financial Action Task Force (FATF) recommends that organizations include adverse media checks in their AML customer onboarding processes. Further, the AML regulations applicable in UAE also provide that the regulated entities look out for negative news for high-risk customers from reliable, independent sources.

Open media sources should be screened to gather the information around the following to build the customer risk profile effectively:

Business Type
Nature of business
Past criminal investigations
Regulatory penalties

Further, social media should be checked to ensure the customer information shared with the company matches the person’s social profile, such as the name the person is socially known by, the name of the employer, location, etc.

Importance of adverse media and social media screening

Building client’s risk profile

Any client can be a threat to your business or reputation. So, before forming a business relationship, you need to know them thoroughly.

Getting information about customers’ details from reliable and independent sources provides you confidence in the details furnished by the customer.

Not only during customer onboarding, but you can also keep a constant check on your customers. Frequent checks allow you to check for any change in the risks. If there is any change in data, you can update the risk profile.

Protecting oneself against reputational risks, penalties, and fines

Creating a fake profile and hiding the real identity is easier in the ever-evolving digital world. A fake identity is used to cover or carry out illegal transactions. Along with CDD measures, adverse media and social profile screening help you detect customers’ connections with criminal activities. If you turn a blind eye to this process and avoid the information known to the world, you would be exposing yourself to criminal activities, thus, resulting in the imposition of fines or penalties. Thus, you must monitor regular adverse news to avoid risks, AML penalties, and fines.

It helps you detect any suspicious transactions with your customers. It also helps you recognize any characteristics or patterns in a customer’s profile that may lead to suspicious activities in the future. So, you can remove any possible chances of attacks on your reputation due to association with money laundering activities.

Sources for negative news and social profile screening

Companies refer to many official and unofficial data sources for finding information about their clients. You can find insights on the customers from the following data sources:

Government databases
Newspaper articles
Online forums
Corporate websites
Social media feeds (LinkedIn, Facebook, Twitter, etc.)
Blogs
Legal prosecutions
Research portals and Private databases

You may not trust some of these unstructured data sources. But the onus lies on you to check the credibility and quality of information. You must confirm the information with other sources to check if it is fake, biased, or partial.

Best practices to implement negative news & social media screening

Some of the best practices to adopt to improve your process of collecting adverse media and checking the social profile of your clients are:

Keep your customer data up-to-date and complete

Ensure completeness and correctness of basic demographic information about your customers. Inaccurate and incomplete information serves no purpose while conducting an advanced search on your clients. When checking negative media mentions in a tool, companies use these primary details to match the new-found information. Thus, core customer data has to be complete and accurate to determine the relevancy of the negative news found or the customer’s social presence.

Create a sound negative news & social media screening policy

You cannot just collect their information and conduct adverse media checks when onboarding new customers. You need a well-laid-out policy and methodology for conducting these searches to ensure effectiveness and quality in less time.

You can prepare a standardized template to collect the necessary information and document the same. It must have fields like:

Customer details
Name of the individual who performed the screening
Date and time of the screening
Information found, along with source and URLs
Context of information
Conclusion
Possible actions to take.

Basis the research and conclusion, you can recommend relationship termination or filing of suspicious activity report if you suspect the customer’s involvement with money laundering or terrorism financing.

Engage in regular adverse media monitoring

Your job does not end with a one-time screening of adverse media at the time of customer onboarding. You must regularly check your customers’ social profiles and negative remarks on public sources.

There is a possibility that during onboarding, the customer was fair. But they may engage in money laundering or similar financial crimes later in their operations. So, regular adverse media or news checks on your customers are vital.

Invest in an online tool to screen negative news

In some companies, adverse media check is a manual process. But it is time-taking, tedious, and tiresome, sometimes resulting in errors or missing essential information.

Tech solutions and software are in trend that screens numerous news sources worldwide to generate more accurate results. These tools generate negative news for every category of financial crimes and provide the source details of such news.

The paramount need is for the solution to track many media and news sources and generate complete, verifiable information.

Companies have started using AI-based media monitoring solutions. The tool sifts through credible and current media and news to find any material on customers. You can set parameters for a relevant search, analyze the results, and take necessary action.

Thus, your customer onboarding process becomes faster and more trustworthy with an intelligent technology solution.

The technological tool must have the following features and functionalities:

Customized alerts
Fast research and retrieval of information
Comprehensive list of worldwide data sources
Supports multiple languages
Batch processing
Real-time updates and notifications for changes in the risk status of existing customers
Access to updated watchlists, Sanctions, and PEPs
Intelligent category tagging

How can AML UAE help you streamline your CDD process with robust negative and social media screening?

You must conduct regular negative media and social media searches to check for any possible connection of customers with financial crimes. Make it a practice before onboarding new customers, during regular monitoring, and in event-triggered exercises. It makes your customer due diligence efficient and effective.

To ensure you do not go wrong with adverse media screening and social media checks, it is best to engage an expert AML services provider – AML UAE, to set your processes right.

AML UAE is a leading provider of the following professional services related to AML:

Carry out a business risk assessment
Develop a customized AML/CFT policy
Assist in setting up an in-house AML compliance department and team
Conduct AML training for employees
Manage KYC and CDD
Support in selecting a suitable AML software
Assist in regulatory submissions
Conduct AML/CFT health checks

Contact us if you need assistance managing your KYC and due diligence processes. We verify your customer’s details, including negative news screening, and share the customer’s risk profile with you. We ensure you precisely know whom you are dealing with to reduce the threats of financial crimes. So, manage or mitigate your risks well with AML UAE’s team.

Make your Customer Due Diligence process effective
with actionable insights from AML UAE.

Reach out to our team.

Share via :

About the Author

Dipali Vora

CAMS, ACS

Dipali is an Associate member of ICSI and a Certified Anti-Money Laundering Specialist (CAMS). She has an overall experience of 8 years in the compliance domain, including Anti-Money Laundering, due diligence, secretarial audit, and managing scrutiniser functions. She currently assists clients by advising and helping them navigate through all the legal and regulatory challenges of Anti-Money Laundering Law. She helps companies to develop, implement, and maintain effective AML/CFT and sanctions programs.

Reach Out to Dipali

AML regulations for Virtual Assets Service Providers in UAE

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

AML regulations for Virtual Assets Service Providers in UAE - Crypto AML Regulations in UAE

With the growing acceptance and attractiveness of Virtual Assets and the ever-increasing prominence of blockchain technology across various sectors of life, the Virtual Assets industry is booming in leaps and bounds. The virtual assets segment is directly impacting the financial sector and the economy as a whole.

With the increased movement in Virtual Assets, the need for intermediaries is also rising who can support and facilitate these transactions. We generally call them “Virtual Assets Service Providers.”

Given the above, it is critical to understand what the terms “Virtual Assets” and “Virtual Asset Service Providers” mean.

What is Virtual Assets?

Before we go to the phrase – Virtual Asset Service Provider, it is very critical to understand what Virtual Asset (“VA”) is and what all can be classified as such. As laymen for us, Virtual Assets are cryptocurrencies. But in reality, the VA is a broad concept evolving every moment, even as we read this.

Here, we can refer to the definition of “Virtual Asset” as prescribed by FATF, which reads as under:

“ a digital representation of value that can be digitally traded or transferred and used for payment or investment purposes.”

Recently, in the Cabinet Resolution No. (111) of 2022, the phrase “Virtual Asset” has been defined as under:

A digital representation of the value that can be traded or transferred digitally, can be used for investment purposes, and does not include digital representations of paper currencies, securities or other funds.

As apparent from the definition, the critical elements of a Virtual Asset are as under:

VAs must be digital
It should have the ability to be traded digitally and transferred so
Should carry some value, as to be used for payment or investment.

It is all possible and enabled by the use of “Distributed Ledger Technologies” (DLT), which has revamped the financial services sector to a great extent.

The most common example of VA is virtual currencies such as Bitcoin, Ether, Dogecoin, and Stablecoins.

It is critical to note that VA does not include digital representations of fiat currencies, shares, securities, or any such financial asset. These are just e-money and not virtual assets. The reason is that mere digital representation of such assets does not easily imbibe a feature to trade or transfer the same digitally. For example, the fiat currency stored in a bank be easily transferred from one account to another, and ownership can be changed but cannot trade the same as such; thus, it lacks one of the fundamental characteristics of VA.

Accordingly, it is critical to understand and note that for a financial asset to qualify as VA, it should have an inherent quality of being traded and transferred digitally.

As we are discussing VA, it is to be noted that VA and the phrase “Digital Assets” (DA) are being used interchangeably by the public. It is imperative to understand that term “Virtual Asset” cannot be used in the context of every “Digital Asset,” as every DA need not be a VA, but every VA has to be necessarily a DA. Instead, DA is a broader connotation that includes the non-fungible tokens* (NFT) and VAs.

