What is smurfing in money laundering? Smurfing technique, risks, and protective measures

What are the risk indicators related to the smurfing in money -W

Blogs

Home Blogs
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Smurfing in Money Laundering: At a glance

  • Smurfing in money laundering refers to a technique where criminals split large sums of illicit proceeds into multiple small transactions to avoid AML reporting thresholds and detection by regulators.
  • In anti-money laundering (AML) compliance, smurfing is considered a structuring technique used to bypass regulatory reporting thresholds and alerts and conceal the source of illegally obtained funds.
  • Smurfing occurs at the placement stage of money laundering where criminals introduce illicit proceeds into the financial system through multiple deposits, transfers, or cash transactions.
  • A common smurfing example in AML involves multiple individuals depositing cash amounts below the reporting limit across different bank branches or cash deposit kiosks.
  • Financial institutions detect smurfing using AML smurfing detection methods, such as transaction monitoring systems and AI-based analytics, to identify suspicious transaction patterns.
  • Common smurfing redflags in AML include frequent deposits just below reporting thresholds, transactions inconsistent with customer profiles, and multiple depositors using the same beneficiary account.
  • Understanding structuring vs smurfing in money laundering helps compliance teams detect complex schemes, including variations such as cuckoo smurfing.

Smurfing in money laundering is a method commonly used by criminals to inject illicit proceeds into the legitimate financial system by breaking down large amounts of money into multiple small transactions to avoid AML reporting thresholds and detection. It is also known as structuring and commonly takes place during the “placement” stage of money laundering.

This article provides insights into identifying smurfing instances and how financial institutions can safeguard themselves against them and prevent the same.

What is Smurfing in Money Laundering?

Smurfing means breaking down large amounts of cash into smaller amounts deposited with financial institutions to avoid detection and reporting thresholds. Owing to its characteristics of manipulating the transaction values, the technique is also known as “Structuring.”

However, smurfing is more complex than the conventional way of structuring a transaction where in a single individual is involved. In contrast, in the case of Smurfing, more than one individual is involved.
One of the widely used money laundering techniques, smurfing, poses a high risk to Financial Institutions worldwide.

Laundering of illegal money using the smurfing method can be carried out by individuals or organized crime groups, which leaves devastating consequences on financial institutions and society.

What Stage of Money Laundering Does Smurfing Usually Occur?

Smurfing generally occurs at the placement stage of money laundering, it is the phase where criminals introduce proceeds of crime into the financial system to disguise illicit origins of funds and make them appear as legitimate income or profits, ready for further use.

At this stage, criminals use multiple deposits through multiple people and accounts to place illegally obtained money into banks without triggering AML monitoring alerts.

Smurfing vs Structuring in Money Laundering

The difference between smurfing and structuring is simplified in this table:

Differentiating Factors

Smurfing

Structuring

Definition

Relying on multiple individuals to carry out multiple transactions.

Relying on breaking transactions into smaller amounts.

Participants

Usually involves multiple people, known as “smurfs”.

Often carried out by a single person.

Purpose

To avoid AML detection and subsequent due diligence measures.

To avoid reporting thresholds from being triggered, which invite deeper scrutiny into transactions.

Example of Smurfing in Money Laundering

To illustrate how smurfing actually takes place, we can refer to this example. For instance, a criminal attempts to deposit $90,000 in illicit cash to his bank account, but doing so at one go would trigger reporting and enhanced diligence thresholds at the bank. Instead of depositing at one go, they divide the money into multiple small deposits of $3000 or less, and ask members of his criminal syndicate to deposit the same to his account at different branch locations.

By structuring the deposit below reporting and due diligence thresholds, the criminal attempts to avoid AML monitoring and suspicious transaction reporting, as well as internal controls such as enhanced due diligence (if put in place by the bank according to applicable thresholds and their risk appetite).

Before discussing how to prevent smurfing, it is important to understand what it is and how it affects financial institutions. 

What is smurfing in financial institutions?

Smurfing involves splitting a large sum of cash into smaller amounts of multiple transactions below the AML reporting threshold to avoid the applicability of AML measures and detection by financial institutions and regulatory authorities. 

Smurfing is often used to facilitate the placement of illegal funds into the valid financial system of the economy. 

How does smurfing affect financial institutions?

As smurfing is used to launder funds by facilitating the entry of proceeds of criminal activities into financial institutions, it is a significant risk to the security and integrity of the financial institution. When financial institutions allow criminals to use the smurfing technique, knowingly or unknowingly, the financial institutions face legal consequences for aiding in money laundering activities and the breach of regulatory obligation of reporting the money laundering-related suspicious activities. Further, smurfing damages the reputation of financial institutions and adversely impacts public trust. 