*NFTs are unique (may not be interchangeable amongst the NFT community) digital assets used as collectibles rather than as a mode of payment or investment. As such assets do not satisfy the primary feature of being used for payment/investment purposes, the same is not considered as VA, per FATF guidelines.

What is Virtual Assets Service Provider?

Having had a brief idea about virtual assets, it is pertinent to understand what Virtual Asset Service Provider (VASP) is. Here also, we would refer to the definition of VASP as provided by FATF, as under:

“a business which conducts one or more of the following activities or operations for or on behalf of another natural or legal person:

an exchange between virtual assets and fiat currencies;
exchange between one or more forms of virtual assets;
transfer of virtual assets; (transfer means to conduct a transaction on behalf of another natural or legal person that moves a virtual asset from one virtual asset address or account to another)
safekeeping and administration of virtual assets or instruments enabling control over virtual assets;
participating in and provision of financial services related to an issuer’s offer or sale of a virtual asset;

The use of the word “conducts” in the opening line of the definition indicates that for a service provider to qualify as VASP, it need not necessarily be the primary provider but also includes a person who helps in the active facilitation of services, i.e., the person who assists in carrying out of the services.

Further, the phrase “as a business” in definition clarifies its scope, which is limited to the only person who carries out the VA-related activities for or on behalf of someone else for a commercial reason. It signifies the exclusion of persons carrying out VA activities for their benefit on an irregular or infrequent basis, without any commercial sense or facilitating anyone else.

Now, we will evaluate each of these five subsections of the definition to understand what all sorts of activities related to VA would get covered here.

1. The exchange between virtual assets and fiat currencies

A person, natural or legal, carrying out an activity of converting the fiat currency into virtual assets or vice versa in the course of its business, then such a service provider would be construed as VASP.

2. The exchange between different types of virtual assets

A person carrying out an activity of exchanging one type of virtual assets for another, i.e., a person providing services of offering one form of VA against exchange or payment of a different kind of VA, then such a service provider would be a VASP.

3. Transfer of virtual assets

Here, it is vital to understand the context in which the term “transfer” has been used. As clarified by FATF, “transfer” means to conduct a transaction on behalf of another natural or legal person that moves a virtual asset from one virtual asset address or account to another.

Accordingly, any person conducting a business activity, assisting or facilitating the transfer of ownership of the VA or even transfer of own VA of a person from one wallet to another.

Let us discuss some examples and sample cases around who can be considered as VASP or how to identify VASP in the context of exchange or transfer of VAs.

It is pertinent to note that, most of the time, such exchange or transfer of VA takes place using some decentralized technology, where such VA exchange platforms have been created. Such software programs are “Decentralized or Distributed Application (DApp),” which operates on blockchain technology and facilitates digital assets and their transfer. The name suggests that such software or platforms run on a decentralized ledger. However, generally, these applications have a single authoritative party having specific controls over the software or application, which may include control over creating and launching a VA, enhancing the functionalities of the application and user interfaces, or collecting the fees. Thus, such DApp or software collects specific fees (generally in VAs) from the users for using or interacting with the DApp, which facilitates the exchange or transfer of VAs. These fees collected by applications go to the owner/developer, the application operator, or for the benefit of the community of such DApp.
Such applications or software programs cannot be construed as VASP; however, the creator or operator of such application may be construed as VASP, as they are providing services to the users or facilitating the exchange or transfer of the VA using their software or application.
Services related to Virtual Asset Escrow are used when sending/receiving or transferring the fiat currency in exchange for VAs when the custody of the funds is with the service provider.
Brokerage services, where the provider facilitates issuing VAs and trading the same on behalf of the third person.
Advanced trading and Order-book exchange services enable the parties to find each other, discover prices, access more sophisticated trading techniques (trading on margin or algorithm-based trading), and trade VA.
Note that an application merely providing a platform for the buyers and sellers to find each other without facilitating the transaction between them would not be construed as a VASP.
Virtual Asset Exchanges, which facilitates the exchange of VA for fiat currencies (cash, credit cards, wire transfers, etc.) against fees or commissions.
Service providers offering the Crypto-ATMs would be treated as VASPs as they actively facilitate the exchange of VAs and fiat currencies through the kiosks.

4. Safekeeping or administration of virtual assets or instruments enabling control over virtual assets

Generally, the term “safekeeping” and “administration” of VA can be read in the same context, wherein the service provider would have the custody of the VA or the private key unique to the VA and carry out the transactions as instructed by the owner of the VA or the smart contracts on behalf of the service recipient. Further, as an extension, the term “control” indicates that the provider of such services would have capabilities or the power to trade/transfer the VA on behalf of the recipient.

A few examples of service providers fitting into this basket of services would be the companies providing custodial wallet service as they would be holding someone else’s VA.

It is critical to note that it would not include the providers offering auxiliary services such as providing internet or data storage services or software to the VASP (who is managing or controlling the VAs of the recipient of services), rather than engaging with ultimate recipients and accessing their VA.

5. Participating in and provision of financial services related to an issuer's offer or sale of a virtual assets

This clause covers the services concerning Initial Coin Offerings (ICO), a way to raise funds for new projects from early backers. It includes a person participating in ICO or providing financial services related to ICO. It includes purchasing VAs from an issuer to resell and distribute the same, book building, ICO underwriting, etc.

UAE Blockchain strategy 2021

In 2018, UAE government came up with its blockchain strategy 2021. Given the advantages of blockchain technology, the UAE blockchain strategy aims to transform 50% of government transactions on the blockchain platform by 2021. By adopting blockchain technology, the UAE government intends to save:

AED 11 billion in transactions and documents processed routinely
398 million printed documents annually; and
77 million work hours annually.

Regulatory frameworks in UAE to govern the activities related to Virtual Assets

Given the increased popularity and use of virtual assets across the globe, the UAE government has issued various policies to promote the setting up of virtual asset companies in the UAE. The government has started issuing necessary regulations and forming regulatory authorities to regulate this market.

UAE Crypto Regulatory Authorities

Central Bank of the UAE (CBUAE) and the Securities and Commodities Authority (SCA)

UAE financial and capital markets are primarily governed by the Central Bank of the UAE (CBUAE) and the Securities and Commodities Authority (SCA).

The Dubai Multi Commodities Centre (DMCC) has opened a crypto centre, and it houses VASPs offering, issuing, listing, and trading crypto assets. It also welcomes companies developing blockchain trading platforms.

It is noteworthy that the CBUAE, in July 2021, as a part of its 2023-2026 strategy, decided that it would launch its first digital currency by 2026.

The Hon’ble Prime Minister of the UAE has recently issued Cabinet Resolution No. (111) of 2022 Concerning the Regulation of Virtual Assets and their Service Providers, effective from 13^th January 2023, to regulate the virtual asset sector by mandating the licensing of specific virtual asset activities by the Securities & Commodities Authority (SCA) of the UAE or the local licensing authorities of specific Emirates. The said cabinet resolution does not apply to virtual assets activities regulated in a Financial Free Zone.

The Dubai Financial Services Authority (DFSA)

The Dubai International Financial Centre (DIFC) based companies are regulated by DFSA.

The Financial Services Regulatory Authority (FSRA)

The Abu Dhabi Global Market (ADGM) based companies are supervised by the FSRA.

The Virtual Asset Regulatory Authority (VARA)

The VASPs operating from the Emirate of Dubai (except for the units registered in the Dubai International Financial Centre).

UAE Crypto Regulations

UAE Crypto Regulations for Onshore Companies

UAE financial and capital markets are primarily governed by the Central Bank of the UAE (CBUAE) and the Securities and Commodities Authority (SCA).

UAE Onshore Companies are governed by SCA’s Decision No. 23 of 2020 concerning Crypto Assets Activities Regulation (CAAR).

CAAR also lays down AML/CFT requirements. CAAR provisions require reporting entities to:

Set up a solid AML/CFT compliance framework
Define policies and procedures for KYC and AML monitoring
Ensure that the deposits and withdrawals are made only from and to a designated bank account of the entity, and the bank account must be maintained with an authorized financial institution. The SCA must have explicitly approved it if it’s a foreign financial institution.
Ensure that the crypto assets are traceable

Further, they are also governed by the CBUAE’s Stored Value Facilities (SVF) Regulation 14 (SVF Regulation). The CBUAE has also issued the Retail Payment Services and Card Schemes Regulation (referred to above) (the “RPSCSR”). The RPSCSR applies to those providing payment token service.

The Cabinet Resolution No. (111) of 2022, effective from 13^th January 2023, provides that the following activities related to virtual assets shall be licensed by the SCA or Local Licensing Authorities, as the case may be:

provision of Virtual Asset Platform operation and management services,
provision of exchange services between one or more forms of virtual assets,
provision of Virtual Asset transfer services,
provision of brokerage services in virtual assets trading operations,
provision of Virtual Asset custody, management, and control services, and
provision of financial services related to offering and/or selling by the issuer to the Virtual assets or participating in providing those services.

Moreover, the resolution also provides for the following for better compliance and regulation of the activities related to the virtual asset:

No provider of virtual asset services shall operate in the UAE without necessary approvals and licensing from the Securities & Commodities Authority or Local Licensing Authority,
Oversight of the above-mentioned activities by the Securities & Commodities Authority (SCA),
Before issuing the license, the SCA shall verify the applicant’s fulfilment of the capital requirements, credit guarantees, compliance management system, commitment to AML regulations, etc.
Compliance with AML regulations by the licensed providers of virtual assets services in terms of Federal Decree by Law No. (10) of 2025 and it’s executive regulations, along with FATF recommendations issued explicitly for virtual asset activities.

Compliance and Risk Management Rulebook for VASP – Emirate of Dubai (except DIFC)

On 11th March 2022, Virtual Assets Law No. 4 of 2022 on the Regulation of Virtual Assets in the Emirate of Dubai came into force. It applies to virtual asset services in Dubai, except in the DIFC.

Further, VARA has been named as the supervisory authority for the virtual asset service providers seeking to operate in Dubai, whether mainland or free zones, except DIFC.

Moreover, in line with Virtual Assets Law No. 4 of 2022, VARA recently issued a detailed VASP compliance and risk management Rulebook to be adhered to by the companies providing services related to virtual assets. The AML/CFT section of the Rulebook provides for various mandatory compliance frameworks that a VASP has to follow mandatorily. The principal AML compliance aspects covered in the Rulebook are as under:

Appointment of Money Laundering Reporting Officer (MLRO) with minimum 2 years of experience related to AML/CFT compliance,
Conducting AML Business Risk Assessment,
Designing and implementing the AML/CFT policies & procedures in line with the VARA Rulebook, AML Federal Laws and the FATF Recommendations related to the virtual assets segment,
Client Due Diligence, including screening of clients, UBOs, Virtual Asset transactions and the Virtual Asset Wallet address,
Transaction monitoring and suspicious transaction reporting to the FIU and VARA,
Compliance with FATF Travel Rule,
Maintaining of AML records for a minimum period of 8 years.

UAE Crypto Regulations for Financial Free Zone - Dubai International Financial Centre (DIFC)

The DFSA is a supervisory authority for the companies housed in DIFC. The DFSA has come out with a Consultation Paper No. 138, establishing its own regulatory framework for investment tokens. Very recently, on 8^th March 2022 the DFSA came out with Consultation Paper No. 143 for regulating crypto tokens.

UAE Crypto Regulations for Financial Free Zone - Abu Dhabi Global Market

The Financial Services Regulatory Authority (FSRA) is a supervisory authority for the companies housed in Abu Dhabi Global Market (ADGM). The FSRA came out with a regulatory framework in 2015 concerning the crypto asset businesses. Further, The Financial Services and Markets Regulations (FSMRs) 2015 regulates crypto assets in ADGM.

in 2018 FSRA came up with FSRA Rules (Crypto Asset Legislative Framework).

The rules are:

(a) Conduct of Business Rules (COBS_VER04.250618) (see appendix for detailed amendments);

(b) Market Infrastructure Rules (MIR_VER03.250618) (see appendix for detailed amendments);

(c) Glossary (GLO_VER05.250618) (see appendix for detailed amendments ).

In 2020 Financial Services and Markets (Amendment No 2) Regulations were issued.

Several guidelines have also been issued, including:

Guidance – Regulation of Virtual Asset Activities in ADGM (“Virtual Assets Guidance”)
Guidance – Regulation of Digital Security Offerings and Virtual Assets under the FSMR
Guidance – Regulation of Initial Coin/Token Offerings and Crypto Assets under the FSMR (“ICO Guidance”)

On 21^st March 2022, the ADGM issued a consultation paper No.1 of 2022 seeking proposals for enhancements to capital markets and virtual assets in ADGM.

Guiding Principles for VA Regulations by FSRA

In September 2022, FSRA issued a document laying down the guiding principles around its approach to Virtual Asset Regulation and Supervision for virtual assets companies operating or planning to set up VA units in ADGM.

These guiding principles suggest the high-level approach that FSRA would adopt to regulate the operation of the virtual asset in ADGM, focusing on maintaining the stability of the ADGM’s ecosystem, the risk associated with VA, protection of the customers using VAs and the ease of entry to new VA players in ADGM. Following are the 6 guiding principles laid down for VA regulation in ADGM:

Principle 1 – A Robust and Transparent Risk-Based Regulatory Framework

To oversee the VA activities and mitigate the inherent risk in the VA segment, the FSRA shall regulate the VA operations in ADGM. Its VA regulatory framework includes activity-specific rules and relevant guidance aimed at protecting the customers investing in VA and maintaining the financial stability and integrity of the market.

Principle 2 – High Standards for Authorisation

The authorization standards focus on admitting only such VA operators within ADGM who maintains transparency and meets the regulatory framework to prevent market abuse or any damage to ADGM’s ecosystem. For new applications for setting up a VA business unit in ADGM, FSRA shall grant an “in-principle” approval only to the applicants having the business plan and the controls matching the FSRA’s risk appetite. Final approval shall be provided only when the applicant has successfully completed the operational testing to the satisfaction of the FSRA.

Principle 3 – Preventing Money Laundering and Other Financial Crime

Owing to anonymity and easy access, FSRA mandates the application of AML/CFT regulations to the VA operators in ADGM. It includes adherence to ADGM-specific rules, Federal Laws and Cabinet Decisions on AML/CFT, FATF Guidance and Recommendations around VA. FSRA insists on transparency around the beneficial ownership and mandates the VA firms not to transact with the counterparty whose identity is unknown at any stage during the transaction

Principle 4 – Risk-Sensitive Supervision

FSRA shall follow a risk-based approach to supervise the VA segment, wherein the risk assessment shall be continuously done for the VA firms based on their size, nature and complexity. FSRA aims to ensure that the VA firms have effective controls and adequate risk management strategy, which is commensurate with the size and nature of the firm.

Principle 5 – Commitment to Enforce Regulatory Breaches

FSRA shall dedicatedly work towards addressing the ADGM business units’ non-compliance with regulatory requirements. For this, FSRA has powers to collate the information from the ADGM companies, conduct investigations, and take disciplinary actions to prevent non-compliance with ADGM rules.

Principle 6 – International Cooperation

Given the global spread of the VA operations, to mitigate the risk and support the mutual exchange of information between international regulators, the FSRA has entered into various bilateral and multilateral Memorandum of Understandings (MoUs). Further, FSRA encourages the development of international best practices for VA’s sustainable growth to be sustainable and is ready to support the principles of global organizations like IOSCO, the Basel Consultative Group and FATF.

AML/CFT regulations and obligations on VASP - AML Crypto Regulations in UAE

Given the anonymity involved and lack of central governing authority (as most of the virtual assets-related activities are being carried out through a decentralized platform), the Financial Action Task Force (FATF) recommended that VASPs should also be subject to stringent anti-money laundering and combatting of terrorist financing (‘AML/CTF’) regulations, the way traditional financial institutions are.

Accordingly, in line with FATF’s recommendations and increased activities related to virtual assets in the UAE, the government recognized the need to regulate the virtual assets segment. Here is the list of important regulations, cabinet decisions, and circulars applicable to Crypto Companies and Virtual Asset Service Providers in UAE.

Cabinet Resolution No. (111) of 2022 Concerning the Regulation of Virtual Assets and their Service Providers.
Federal Decree by Law No. (10) of 2025 Regarding Anti-Money Laundering, and Combating the Financing of Terrorism and Proliferation Financing
Cabinet Resolution No. (134) of 2025 Concerning the Executive Regulations of Federal Decree-Law No. (10) of 2025 Concerning Combating Money Laundering, Terrorist Financing, and the Financing of the Proliferation of Weapons.
Cabinet Decision No. (74) of 2020 Regarding Terrorism Lists Regulation and Implementation of United Nations Security Council (UNSC) Resolutions on the Suppression and Combating of Terrorism, Terrorist Financing, Countering the Proliferation of Weapons of Mass Destruction and its Financing and Relevant Resolution.
VASP Compliance & Risk Management Rulebook issued by Virtual Asset Regulatory Authority of Dubai (VARA).

(a) VASP obligations under AML/CFT law

As entities being subject to AML/CFT regulations in UAE, VASP would be required to adhere to the following requirements to identify ML/FT risk and mitigate the same:

Appoint the Compliance Officer to manage the AML/CFT program in the company.
Maintenance of AML/CFT policy designed considering the applicable regulations, money laundering and terrorism financing risk the VASPs are exposed to, VA-related red-flag indicators, etc.
Conducting business risk assessment from ML/FT risk perspective (using a risk-based approach) and identify the risk the VASP is exposed to and the controls in place to mitigate it.
Customer screening, risk categorization, and performance of adequate due diligence (generally enhanced, owing to the inherent nature of the VA).
Screening of Virtual Asset transactions and the Virtual Asset wallet address.
Reporting suspicious transactions and activities to the authorities.
Imparting adequate training to the employees and senior management.
Periodic audit of the AML/CFT framework adopted for the company by an independent team.
Annual risk assessment reporting.