Thus, to avoid the loss of public trust and heavy fines for AML non-compliance, it is pertinent that the financial institutions design and implement robust procedures and controls to identify, report and prevent exploitation by smurfing.

Common Smurfing Techniques Used in Money Laundering

Criminals may use multiple methods to conduct smurfing transactions, such as:

  • Making deposits across different bank branches and deposit kiosks.
  • Making multiple small cash deposits below reporting thresholds
  • Using multiple people “smurfs”
  • Transferring funds through multiple bank accounts
  • Structuring electronic payments and wire transfers through multiple bank accounts.
How to prevent smurfing technique of money laundering

Cuckoo Smurfing in Money Laundering

One of the popular methods of money laundering is Cuckoo Smurfing. Let’s understand what Cuckoo Smurfing is, what are the elements of Cuckoo Smurfing, the Step-by-step process of Cuckoo Smurfing, and Cuckoo Smurfing indicators.

What is the Cuckoo Smurfing method in money laundering?

Cuckoo Smurfing is a money laundering method where criminals target bank accounts of legitimate customers expecting to receive funds from overseas. They split large transactions into smaller amounts of less than the regulatory threshold to avoid reporting to the FIU. Cuckoo smurfing is the comingling of criminals with money transfer agents to disguise the illicit proceeds and make them look like they have come from a legitimate source. This method is called Cuckoo Smurfing because it is like how Cuckoos lay their eggs in the nests of other species of birds and make them believe it’s their own. Here, the person receiving the funds is unaware that they are proceeds of crime and the source does not belong to them.

What are the elements of the Cuckoo Smurfing method of money laundering?

Here are the common elements of Cuckoo Smurfing in Money Laundering:

  • No physical transfer:- There is no physical transfer of funds in cross-border transactions.
  • Structuring:- Large amounts of funds are split into smaller amounts to avoid reporting thresholds.
  • Involvement of Smurfs:- Multiple Smurfs deposit cash into the bank account of a legitimate customer.
  • Cross-border transaction:- Cross-border transactions wherein the transferor and the beneficiary are located in two different countries.
  • Illicit Money:- Cuckoo smurfing involves cash derived from illegal activities.

Cuckoo Smurfing Methodology: Step-by-step

Overseas Transferor

  1. Overseas transferor wants to make a cross-border money transfer, and he deposits funds with a remitter
  2. The remitter does not transfer funds to the cross-border beneficiary
  3. The remitter asks a professional money laundering syndicate in the beneficiary’s country to deposit cash in the beneficiary’s bank account
  4. Once the cash is deposited into the Beneficiary’s account, the funds are transferred by the remitter to the money laundering syndicate

Beneficiary

  1. Professional money laundering syndicate deposits cash into the beneficiary’s bank account in small amounts to avoid reporting threshold (Structuring)
  2. Beneficiary thinks funds have legitimately arrived from the overseas transferor (Cuckoo’s Nest)

Red flags indicating Cuckoo Smurfing

Reporting entities are under legal obligations to maintain red flags indicating suspicious transactions and activities and submit a Suspicious Activity Report or Suspicious Transaction Report in case of suspicion. Here are some red flags that indicate cuckoo smurfing:

1. Cuckoo Smurfing: Demographic Red Flags

  • Cash Deposits across multiple bank branches and ATMs on the same day.
  • Cash Deposits from a different location than the home location of the beneficiary
  • Multiple cash deposits in quick succession at the same location
  • Cash deposits in the bank branch and ATMs
  • Cash deposits at remote ATMs with less surveillance

2. Cuckoo Smurfing: Account Indicators

  • The beneficiary is an unemployed person, a student, or a retired person
  • Multiple cash deposits in quick succession
  • Multiple cash deposits for an amount less than the reporting threshold
  • Cash deposits not matching the customer’s profile
  • Cash deposits via ATMs using a single card favouring multiple beneficiaries
  • Cash deposit into a beneficiary’s account matching with an international fund transfer instruction

3. Cuckoo Smurfing:

  • Depositor Indicators
  • Cash deposits into multiple beneficiary accounts by the same person
  • Depositor initiating cash deposits into a beneficiary account from a distant location
  • Multiple depositors using the same beneficiary details and making frequent cash deposits
  • The depositor’s name appears to be fictitious

How to detect Cuckoo smurfing?