(b) Virtual Assets “AML/CFT” Compliance Policy

Adherence to AML/CFT regulations becomes easy once the entity has set standards and policies to be followed. Accordingly, it is of utmost importance for every VASP to develop and adopt the “Virtual Asset AML/CFT Compliance Policy.” You may refer to the VASP AML Compliance Policy template available on our website.

(c) Technology-driven KYC, Screening, and Transaction monitoring for VASPs

Since the entire VA network operates on the blockchain or similar technology, the authorities also encourage using technology or digital tools to carry out AML/CFT related compliances.

For the “Know Your Customer” (‘KYC’) process, since most of the transactions between the recipient and the VASP would be non-face-to-face, some authorities suggest deploying tools or software that requests users to upload “selfie” as well as a copy of identity document bearing photo ID. Later, this technology should be able to match and verify the user’s ” selfie ” and the photo appearing on the ID.
Further, various guidelines issued by different authorities encourage VASPs to deploy new technologies to enhance the efficiency of the customer onboarding process. It also includes functionality to screen the name of the user or customer against the international and local sanctions list in real-time, along with VA transactions and the VA wallet address.
As part of transaction monitoring, some authorities insist on implementing the “Know Your Transaction” measures, enabling the VASPs to monitor the transactions from their origin to the destination effectively. The VASPs must collect every detail relevant to the transaction, about virtual assets, parties involved, locations, etc.
Additionally, it is also recommended by the authorities to obtain the following details about VA or the customer or the transaction, mainly using the new technologies:
Beneficiary and the originator of the VA
The IP address of the customer, with an associated timestamp
Wallet addresses involved.

ML/FT typologies and red-flag indicators relating to Virtual Assets (VA)

It is critical to understand the key ML/FT typologies associated with VA and VASP, given the great chances of this sector being exploited by the money launderers and for the financing of terrorist activities.

1. ML/FT typologies related to Virtual Assets (VA)

– The repeated withdrawal from one or more bank accounts of substantial amounts in cash, as a whole or in parts and within a relatively short period, without any apparent necessity and in combination with the repeated cashless receipt of sums of money (whereby the amounts received in the case of the trader in virtual currencies originate from the sale of virtual currencies).

– The purchase of virtual currencies whereby at least two of the following characteristics are fulfilled:

the buyer offers his services through the internet through supply and demand sites;
the buyer does not ascertain the identity of the seller;
the buyer screens off his own identity;
the buyer pays in cash;
the buyer charges an unusually high exchange fee percentage;
the transaction takes place in a (public) space where there are many members of the public present, thereby reducing the security risk for the buyer;
there is no plausible legal or economic explanation for the method of exchange;
the scale of the virtual currencies purchased is not likely to concern average private use;
the buyer is not known to the tax authorities for his exchange establishment.

– The buyer or seller uses a so-called ‘mixer’ during the sale of virtual currencies.

– Use non-compliant exchanges to carry out the conversation between fiat and virtual currencies.

– Use cryptocurrency ATMs to convert the money quickly from fiat to virtual assets and vice versa.

– Multi-customer cross-wallet activity.

2. ML/FT red flag indicators for VASP

A. Red flags related to VA Transactions (Size and Frequency of the transactions):

– Manipulating VA transactions (e.g., exchange or transfer) in smaller portions to avoid the reporting requirement.

– Multiple high-value transactions carried out –

Within 24 hours or period with minimal time gaps;
Using a new or very old account not used for a long time.

– Transfer of VAs to multiple VASPs, located across different jurisdictions where

there is no interconnection between the customer’s location, or
there are no AML/CFT regulations.

– Firstly depositing VAs at an exchange and then instantly –

withdrawing the VAs without any further activity, indicating redundant transactions and incurring unnecessary costs;
transfer of one VA to another without logical commercial reason, or
immediate withdrawal of the VAs to a private wallet from an exchange.

– Accepting fraudulent or theft funds.

B. Red flags related to VA Transaction Patterns (Transactions concerning new users):

Depositing a large amount at the time of opening a new account is not consistent with the customer’s profile.
Withdrawal, in a day or two, of the large amount deposited at the time of opening a new account or trades such a large amount on the same day.
Trading the entire amount of VAs or withdrawal of the same to take off the whole funds from the platform by the new user.

C. Red flags related to Virtual Assets Transaction Patterns (Transactions concerning all users):

– Trading through multiple accounts with no reasonable explanation.

– Regular transfers in a day or a week to the same VA wallet –

by more than one person;
from the same IP address; or
involving huge sums.

– Receipt of VAs from multiple unrelated accounts in smaller portions and immediately transferring the accumulated funds to another wallet or exchanging the entire value against fiat currency.

– Exchanging the VA against the fiat currency at a loss, without any business sense.

– Exchanging vast amounts of fiat currency against VAs, or one type of VA, to other kinds of VAs, without any logical rationale.

D. Red flags related to Anonymity associated with Virtual Assets (VA):

Customers prefer VAs providing higher anonymity, even when the transaction cost is high.
Moving a VA from a transparent blockchain to a centralized exchange and immediately trading it for Anonymity Enhanced Coins.
An unregistered/unlicensed VASP operating on peer-to-peer (P2P) exchange websites, handling large amounts of VA on their customer’s behalf and levying high transaction costs.
The abnormal volume of VAs exchanged against fiat currency at exchanges, without any business rationale.
Transactions through accounts associated with VASPs, offering mixing or tumbling services.
Transactions are offering to mix and tumbling services to disguise the movement of illegal funds between known wallets and darknet marketplaces.
A transaction with an account or wallet linked with any known suspicious sources, darknet marketplaces, mixing/tumbling services, gambling sites, or illegal activities.
Using decentralized hardware or physical / paper wallets to move the VAs across the countries.
Users register their internet domain names using proxies or domain name registrars (DNS), which offer suppression of the domain names’ owners.
Users getting themselves registered through an IP address associated with a darknet or software allows communication using encrypted emails and VPNs, providing anonymity.
Transactions where unfamiliar encrypted communication means are used instead of a VASP.
Multiple wallets are being controlled from the same IP address, involving shell wallets registered in the name of various users to hide the linkages.
Using inadequately documented VAs or VAs connected with fraud.
Users transacting through VASPs have weak CDD and KYC processes.
Using VA ATMs/kiosks

Incurring higher costs;
In high-risk jurisdictions, having a criminal background, or
multiple times involving small transactions.

E. Red flags about Sender / Recipients (Irregularities observed during account creation):

– Operating multiple accounts with different names to avoid trading or withdrawal-related restrictions imposed by VASPs.

– Transactions through –

non-trusted IP addresses;
IP addresses from sanctioned jurisdictions; or
IP addresses are flagged as suspicious or “black-listed.”

– Frequent requests to open an account with the same VASP and from the same IP address.

– Corporate users have their Internet domain registrations in a different jurisdiction than their place of establishment.

F. Red flags about Sender / Recipients (Irregularities observed during CDD process):

Inadequate KYC information or a customer hesitates or refuses to share the KYC documents or information on the source of funds.
The customer shares incorrect information about the transaction, the source of funds, or the association with the counterparty.
The customer provides forged documents, fake photographs, or identification documents as part of the KYC process.

G. Red flags about Sender / Recipients (Profile):

A customer provides identification or account records shared by some other account.
Differences in the IP addresses associated with the customer’s profile and the transaction-related IP addresses.
Publicly available information about the customer’s wallet address being associated with illegal activity.
Information about customer’s criminal association.

H. Red flags about Sender / Recipients (Profile of potential money mule or scam victims):

The transferor is unaware of the VA and related blockchain technology. These people could be money mules hired by professional money launderers, or scam victims turned mules who are tricked into transferring illegal funds without knowing their origin.
Significantly aged customers, operating an account and transacting in large volumes, indicating involvement in VA money muling or a victim of elder financial exploitation.
A financially vulnerable person is assisting drug dealers in their illegal business.
Inconsistency between the VA transactions involving significant amounts and the customer’s financial profile indicates the existence of money laundering or a money mule.

I. Red flags about Sender / Recipients (Other unusual behavior):

Frequent changes in the customer’s identification information, email addresses, IP addresses, or financial information.
A customer enters a transaction with multiple VASPs using different IP addresses daily.
Text in VA message box indicating association of the transactions with criminal activity or the purchase of illegal goods.
Repeated transactions by a customer with a subset of users at considerable profit or loss, indicating potential account takeover & removal of victim balances via trade or ML scheme to disguise the funds using VASP infrastructure.