How to detect Cuckoo smurfing?

1. Check if there’s a relationship between the depositor and the beneficiary
2. Check if the beneficiary is aware of the cash deposits made into his account
3. Check if the beneficiary is aware of the fund transfer from the overseas account
4. Check with the remitter for the source of funds
5. Check video footage to identify suspicious third-party depositors

How can entities protect themselves from Cuckoo Smurfing?

Business entities can protect themselves from cuckoo smurfing by utilising the services of legitimate financial institutions and money exchange houses. Further, they should monitor their bank account for suspicious bank deposits.

What are the regulatory measures against smurfing in money laundering?

The AML regulatory framework is important to detect and prevent money laundering through smurfing. Financial institutions must understand the risk associated with smurfing and, accordingly, implement the guidelines in the regulations to prevent financial crimes and stay compliant. 

Anti-Money Laundering Regulations against smurfing

Since smurfing is associated with money laundering typologies, the AML regulations in UAE provide for adopting strong and comprehensive AML procedures, controls, and systems to identify and prevent money laundering activities, including laundering through the smurfing method.  

The AML regulations in UAE mandate that financial institutions assess the money laundering risk, including the risk posed by smurfing. Further, the financial institutions must develop and implement a robust AML framework, including policies for performing customer due diligence and regularly monitoring transactions to identify suspicious activities and transactions contrary to the customer profile.  

Financial institutions may implement solid transaction monitoring programs to identify the smurfing instances, using advanced algorithms or Artificial Intelligence to identify unusual patterns or suspicious activity. These systems should be able to trigger transactions inconsistent with a customer’s known financial behaviour. Further, the financial institutions should also conduct periodic reviews of customer due diligence files to identify any update to the customer information or risk assessment of the customers that may be considered suspicious. 

AML Compliance Requirements

Know Your Customer (KYC) and Customer Due Diligence (CDD) Policies against Smurfing

KYC policies include identifying the customer and verifying their identities to ensure that the customer the financial institutions are dealing with is legitimate and has no criminal history or active connection. Financial institutions can reduce the risk of enabling smurfing activities through their activities by implementing an effective KYC process. Please note that KYC is one of the starting measures to identify and prevent smurfing, but it is not sole-sufficient. 

Financial institutions should implement additional Customer Due Diligence measures in case of high-risk customers or where any suspicion has been observed. These additional checks to verify the legitimacy of customer transactions may include understanding the purpose of the transaction, the customer’s source of funds and wealth, etc. 

Know Your Customer - KYC Requirements under AML regulations in UAE

Reporting suspicious activities to UAE’s Financial Intelligence Unit (FIU)

UAE AML regulations mandate that financial institutions identify and report any suspicious activity to FIU by filing a Suspicious Transaction Report (STR) or Suspicious Activity Report (SAR) 

Financial institutions must comply with the regulatory framework and implement the necessary controls and systems to detect and prevent smurfing. 

Difference between suspicious activity and suspicious transaction

What are the risk indicators related to the smurfing in money laundering?

What are the risk indicators related to the smurfing in money -W

Here is a list of potential red flags that the financial institutions must be cautious of, suggesting possible involvement of smurfing:  

  • Multiple small cash deposits a person or group makes into the same account but through different branches. 
  • Regular deposits or withdrawals in amounts exactly matching the AML Compliance cut-off. 
  • Transactions not matching the customer’s usual patterns, such as sudden large cash deposits or frequent transfers to offshore accounts unrelated to the customer or its business. 
  • A customer opening multiple accounts with little to no activity to distribute the funds. 
  • Frequent funds transfers between multiple accounts, specifically to high-risk jurisdictions. 
  • Unnecessary involvement of intermediaries to facilitate transactions without any business sense. 

Our timely and accurate AML consulting services

For your smooth journey towards your goals

Contact Us Now

What measures should a Financial Institution adopt to prevent smurfing in money laundering?

What measures should a Financial Institution adopt to..-W

Implementing effective internal controls

Financial institutions must develop and implement internal solid AML policies, procedures, and controls to detect and prevent smurfing timely. The key AML measures to prevent smurfing are:

Employee training and awareness

Awareness among financial institutions’ employees is crucial to identifying smurfing-related red flags. Employees must be trained to understand the risks associated with smurfing, identify smurfing activities attempted through the financial institution, and report suspicious activities. 

Employees must be trained in-house by the Compliance Officer, or some third-party expert can be hired to impart the training. The training program should include discussion around risk indicators and case studies based on actual real-life scenarios. Case studies can help employees better understand the technique and related red flags. This helps the employees correlate the training with on-job activities and, thus, helps employees understand their roles and responsibilities in preventing smurfing. 

Another important aspect of employee training is ensuring employees stay updated with regulatory amendments and evolving ML typologies, including smurfing methods. Thus, ongoing training of the employees must be ensured through periodic sessions (refreshers course), internal circulars, etc. 

Designing a comprehensive AML Training Program

Ongoing Monitoring Systems 

Real-time or Ongoing Monitoring systems help financial institutions detect unusual transactions or suspicious activities. These systems should be based on robust logic and monitoring rules, suggested being fully automated, and intelligent data analytics should be used to ensure their relevance and effectiveness. 

Using Artificial Intelligence (AI) can help financial institutions identify inconsistent patterns or trends in large datasets considering the past records, overall business risk, and the customer risk profile, suggesting potential risk indicators. AI can also help financial institutions detect new techniques that criminals may use for laundering illegal money. 

Another important aspect of monitoring transactions to identify suspicious activities is to use reliable and independent data sources, such as watchlists and adverse media, to support the internal alerts generated during ongoing monitoring. 

Risk assessment and management 

To effectively manage the risk, financial institutions must first identify the risk exposure, specifically the vulnerabilities to smurfing. A periodic Enterprise-Wide Risk Assessment must be conducted, and basis the risk assessed, the necessary risk mitigation measures must be deployed. 

Moving one step ahead, the finical institutions must also assess the risk each customer poses to the business – customer risk profiling must be conducted using risk scoring models. Considering each customer’s risk profile, the monitoring program can be designed and applied, i.e., high-risk customers should be subject to frequent and increased monitoring. 

Designing and implementing effective internal controls is very important for a financial institution to safeguard itself against smurfing. Financial institutions can help reduce risk exposure and avoid reputational damage with adequate employee training, a strong and comprehensive monitoring program, and timely risk assessment of the business and customers. 

Enhancing customer due diligence 

Financial institutions are critical in preventing money laundering activities, especially smurfing. Financial institutions must adopt additional checks and measures while performing customer due diligence to prevent smurfing. 

Customer due diligence involves identifying the customer and verifying the customer’s identity, customer risk classification, and ongoing monitoring of the customer’s information and transactions. Financial institutions can timely identify money laundering activities by implementing effective customer due diligence processes and avoid non-compliance regulatory fines and reputational damage. 

Enhanced Due Diligence measures under UAE AML Regulations

Verifying customer identity 

Verifying customer identity is the first and most crucial step of the CDD process. Financial institutions must ensure that their customers are genuine and not associated with criminal activities. Customer identity verification includes obtaining customer identification documents such as passports, driver’s licenses, and national identity cards. Financial institutions must also conduct screening against the Sanctions List and perform background verification to ensure the legitimacy of the person and the identity documents. 

Verifying customer identity is essential for preventing money laundering activities and exposing the business to the hands of financial criminals. 

Monitoring customer transactions 

Monitoring customer transactions is another vital aspect of CDD. Financial institutions must regularly monitor customer transactions to detect and report suspicious activities such as depositing or withdrawing vast sums of cash divided into multiple small-value transactions.   

Financial institutions can use various tools and technologies to monitor customer transactions, such as transaction monitoring systems built upon AI or machine learning. These tools can analyze customer transactions in real-time and identify inconsistent customer activities. 

Identifying high-risk customers 

Identifying customers posing the business with higher risk is important to prevent smurfing. High-risk customers include persons whose transactions are inconsistent with the customer’s business activities, persons reluctant to share identity documents, individuals or businesses with active connections with high-risk countries, or politically exposed persons (PEP). 

Financial institutions must develop and implement increased checks and verification measures for high-risk customers. Enhanced Due Diligence (EDD) shall be performed, which includes obtaining information about the customer and beneficial owners’ source of funds and wealth, understanding the purpose of the transaction and business relationship, and seeking senior management approval before establishing a business relationship or conducting transactions with high-risk customers. 

EDD is one of the important measures to identify and prevent smurfing activities, using adequate customer verification processes, continuous transaction monitoring, and identifying high-risk customers, increasing the financial institution’s overall risk. 

Collaborating with regulatory authorities and other financial institutions 

Collaboration with other financial institutions and regulatory authorities is essential to prevent smurfing. This involves smooth information of information, best AML practices, conducting joint investigations, and developing industry-wide control standards. 