J. Red flags related to Source of Funds or Wealth:

Customers using VA wallets, IP addresses, or bank cards are known to have been associated with fraud, sanctioned addresses, ransomware schemes, darknet marketplaces, or illegal websites.
VA transactions are associated with online gambling services.
Using multiple bank cards connected with a VA wallet to withdraw the considerable value of fiat currency (crypto-to-plastic).
Purchasing VAs using funds sourced from cash deposited into credit cards.
The cycle of depositing the substantially high amount into a VA wallet using unknown sources of funds and subsequently converting the same into fiat currency indicates theft of funds.
No information or incomplete information about the origin and owners of the funds, such as the involvement of shell companies.
Placing funds into an Initial Coin Offering (ICO) without giving personal information about the investors.
Transactions using pre-paid cards and immediate withdrawal after that.
A customer sourcing funds from third-party mixing services or wallet tumblers.
The primary source of customers’ wealth is investments in VAs, fraudulent ICOs, etc

K. Red flags related to Geographical Risks:

Trading on an exchange not registered in the customer’s jurisdiction or not at all registered with any jurisdiction.
The customer prefers a VA exchange or MVTS located in high-risk countries, where there are no or weak AML/CFT regulations for VASP.
The customer is setting up a business in a jurisdiction that lacks strong AML/CFT regulations without any logical business explanation.

AML UAE at Your Service

As required by the UAE authorities and FATF, VASPs must adhere to international standards and manage their business against the ML/FT risk they are exposed to. Here, we can help you understand whether your business activity fits into the VASP activities charted out by FATF and your obligations as VASP from AML/CFT perspective. Also, we can assist you with documentation of the AML/CFT policies, conducting AML training, etc., and ensuring your AML compliance with the regulations.

FAQs On AML Regulations for Virtual Assets Service Providers

A Crypto Asset is a record within an electronic network or distribution database functioning as a medium for exchange, storage of value, unit of account, representation of ownership, economic rights, or right of access or utility of any kind, when capable of being transferred electronically from one holder to another through the operation of computer software or an algorithm governing its use.

Cryptoasset exchange is an important part of the cryptoasset ecosystem, where the exchange provides liquidity to the market participants. Unregulated Cryptoasset exchanges pose significant money laundering risks, while regulated ones can also be targeted in money laundering schemes.

The mainland companies or onshore crypto and other virtual assets companies in UAE are regulated by the Central Bank of UAE (CBUAE) and the Securities and Commodities Authority (SCA). Further, Virtual Assets Regulatory Authority (VARA), CBUAE, and SCA control Dubai-based virtual assets service providers.

The Dubai Financial Services Authority (DFSA) is a supervisory authority for companies housed in DIFC.

The Abu Dhabi Global Market (ADGM) based crypto and other virtual asset companies are supervised by the Financial Services Regulatory Authority (FSRA).

Yes, all Virtual Asset Service Providers (VASPs) have to register with the goAML portal in UAE.

Primarily, the crypto, NFT, and other virtual assets companies in UAE have to adhere to the requirements of the following anti-money laundering (AML) laws and regulations:

Following are the Anti-Money Laundering (AML) compliance requirements that Crypto Companies, NFT, and other Virtual Asset Service Providers (VASPs) in UAE have to follow:

VASPs have to register on the goAML Portal
VASPs are required to appoint the AML Compliance Officer to manage the AML/CFT program.
Virtual Asset Service Providers have to conduct Business Risk Assessment (BRA)
VASPs have to prepare their AML Policy and Procedures Manual
VASPs need to conduct KYC, Screening, Risk Assessment of customers, suppliers, and third-parties
VASPs have to conduct enhanced due diligence of customers, suppliers, and third-parties
Crypto Companies and other virtual asset service providers have to file Partial Name Match Report (PNMR) with FIU UAE
Virtual Asset Service Providers have to file Funds Freeze Report (FFR) with FIU UAE
VASPs have to file Suspicious Activities Report (SAR) with goAML UAE
VASPs have to submit Suspicious Transactions Report (STR) with UAE goAML portal
VASPs have to provide Anti-Money Laundering training to employees and senior management
VASPs have to submit High Risk Country Transaction Report (HRC)
VASPs have to submit High Risk Country Activity Report (HRCA)
VASPs have to get themselves audited for AML purposes by an independent auditor
VASPs have to submit Annual AML Risk Assessment Report
VASPs have to ensure that the entities and individuals they deal with are not engaged in proliferation financing

Our Timely and Accurate AML consulting Services

For your smooth journey towards your goals

Related Blogs

10/12/2025

AML Implications for Politically Exposed Person (PEP)

09/12/2025

Regulator-Ready Business Risk Assessment for VASPs in UAE

08/12/2025

What is a White-Collar Crime and Its Inter-Relationship with ML/TF

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

AML Transaction Monitoring: A powerful tool to detect financial crimes

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

AML Transaction Monitoring: A powerful tool to detect financial crimes

Ever received a call from your bank to confirm if you have conducted a specific high-value transaction? If yes, then that is what transaction monitoring means. They know your routine transactions. If they see one unusual transaction and different from your general banking behaviour, they make a confirmation call.

Financial criminals conduct fraudulent activities by harnessing loopholes in regulations. They create an air of legitimacy around their scheme, company, and transactions.

Transaction monitoring can help detect patterns of suspicious behaviour and financial crimes to and from customers. That is why it is a significant step in companies’ and governments’ AML and CFT programs. With transaction monitoring, you can detect crimes before their occurrence or in their early stages. Timely detection saves you from the repercussions.

This article aims to explain the concept of transaction monitoring, its significance, and the best monitoring practices.

What is AML transaction monitoring?

Transaction monitoring means regularly keeping a close watch on the transactions. It involves checking a customer’s historical transactions, customer’s profile, account details, and interactions. These checks enable the identification of possible customer risks and the prediction of their future behaviour.

You can track the transactions in real-time during their occurrence to block them and prevent fraud. Alternatively, you can check transactions to identify any set patterns after their occurrence. Conduct periodic transaction monitoring to check the customer’s behaviour in terms of irregularities or set patterns.

Thus, financial institutions, as well as DNFBPs, must conduct frequent checks of their transactions.

Significance of AML transaction monitoring

Generally, anti-money laundering regulations in countries include the practice of transaction monitoring. It is mandatory for entities to track suspicious customers, suppliers, or transactions.

Entities have started using transaction monitoring systems to detect suspicious transactions. But it also requires human intelligence and experience to separate fraudulent transactions from non-fraudulent ones.

A constant check on customers’ activities is essential to avoid financial crimes. Transaction monitoring allows entities to adopt a risk-based approach, wherein the monitoring is done based on set rules defined considering the customer’s risk profile developed and the nature of transactions executed by the customer.

Based on the risk profile, you must monitor the customers. For a high-risk client, you need to adopt an advanced level of transaction monitoring.

Nowadays, criminals have advanced ways of conducting financial crimes in the times of the online, digital world. The complexity of money laundering and terrorist financing has increased, which requires a measure that can spot right from wrong. So, transaction monitoring with the definition of a clear rule is crucial to identifying criminal activities.

Furthermore, the transaction monitoring framework gives confidence to regulators and stakeholders of the organization. It shows the seriousness of entities toward detection of financial crime. It leads to a safe business ecosystem in the country and builds trust between existing and new partners.

Steps to an effective transaction monitoring program

Transaction monitoring is a risk-based approach with the following steps:

1. Risk assessment of your business

Identifying risks your business faces from customers, products and services, and operating environment is critical for your AML compliance. For this, you must conduct a detailed analysis of the industry in which you operate.

Analysis of risk parameters will determine your business’s risk appetite. A deep understanding of the risks you take as an entity and the measures you use to cover these risks is crucial. Also, you get to know what types of customers you will be handling, types and volumes of transactions and related risks thereof.

2. Define red flags of suspicious transactions

To ensure the correct identification of suspicious transactions, you must know what it looks like. For this, you must define the red flags your employees will look for while reviewing transactions or the rules set in the transaction monitoring solution. Some of the red flags can be:

Transactions involving large amounts of money,
A sudden new transaction unusual for a customer (nowhere like any other transactions done before),
Several small transactions of the same type involving one or more accounts/persons in a short time,
Inconsistency of the transaction with the customer’s economic profile,
The transaction is directed to or from a high-risk country or a jurisdiction featured in the sanction list,
Customer’s insistence on having no face-to-face communication always.

You must feed these red flags into the transaction monitoring system to generate alerts when witnessed. The team handling this system receives an alert notification. The entity can conduct a further investigation based on the alert to classify it as suspicious.