Sharing relevant information and best practices to prevent smurfing 

Financial institutions must share information and best practices to identify and prevent smurfing activities. This includes sharing information about known smurfing syndicates, account numbers, and techniques and collaborating on research and development of effective solutions to identify and reduce the impact of smurfing activities. 

Financial institutions can also share the best practices for identifying and reporting suspicious activity related to smurfing to the FIU. 

Joint investigations and operations 

Joint investigations can help to identify and prosecute the individuals and groups involved in smurfing activities. Financial institutions should collaborate with regulatory authorities and other financial institutions to facilitate these investigations, such as providing corroborative evidence to support investigations. 

Developing the best industry-wide standards 

Collaboration and cooperation between financial institutions are necessary to implement industry-wide best measures and standards to identify and prevent smurfing. This includes developing standard operating procedures, AML framework, and aligning AML regulatory requirements. 

Collaboration between financial institutions and regulatory authorities aids in combating smurfing activities. Financial institutions can reduce the impact of smurfing and safeguard the financial system by sharing information on already proven smurfing elements, supporting investigations, and developing the best industry-wide standards. 

Leveraging technology to fight smurfing 

Smurfing is a common technique used to launder illegal money, given its simple nature of breaking large values into smaller amounts to surpass the AML threshold. Here, financial institutions can deploy technology to detect and prevent smurfing activities. 

Advanced technologies like Artificial Intelligence (AI) and Machine Learning (ML) can help understand the trends and track customer behaviour to identify smurfing activities. AI and ML algorithms can analyze the massive volume of transactions and customer information to identify unusual or inconsistent activities. 

Even emerging technologies – Blockchain and Distributed Ledger Technology (DLT) can also provide a secure transactional trail, reducing the risk of manipulating or structuring the transactions, thus reducing the risk of smurfing activities. By leveraging blockchain and DLT, financial institutions can create a transparent and immutable transactional record, making it difficult for criminals to disguise or conceal their activities or conduit financial crime. 

The other technologies that can significantly assist financial institutions in combating smurfing are advanced analytics and data mining that can identify unusual patterns of transactions indicating the possibility of smurfing or other money laundering activities. 

Financial institutions can prevent smurfing activities with the right technology and AML solution. With AI and ML, blockchain and DLT, and advanced analytics and data mining, financial institutions can up their AML compliance and safeguard their operations from the risk of smurfing. 

How can AML UAE assist financial institutions in developing a robust AML framework to prevent smurfing?

AML UAE is an AML consultancy service provider offering end-to-end AML support to financial institutions, Virtual Asset Service Providers (VASPs), and Designated Non-Financial Businesses and Professions (DNFBPs). AML UAE can assist financial institutions in designing robust AML/CFT policies and procedures, implementing adequate internal controls, enhancing the Customer Due Diligence framework, and training employees to stay vigilant in detecting smurfing instances. 

Financial institutions must identify, report, and timely prevent smurfing activities. AML UAE assists financial institutions in identifying the right technology and AML tool to identify the unusual activities suggesting smurfing. 

Frequently Asked Questions on Smurfing in Money Laundering

What is smurfing in money laundering terms

Smurfing refers to breaking down a large amount of illicit proceeds into smaller deposits or transfers to avoid AML reporting thresholds and detection by authorities.

Smurfing, in the context of money laundering, is a technique used by criminals to distribute large amounts of illicit proceeds through smaller transactions to avoid triggering AML reporting thresholds. These transactions are often carried out through different individuals, accounts, and at different locations to make funds appear legitimate.

Smurfing is a money laundering technique that includes breaking down a large amount of proceeds of crime into smaller amounts for depositing and transferring. Smurfing transactions are usually carried out by multiple individuals or through several bank accounts to avoid regulatory scrutiny and prevent financial institutions from detecting suspicious transactions indicating criminal activity.

Smurfing usually occurs in money laundering at the placement stage. At this stage, criminals make attempts to introduce proceeds of crime into the financial system by depositing or transferring smaller amounts of funds to avoid reporting thresholds and monitoring systems.

Cuckoo Smurfing is a type of smurfing technique where criminals deposit structured cash into a bank account of an unsuspecting person expecting an international transfer. The funds appear to be legitimate to the recipient, while the criminal network settles the actual payment sepa

In anti-money laundering, smurfing is a technique, often misused by criminals, to deposit large amounts of illicit proceeds through a small number of multiple deposits, aimed to avoid triggering reporting and monitoring thresholds and introduce illicit proceeds into the legitimate financial system.

Smurfing in money laundering means dividing large amounts of illicit proceeds into smaller transactions to avoid detection by financial institutions and regulators. By spreading transactions across multiple bank accounts, individuals, and locations, criminals attempt to disguise the funds’ illegal origin.

  • Financial institutions detect smurfing using:
  • Transaction monitoring systems
  • Behavioral analytics
  • Customer due diligence (CDD)
  • Suspicious transaction reporting (STR)
  • Artificial intelligence and machine learning

Make significant progress in your fight against
financial crimes,

With the best consulting support from AML UAE.

Contact Us Now

Share via :

About the Author

Linkedin-in

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Dealers in Precious Metals and Stones Report (DPMSR) 

DPMSR Reporting Excellence A Best-Practice Guide for the DPMS Sector

Blogs

Home Blogs
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Dealers in Precious Metals and Stones (DPMS) operate in a sector that is highly prone to Money Laundering (ML), Terrorism Financing (TF), and Proliferation Financing (PF) activities. To address this, DPMS sector Regulated Entities must file Dealers in Precious Metals and Stones Report (DPMSR) for specified high-risk transactions.

Explore DPMSR requirements, common challenges and practical ways DPMS businesses can efficiently report DPMSR.

What is Dealers in Precious Metals and Stones Report (DPMSR)?

Dealers in Precious Metals and Stones Report (DPMSR) is a DPMS sector-specific Regulatory Report submitted for transactions that equal or exceed AED 55,000 in cash or wire transfers.

Who Needs to File DPMSR in UAE?

Dealers in Precious Metals and Stones (DPMS) in the UAE are required to file the DPMSR. This obligation arises when DPMS are involved in covered activities for Anti-Money Laundering (AML), Counter-Financing of Terrorism and Counter Proliferation Financing (CPF) compliance as specified in Article 3 of Cabinet Decision No. (134) of 2025.

When to File a DPMSR?

DPMS sector must submit DPMSR when they are involved in transactions that meet the following specific criteria for reporting:

  • Cash transactions amounting to AED 55,000 or more with resident individuals or non-resident individuals.
  • Cash transactions with corporate entities amounting to AED 55,000 or more.
  • Transactions with corporate entities involving international wire transfers equal to or exceeding AED 55,000
  • All international wire transfers to be reported when the amount equals to or above AED 55,000
  • Any wire transfer conducted through an exchange house, even if the transaction is within UAE.
  • Cash installment or advance payments equal to or exceeding the AED 55,000 threshold, to be reported at the time of receiving funds.
  • Unfixed gold transactions in cash equals to or exceeding AED 55,000 threshold.
  • Transaction between two free trade zone companies settling the payment in USD through international wire transfer.
  • Settlement between a free trade zone company and an onshore company (not part of the same group) in the UAE conducted via international wire transfer.

If the above criteria are satisfied, then DPMSR is filed via the goAML portal.

What Transactions are Exempt from being Reported into a DPMSR?

There are certain transactions that are exempted from being reported into DPMSR. These specific transactions are:

  • Credit card, cheque or bank transfers with individuals, irrespective of the amount.
  • Old gold exchange or old gold/jewellery exchange for new jewellery, where no cash component exceeds the threshold limit.
  • Local wire transfers or cheque transactions from a local bank within the UAE.
  • Gold to gold barter trading, where making charges are paid via cheque or wire transfer.
  • Payment towards Margin calls and loans with banks.
  • Intra-company transfers and intra-company sales or purchases in cash, even if they exceed the AED 55,000 threshold.
  • Cash making charges exceeding the threshold, provided no buying or selling of precious metals and stones is involved in that specific payment.
  • Transactions conducted via Letters of Credit issued by banks.
  • Wire transfer within the same group, such as between a mainland company and a company in a free zone.
  • Transaction between two Free Trade Zone companies, settling the payment through the bank accounts in the same bank in UAE.
  • Local USD transfers between two entities registered in UAE, using accounts at the same bank in the UAE.
  • Settlements between two onshore companies in the UAE conducted in USD through local banks.
  • Physical trade of precious metals and stones with commercial banks that are regulated and operating outside the UAE.
  • Transaction between related parties, even if one is on the mainland and the other is in Free Trade Zone, provided they use UAE bank accounts.

Legal Obligation for Filing DPMSR

Ministry of Economy’s Circular No. 08/2021 on Dealers in Precious Metals and Stones Report is the primary mandate explicitly introducing the DPMSR filing requirement for the DPMS sector in UAE. It has extensively mentioned DPMS transactions that need to be reported.