3. Create transaction monitoring rules

You must create transaction monitoring rules based on your risk appetite and red flag indicators. The system for transaction monitoring will have to be aligned with these rules to identify suspicious transactions. The rules may be created around the following:

The maximum amount of a transaction,
Number of unusual transactions from a customer,
Number of small transactions, after which the system generates an alert,
Transaction directed to or from a high-risk jurisdiction.

The monitoring system analyses the transaction against the set rules. Based on the defined rules, the system should be able to identify the suspicious pattern or characteristic and generate a trigger or alert for the same.

You must optimize these rules periodically based on historical results. Changes in rules will make the process more accurate, resulting in fewer false positives.

4. Review the generated alerts

You must review these alerts generated for suspicious transactions. The analysts must conduct a manual evaluation to check if the pattern or behaviour is suspicious. To produce a detailed report, they must collect all relevant information for that transaction.

If you find it suspicious, prepare a report of the investigation conducted, which should be shared with the senior management for sign-off. Basis your evaluation, you may even drop the alert, but document the reason.

Best practices of a robust AML transaction monitoring program

Some of the best practices you can adopt for transaction monitoring include:

Remain up-to-date with regulations

Keep an eye on the local and national regulations for combating money laundering and other financial crimes. Compliance with them is essential. With knowledge of all rules and regulations, you can update your red flags, optimize the monitoring rules and identify suspicious transactions efficiently.

Know about your industry and products/services

You must have deep knowledge of your sector and products/services to ensure effective transaction monitoring. Awareness of industry-specific risks, customer demographics, and product/service weaknesses can help create effective monitoring rules.

Furthermore, keep updating your knowledge on these factors. The updated information helps you improvise your transaction monitoring solution and timely capture all money laundering and terrorist financing activities.

Create an exhaustive list of transaction monitoring rules

Consider all the possible red flags for your industry and product/services while creating transaction monitoring rules. These rules must encompass a range of simple and complex scenarios to detect all possible suspected transactions.

Criminals keep updating their crime techniques to take advantage of your operations, processes, products, customers, etc. Similarly, you must frequently update these rules to stay on top of your criminal typologies.

Ensuring quality of AML transaction monitoring

Entities must try to avoid making transaction monitoring an operational, time-bound task. You must consider it as an action against decreasing or eliminating financial crimes. Accordingly, entities must base the employees’ performance on the quality and efficiency of transaction evaluation, not the volume of transactions handled.

Document the AML monitoring scenarios

The transaction monitoring system generates alerts if a transaction is against any rules fed into the system. Then, the analyst evaluates it comprehensively by collecting all related and relevant information.

You must document all this information, analysis, and insights. Documentation helps develop a precise, comprehensive scenario. And documentation of all these scenarios helps create more rules and logic to better your transaction monitoring process.

Do not assume that one size fits all

Do not oversimplify the risk scenarios. Create detailed, to-the-point, granular-level characteristics to identify risky behaviours or patterns of customers or transactions. The clarity in scenarios enables better comparison with the rules to identify suspicious transactions and reduce the possibility of false positives.

Do not have too many risk scenarios

Entities create an exhaustive list of risk scenarios to capture every possible suspicious transaction. But in this process, they forget to remove duplicates and non-contextual scenarios. With such an extensive list of possible risk scenarios, employees’ workload increases, and the quality of alerts decreases. So, while creating scenarios, avoid overlap and add relevant context to each.

Use artificial intelligence in transaction monitoring

Only rules based on logic will not be sufficient for effective transaction monitoring. You must have AI-based transaction monitoring systems to generate more insights and identify red flags that human eyes can overlook. Artificial intelligence can catch any pattern or behaviour that slips through the manual monitoring rules.

AML UAE’s role in transaction monitoring for entities

Since you understand the importance of transaction monitoring in your AML efforts, make it a part of your AML compliance program. Imbibe the best transaction monitoring practices to be 100% compliant with AML regulations and safeguard your business interest against financial crimes.

AML UAE is a leading provider of AML/CFT consulting services. We help our clients develop an effective AML compliance framework for their operations. Transaction monitoring and suspicious transaction reporting are essential parts of such frameworks.

We help clients with ML/FT risk assessment, determination of red flags, and creation of transaction monitoring rules aligned with your business profile. We can also assist you with selecting effective transaction monitoring software and implementing it with our AML experts’ support.

With AML UAE, you can monitor your transactions with relevant rules, making detecting suspicious transactions easier and smoother. Your chances of true positives increase, and the investigation quality improves.

FAQs on Transaction Monitoring

When an entity identifies a suspicious transaction of financial crime, the Compliance
Officer or the MLRO (Money Laundering Reporting Officer) must file the STR to the
Financial Intelligence Unit (FIU), without any delay.

Suspicious transactions are the ones that constitute the proceeds of financial crime,
are intended to be used in financial fraud activities, or are related to the crimes of
money laundering, terrorism financing, corruption, bribery, drug trafficking, and any
other illicit activities.

In a transaction, from AML perspective, the red flags could be around the change in
the customer’s identification, doubt around the sources of funds involved, transaction
associated with high-risk countries, inconsistencies in the transactional pattern, etc.

Yes, there can be more than one AML red flag indicator in a transaction.

Transaction monitoring is essential to identify suspicious transactions, so that ML/FT
activities can be timely reported. Further, transaction monitoring is also essential to
complete the AML/CFT efforts of the entity.

KYC is related to identification of the customer and verifying the identity. While
transaction monitoring is continuously reviewing the customer’s transaction
executed in course of business relationship.

Transaction monitoring rules are the thresholds and the logic configured by the
entity in its AML program – tools and systems – aimed to analyze the transactions
and generate an alert when the activities match the risk criteria defined in these rules.

Generally, the key challenges around transaction monitoring program are data
integrity, integration of the monitoring system with business’s legacy system,
generation of large number of false positive alerts, not updating the monitoring rules
and systems periodically, etc.

Strengthen your transaction monitoring
capabilities with AML UAE’s expert
AML/CFT consulting services.

Contact AML UAE to get started.

Share via :

About the Author

Dipali Vora

CAMS, ACS

Dipali is an Associate member of ICSI and a Certified Anti-Money Laundering Specialist (CAMS). She has an overall experience of 8 years in the compliance domain, including Anti-Money Laundering, due diligence, secretarial audit, and managing scrutiniser functions. She currently assists clients by advising and helping them navigate through all the legal and regulatory challenges of Anti-Money Laundering Law. She helps companies to develop, implement, and maintain effective AML/CFT and sanctions programs.

Reach Out to Dipali

Use of Digital ID for Customer Due Diligence -New Guidance issued by CBUAE for LFIs

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

Use of Digital ID for Customer Due Diligence -New Guidance issued by CBUAE for LFIs

The Central Bank of the UAE (CBUAE) has issued new Guidance on anti-money laundering and combatting the financing of terrorism (AML/CFT) for Licensed Financial Institutions (LFIs), which shall be applicable with immediate effect. The Guidance for LFIs on the use of Digital ID for customer due diligence aims to help the Financial Institution to adopt, understand and implement the statutory obligations concerning AML/CFT and considers the standards issued by Financial Action Task Force (FATF).

The Guidance talks about using digital ID systems/mechanisms by LFIs to fulfil their obligations about customer due diligence (“CDD”) in relation to natural persons.

Digital ID for Customer Due Diligence Guidance Applicability

The Guidance applies to all the Natural and legal persons licensed and/or supervised by the Central Bank of UAE in the below-mentioned categories:

National banks
Branches of foreign banks
Exchange houses
Finance companies
Issuers and providers of stored value facilities
Licensed retail payment service providers and card schemes
Registered hawala providers,
Insurance companies, Agencies, and Brokers.
Other LFIs not covered above.

Key Takeaways: Guidance on Digital ID for Customer Due Diligence

1. The Guidance talks about Identity proofing, enrollment, and authentication mechanisms with regard to the usage of digital ID systems. The terminology of “Digital ID systems” is defined as under:

“use electronic means to assert and prove a person’s identity online and/or in in-person environments, including through the use of:

Electronic databases, including distributed databases and/or ledgers, to obtain, confirm, store, and/or manage identity evidence;
Digital credentials to authenticate identity for accessing mobile, online, and offline applications;
Biometrics to help identify and/or authenticate individuals; and
Digital application program interfaces (“APIs”), platforms, and protocols that facilitate online identification and the verification and authentication of identity.”

2. LFIs are directed to use national-level identificationsystems and processes prevalent/under-development in UAE, like UAE Pass, Emirates ID, Emirates Facial Recognition, etc.

3. LFIs may use the online validation gateway of the Federal Authority for Identity and Citizenship and keep a copy of the Emirates ID and its digital verification in their records.

4. LFIs should leverage data generated by authentication for ongoing Customer Due-Diligence and transaction monitoring to identify suspicious customer activity/behavior /transactions with sanctioned or High-Risk jurisdictions.

5. LFIs may rely on customer identification, and verification carried out by a third party but shall make sure to abide by the following.

The LFIs shall obtain all relevant information from the third party.
Take the required steps to ensure that a third party provides copies of customer documentation/information used for CDD.
Third-party complies with the record-retention requirements provided in Cabinet Resolution No. (134) of 2025 and Federal Decree by Law No. (10) of 2025 on Anti-Money Laundering

6. LFIs should take appropriate measures to safeguard and deal with the inherent technology risk and challenges posed by digital ID systems and shall ensure implementation of such processes and systems to reduce the Identity proofing and enrolment risks, e.g. cyberattacks, security/cyber breaches, use of stolen/falsified/synthetic ID details due to the reliance on the open networks like the Internet.

7. The Guidance sets out a strategy for mitigating threats to the identify proofing and enrollment process laid down by the U.S. National Institute of Standards and Technology (“NIST”) Digital Identity Guidelines.

8. The Guidance also talks about the risks at the authentication stage, like credential stuffing, Phishing, man-in-middle (credential interception), PIN code capture and replay, which are exploited without the owner’s knowledge.

9. LFI’s shall ensure that the Digital ID system adopted shall provide complete confidence/assurance and is working efficiently to produce desired results. The same should be protected against internal and external manipulation and shall detect unauthorized users, cyberattacks, and insider fraud.

10. LFIs shall at first conduct Assurance Level Assessmentto understand the assurance levels of the digital ID system based on its governance, technology, and architecture to determine its reliability and independence. The assessment can be performed by themselves, or they may consider obtaining an audit or assurance certificate from an expert body.

11. Post Assurance Level Assessment, the LFIs shall conduct an Appropriateness Assessment to determine whether the digital ID system is reliable to deal with potential Money Laundering, Terrorism Financing, fraud, and other financing risks. LFI’s Assurance and Appropriateness Assessmentof the digital ID system to perform CDD shall be documented and updated periodically.

12. The Guidance has various illustrations adapted from NIST Digital ID Guidelines for technical requirements for

the identity proofing and enrollment
authentication protocols and processes
authenticator lifecycle management

13. This Guidance focuses on the use of digital ID systems for performing Customer Due-Diligence at the time of Onboarding/opening of account and ongoing monitoring, which will help mitigate the potential risks of Money Laundering and Combatting the Financing of Terrorism and safeguarding the financial system of UAE.

How can AML UAE help?

AML UAE is one of the top AML Consulting firms providing end-to-end support services for Anti-Money Laundering and Combatting Terrorism Financing to Financial Institutions, DNFBPs and VASPs. We can assist you in conducting Business Risk assessment, selection and assurance assessment of Digital ID systems, complying with ongoing monitoring of Transactions, and identification and reporting of suspicious transactions.

All-encompassing AML training for
your business just a call away.

Contact us now, and let's get started.

Share via :

About the Author

Dipali Vora

CAMS, ACS

Dipali is an Associate member of ICSI and a Certified Anti-Money Laundering Specialist (CAMS). She has an overall experience of 8 years in the compliance domain, including Anti-Money Laundering, due diligence, secretarial audit, and managing scrutiniser functions. She currently assists clients by advising and helping them navigate through all the legal and regulatory challenges of Anti-Money Laundering Law. She helps companies to develop, implement, and maintain effective AML/CFT and sanctions programs.

Reach Out to Dipali

Uncovering the Red Flags of NFT-Related Money Laundering

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

Uncovering the Red Flags of NFT-Related Money Laundering

With the increased acceptance of artwork using Non-Fungible Tokens (NFTs), comes the increased risk of money laundering and terrorism financing, induced by anonymity around the origin, mode of transfer, and payment. With this, awareness about the risk indicators associated with NFTs is very pertinent amongst NFT users and society as a whole.

Recently, the Joint Chiefs of Global Tax Enforcement (J5) issued a list of red flags that financial institutions, business organizations, and individuals must be aware of. The document released by J5 is the ‘J5 NFT Marketplace Red Flag Indicators’, which highlights how criminals constantly develop new ways to exploit emerging technologies.

NFT Critical red flags suggesting high ML/FT risk

Collection or organization of the NFTs from the high-risk jurisdictions
Collection of similar kinds of NFTs in large numbers to launder money between related wallets
Distribution or giveaway of fake or forged NFTs
Manipulation of the NFT values (unreasonably high) by the frequent buy-sell transactions between connected wallets (also known as “Wash Trading”)
High turnover of low-valued NFTs
Sell of newly minted NFTs at a very high value, contradictory with the other NFTs and a general trend
A high volume of trading of overpriced/underpriced NFTs within a short time gap
Mismatch in the NFT minting address and the contract address appearing on the exchange portal
A high volume of trading for the NFT collection purchased from a mixer or tumbler
Transaction value exceeding US$ 100,000 for newly minted or secondary market tokens without any apparent community
Request to share the seed phrase (translation of the private key) from the virtual asset wallet to execute the transaction
The same tokens were reacquired from the same party or the third party at a lower price, to whom earlier the said tokens were sold at a higher value
Phishing – flooding the inbox by sharing fake NFT offers
The unreasonably high price gap between the legitimate marketplace and a particular site
Unverified social media presence, with no apparent followers
Unnecessary exchange of NFTs between the same group of people or network

Other Risk Indicators suggesting medium ML/FT Risk related to NFTs

NFT with re-used code
NFT without any thumbnail appearing on the marketplace
No information is available about when and where the NFT was minted
Minting an NFT or buying it at an inflated price and immediately selling it off at a significant loss
The absence of the contract address makes the tracing of NFT difficult in the marketplace
High-volume transactions of the tokens purchased from the same wallet or network of wallets
Unverified accounts on the market profile
Details of the NFT not clearly captured – properties and description of the token missing
High value structured into smaller valued multiple transactions, over a short period, with no observable community

It is essential to understand these red flags and stay alert towards the same to reduce the chances of exploitation of the NFTs for laundering money or financing terrorism.

This list will enable the market participants to improve their fraud detection policies and deploy the necessary mitigation measures. They must implement customized compliance programs to avoid becoming victims of money laundering or other financial crimes.

Let us all fight the risks of the execution of financial crimes using cryptocurrency and virtual assets.

How can AML UAE assist you in AML NFT Compliance?

Awareness of the NFT-induced red flags is critical to safeguard yourself from being vulnerable to financial criminals exploiting the technologies.

AML UAE is a firm offering end-to-end AML consultancy services to Financial Institutions, DNFBPs, and the VASPs. We offer assistance in implementing the AML framework, training the compliance officer and team, offering AML software, managing customer onboarding, etc.

Partner with AML UAE and understand your AML risk better

Safeguard your business now!

Share via :

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

What is NFT money laundering, and how to combat it?

What is NFT money laundering and how to combat it?

Protect your business with reliable and effective AML strategies with AML UAE.

What is NFT money laundering and how to combat it?

Technology has entered every field of work. The art field is the latest to have been impacted by technology in the form of Non-fungible Tokens (NFTs). NFTs are blockchain-based tokens depicting various art forms – painting, music, and games.

Since technological evolution brought the digitalization of art, money launderers came up with new typologies to exploit the same.

Since technological evolution brought the digitalization of art, money launderers came up with new typologies to exploit the same and transfer the illegally obtained funds through misuse of NFTs.

This article discusses NFT money laundering, why and how it is conducted, and what measures businesses should consider combating.

What are NFTs?

NFTs are tokens, which are data in the form of videos, pictures, artwork, memes, tweets, or any digital asset. These are stored on different forms of distributed ledgers, such as blockchains. These cannot be interchanged with other NFTs. Thus, they are non-interchangeable digital assets but can only be bought and sold using cryptocurrencies.

They have unique identifying codes and are finite in numbers. People can see NFTs for free, but to own them, they must pay the price to the actual owner. The value of an NFT is based on its perceived value, driven by its market demand.

After the purchase, there is a built-in authentication, which the new user can show as proof of ownership. Here, the new owner gets ownership of the NFT and not the physical object, while the original creator owns the intellectual rights of the work. So, NFTs are famous because people value digital bragging rights over an item instead of the actual physical item.

How are NFTs different from cryptocurrencies?

The only similarity between cryptocurrencies and NFTs is that they are built on the same programming. Both are secured in digital wallets. And you need cryptocurrencies to buy NFTs.

Any physical currency and cryptocurrency are fungible. It means that these assets can be interchanged and traded with one another. That is not the case with NFTs because they are non-fungible.

Cryptocurrencies and physical currencies are equal in value. It means one dollar is equal to one dollar. One Ethereum is equal to one Ethereum. In the case of NFTs, each has a digital signature that makes it unique; thus, one NFT cannot be exchanged with another NFT. At any given moment, only one person can own an NFT, and the digital signature gives that ownership value.

Why are NFTs attractive to money launderers?

As it is said, the perceived value of art and its market demand decide an NFT. The perceived value factor makes dealing with NFTs a bit subjective and hence, away from the scrutiny of regulators.