Article 3 of Cabinet Decision No. (134) of 2025, classifies Dealers in Precious Metals and Stones (DPMS) as Designated Non-Financial Businesses and Professions (DNFBPs) when they carry out single or several linked cash transactions whose value equal or exceed AED 55,000.

By virtue of it, they must comply with AML/CFT/CPF obligations mandated by UAE’s Federal AML/CFT/CPF Laws, Cabinet Decisions and other directives issued by relevant Supervisory Authorities in connection therewith.

Consequences of Failure to File DPMSR

Ministry of Economy and Tourism is a Supervisory Authority that oversees the AML/CFT/CPF compliance in the DPMS sector.

Article 17 of Federal Decree Law No. (10) OF 2025, gives power to MOET to impose severe penalties, including fines ranging from AED 10,000 to AED 5,000,000, potential suspension or revocation of their business license, restriction on business activities for non-compliance with any directives issued by them in connection with the AML/CFT/CPF compliance.

Accordingly, Dealers in Precious Metals and Stones are subject to regulatory penalties from MOET if they fail to report DPMSR when required.

Understanding DPMSR Legal Requirements Can be Complex

Want to Simplify it?

Contact Us Now

What is the Timeline for filing DPMSR on the goAML Portal?

Dealers in Precious Metals and Stones Report (DPMSR) need to be filed on the goAML portal within 2 weeks of the occurrence of a qualified transaction for DPMSR.  

Why is DPMSR Filing Necessary for the DPMS Sector?

DPMSR filing is necessary for the DPMS sector, as it is one of the most lucrative sectors for miscreants to disguise illegal money, according to MOET’s Supplemental Guidance for DPMS. This necessitates stronger regulatory oversight and transparency.

DPMS sector deals in high-value commodities such as gold, diamonds and other precious metals. The transactions pertaining to these high-value items can be misused for Money Laundering (ML), Terrorism Financing (TF), or Proliferation Financing (PF) activities.  

Specified transactions that need to be reported in DPMSR, as stated by MOET, carry a higher risk of ML/TF/PF. Reporting these transactions to the Financial Intelligence Unit (FIU) serves as a preventive compliance measure and helps authorities keep visibility over such transactions.

Common Challenges Faced by the DPMS Sector in Filing DPMSR

While filing the DPMSR, the DPMS sector often faces several problems. These common challenges include the detection of structured transactions below the reporting threshold, understanding DPMSR obligations, an unclear escalation path for reporting, problems navigating goAML, and a lack of skilled resources.

Common Challenges Faced by the DPMS Sector in Filing DPMSR

Understanding DPMSR Obligations

Many DPMS businesses struggle to determine whether a transaction meets the AED 55,000 reporting threshold, especially when payments involve mixed methods, such as partial cash and partial wire transfers.

This creates uncertainty about whether a transaction qualifies for DPMSR and when exactly the reporting is required.

Detecting Linked Transactions Below Reporting Threshold

Detecting linked transactions below the reporting threshold is another major issue for DPMS businesses. Customers may split payments into smaller amounts and make multiple purchases over a short period.

Identifying when such transactions are connected and should be treated as a single reportable transaction can be difficult without robust transaction monitoring tools.

Problems Navigating goAML

DPMSR is filed via the goAML portal; the DPMS sector often struggles to navigate this platform due to a lack of understanding of the portal and technical inabilities.  

Lack of Skilled Resources

Another major problem in submitting DPMSR is that not all DPMS businesses have dedicated compliance staff, as many of them are small enterprises with a lack of economic and human resources.

This can increase the risk of errors or missed reporting because verifying transactions and preparing accurate reports require skilled resources.

Unclear Escalation Roadmap for DPMSR

Many of the DPMS businesses have outdated or inconsistent procedures in place for escalating reportable transactions. Sometimes these procedures exist only on paper; execution is totally scattered.

This creates internal confusion about when and how to file DPMSR, leading to missed or delayed reporting.

Say Bye to DPMSR Submission Challenges!

Let Experts Help You Fix DPMSR Reporting Gaps.

Talk to Our Experts!

Step-by-Step Guide for DPMS Sector to Submit DPMSR

Accurately filing DPMSR requires a structured approach and chronological process from DPMS businesses.

The DPMSR filing process involves identifying DPMSR-specific reporting transactions, obtaining identification documents, logging into the goAML portal, selecting the DPMSR report type, entering mandatory data fields and submitting the report.  