The transfer of ownership of NFT happens in an instant. Buying and selling NFTs is easy and smooth and requires no additional financial cost except the token’s value. Also, there are no geographical restrictions on these transactions; NFTs created in one country can be done in another country without any limitation.

Moreover, NFT is an entirely new concept and a new market. Many different NFT platforms exist with different structures, operations, standards, ownership models, and due diligence rules. Therefore, it becomes challenging for regulators to create standard regulations for the NFT space applicable to various countries across the globe.

Smart contracts in the NFT market are one of the critical reasons money launderers are attracted to it. In smart contracts, the user generates revenue each time a transaction occurs on the blockchain. So, launderers rapidly conduct a transaction to generate revenues. Now, this becomes a significant motivation to execute smart contracts; in the process, forget about the identity verification of buyers. Launderers exploit this loophole to their benefit.

How does NFT money laundering occur?

Wash trading

Generally, criminals use their illicit money (converted into cryptocurrency) to buy an NFT. They use illegal money, but the purchase is a legal one. Later, they can sell the NFT and earn legal cryptocurrencies. This process is called wash trading.

The central concept in wash trading is to increase the value of the transaction. Thus, in this transaction, criminals benefit in two ways: they avoid taxes and convert unlawful funds to legitimate digital assets or currencies. Only a record of this purchase and sale transaction is present on the blockchain, and nothing about the funds obtained to buy this NFT.

Standard money laundering

Another way is to do multiple buying and selling transactions between their accounts or someone known to them to create layers of fake transactions. With each transaction, illegitimate money gets transformed into legitimate money.

Now, since the determination of the fair market value of an NFT depends only on how the appraiser values it, you never get to know the actual price of the NFT. Launderers create multiple accounts and transfer assets from one account to another for any price. These transactions layer the illegal money with legitimacy and cleanse huge funds.

How to combat NFT money laundering?

Whenever there is a new technological innovation, money launderers exploit them. And NFT is the latest technology to become its victim.

Individuals and businesses dealing in NFTs or facilitating NFTs exchanges must find ways to regulate NFT activities – to verify the buyer and seller’s identity and the transaction’s authenticity. They can improve their AML and KYC checks or implement some monitoring software to track all movements. They must trace NFT transactions between wallets and conduct the KYC of wallet holders.

They must know how launderers engage in NFT money laundering and related red flags to identify suspicious transactions. Countries can implement relevant regulatory laws and actions to control this NFT market. It requires efforts globally because NFT transactions can occur globally without border restrictions.

Money launderers exploited the NFT world as countries, and international regulators introduced AML rules in the traditional buying and selling activities of art. So, criminals come up with newer ways and means; businesses must take the help of AML consultants to identify the risks to NFTs.

Key AML Measures and Responsibilities for curbing NFT money laundering

The crypto companies, NFT service providers and facilitators, and other Virtual Asset Service Providers (VASPs) in UAE must implement the following measures to comply with law and protect the NFT ecosystem:

How can AML UAE help?

AML UAE is a leading provider of AML compliance services in the UAE across different sectors, such as corporate service providers, virtual assets service providers, dealers in precious metals and stones, financial institutions, etc. Our AML consultants understand AML laws and money laundering red flags specific to business and transactions and thus can guide you in protecting your business against money laundering threats.

We help assess your business risk and set up an AML Compliance framework aligned with AML/CFT obligations. We implement specific comprehensive screening procedures and help you identify the potential red flags of NFT money laundering for early detection and preventive actions.

FAQs on NFT Money Laundering and ways to combat it

The mainland companies or onshore crypto and other virtual assets companies in UAE are regulated by the Securities and Commodities Authority (SCA). Further,
Virtual Assets Regulatory Authority (VARA) controls Dubai-based virtual assets service providers (except DIFC). While it is Financial Services Regulatory Authority
(FSRA) & Dubai Financial Services Authority (DFSA) for ADGM and DIFC based VASPs respectively.

According to FATF, “virtual asset” refers to any digital representation of value that can be digitally traded, transferred or used for payment.

A cryptocurrency is a type of virtual asset. But not all virtual assets are cryptocurrencies.

A virtual asset is an asset held digitally or virtually. It is a digital value you can virtually trade, transfer, and use for investment and payment.

Virtual assets include digital art, text, videos, in-game items, images, music, cryptocurrencies, and virtual real estate.

Primarily, the crypto, NFT, and other virtual assets companies in UAE have to adhere to the requirements of the following anti-money laundering (AML) laws and regulations:

Federal Decree by Law No. (10) of 2025
Cabinet Resolution No. (134) of 2025
Cabinet Decision No. (74) of 2020
AML/CFT-specific guidelines issued by the Supervisory Authority

The various methods used to launder money include:

Using smurfs, mules, or shell companies
Investing in real estate with cash and then selling it or generating rental income
Investing in jewellery and moving it to other jurisdictions
Online auctions and sales
Virtual assets, including NFTs and cryptocurrencies

Yes, all Virtual Asset Service Providers (VASPs) must register with the goAML Portal in UAE.

Get ready for the fight against money laundering
with AML UAE

Get in touch with our team to discuss how we can help

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

What Skills Should an AML Compliance Officer Possess?

What skills should an AML Compliance Officer Possess?

What is an AML Officer/MLRO?

Essential skills of an AML Compliance Officer

Final words

Frequently Asked Questions (FAQs)

What is an AML officer?

Who is responsible for compliance with the AML policy?

What is a compliance officer?

What are the roles and responsibilities of an AML compliance officer?

What do you need to be a compliance officer in AML?

What is the best practice for AML compliance?

Blogs

What is Money Laundering?

Significance of AML compliance for businesses and financial institutions:

What is Customer Identification?

Role of customer identification in AML compliance

Components of the Customer Identification Program

Steps in Customer Identification

Technology & AML Compliance

Strict Verification System

AML UAE: AML Compliance Consultants

FAQs

Blogs

Money Laundering risk associated with nominee shareholders and directors

What is Nominee Shareholder/Director?

Why is the Nominee Shareholder/Director arrangement used?

Red flags associated with nominee shareholders and directors

Mitigating the Money Laundering risk associated with nominee shareholders and directors

How can AML UAE assist you?

Blogs

TFS Implementation Criteria

Targeted Financial Sanctions Legal Framework in UAE:

TFS Implementation Criteria 1: Ownership or Majority Interest

TFS implementation Criteria 2: Control

TFS implementation Criteria 3: Acting on behalf or at the Direction of the Designated Person

About AML UAE

Blogs

Adverse media and social media checks under AML compliance

Regulations on adverse media and social media checks

Importance of adverse media and social media screening

Building client’s risk profile

Protecting oneself against reputational risks, penalties, and fines

Sources for negative news and social profile screening

Best practices to implement negative news & social media screening

Keep your customer data up-to-date and complete

Create a sound negative news & social media screening policy

Engage in regular adverse media monitoring

Invest in an online tool to screen negative news

How can AML UAE help you streamline your CDD process with robust negative and social media screening?

Reach Out to Dipali

Blogs

AML regulations for Virtual Assets Service Providers in UAE - Crypto AML Regulations in UAE

What is Virtual Assets?

What is Virtual Assets Service Provider?

1. The exchange between virtual assets and fiat currencies

2. The exchange between different types of virtual assets

3. Transfer of virtual assets

Let us discuss some examples and sample cases around who can be considered as VASP or how to identify VASP in the context of exchange or transfer of VAs.

4. Safekeeping or administration of virtual assets or instruments enabling control over virtual assets

5. Participating in and provision of financial services related to an issuer's offer or sale of a virtual assets

UAE Blockchain strategy 2021

Regulatory frameworks in UAE to govern the activities related to Virtual Assets

UAE Crypto Regulatory Authorities

Central Bank of the UAE (CBUAE) and the Securities and Commodities Authority (SCA)

The Dubai Financial Services Authority (DFSA)

The Financial Services Regulatory Authority (FSRA)

The Virtual Asset Regulatory Authority (VARA)

UAE Crypto Regulations

UAE Crypto Regulations for Onshore Companies

Compliance and Risk Management Rulebook for VASP – Emirate of Dubai (except DIFC)

UAE Crypto Regulations for Financial Free Zone - Dubai International Financial Centre (DIFC)

UAE Crypto Regulations for Financial Free Zone - Abu Dhabi Global Market

Guiding Principles for VA Regulations by FSRA

AML/CFT regulations and obligations on VASP - AML Crypto Regulations in UAE

(a) VASP obligations under AML/CFT law

(b) Virtual Assets “AML/CFT” Compliance Policy

(c) Technology-driven KYC, Screening, and Transaction monitoring for VASPs

ML/FT typologies and red-flag indicators relating to Virtual Assets (VA)

1. ML/FT typologies related to Virtual Assets (VA)