Step-by-Step Guide for DPMS Sector to Submit DPMSR

Identifying DPMSR Specific Reporting Transaction

The first and foremost step is to determine whether the transaction meets the reporting requirements of DPMSR.

As explicitly stated by MOET, when a transaction crosses the threshold of AED 55,000 in cash or international wire transfer, the obligation to file DPMSR arises. If thresholds are met or suspected to be met collectively, the transaction qualifies for DPMSR reporting.

Obtaining Identification Documents

The next step is to obtain identification documents of the parties involved in the reportable transaction.

The following identification documents need to be collected:

  • Resident individual: obtain an Emirates ID or a passport copy
  • Non-Resident individual: valid Govt. issued ID or passport copy
  • Corporate Entities: Trade License, Emirates ID or passport copy of representative person

Accessing goAML Portal

The following step after obtaining ID documents is to log into goAML portal.

DPMS businesses can log into goAML portal with the credentials given at the time of registration. Also, goAML profile needs to be updated and current.

Selecting DPMSR from the Dropdown Menu

The next step is to select the DPMSR report type from the given dropdown menu.

After logging into goAML portal, click on the web report tab, navigate to the report type dropdown menu and select Dealers in Precious Metals and Stones Report (DPMSR) from the list of reports given.   

Entering Mandatory Data Fields

The next step for DPMS sector Regulated Entities is to enter mandatory data fields on goAML portal before submission.

Reporting Entities need to complete all fields marked with an asterisk (*) as these are mandatory for submission.

Key sections include transaction information, details of parties involved in the transaction, and the reason for reporting.

While entering these data fields, Regulated Entities should ensure that no required data is missing, as it can cause system rejection.

Submitting DPMSR

Once the mandatory data fields are filled out, the next step is to click on the submit button and complete the filing of DPMSR.

Before clicking on the submission, it is advisable to review the report for accuracy and completeness. The supporting documentation, such as ID documents, proof of address, deposit slips, and client information, is attached post-saving the report.

It should be noted that each attachment must be under 5 MB in size as a total of 20 MB is allowed per report, and attachment file names should be short and without any special characters.

Post-Filing Action

The final step following the submission of DPMSR is to retain and maintain a submission copy of DPMSR and its supporting documents for at least 5 years, subject to the obligation of record-keeping under the UAE’s AML/CFT/CPF laws.

Need Help in Navigating goAML for DPMSR Filing?

Let Our Experts Guide You to File an Accurate DPMSR

Contact Us Now!

DPMSR Reporting Excellence: A Best-Practice Guide for the DPMS Sector

Dealers in Precious Metals and Stones Report (DPMSR) is not just a generic compliance obligation, but it safeguards the financial system from any kind of potential ML/TF/PF risks arising out of high-value PMS transactions.

Regulated Entities in the DPMS sector must maintain accuracy and timeliness while filing DPMSR by adopting some of the best practices.

These best practices include leveraging advanced transaction monitoring tools, setting clear reporting triggers in policies, inculcating staff with DPMSR-specific knowledge, maintaining audit-ready documentation and establishing a transparent escalation workflow for swift filing.  

DPMSR Reporting Excellence A Best-Practice Guide for the DPMS Sector

Leverage Advanced Transaction Monitoring Tools

Regulated Entities must implement advanced transaction-monitoring tools and calibrate their rules to align with the DPMSR triggers.

Transaction monitoring tools ensure that DPMSR-specific reportable transactions are identified in real time, especially when payments are split, structured or made through different channels.

Set Clear Reporting Triggers in Policies and Procedures

DPMS sector Regulated Entities must explicitly define the obligation to file DPMSR and set clear reporting triggers for it in their internal AML/CFT/CPF policies and procedures.

Well-documented triggers remove guesswork for staff and ensure consistent reporting decisions.

Inculcate Staff with DPMSR Knowledge

Regulated Entities in the DPMS sector must inculcate DPMSR-specific training for their staff to ensure accurate filing.

Training employees on reporting thresholds, red flags and documentation requirements ensures that they understand why DPMSR is required and what transactions qualify for it.

Moreover, Reporting Entities should also train their employees on how to navigate the goAML platform, as ultimately, they must go and file the report there only.

Maintain Audit-Ready Documentation

Regulated Entities must ensure that audit-ready documentation is in place.

All transaction records, customer identification documents, invoices, and payment proofs must be organised and easily retrievable. Proper documentation supports accurate reporting and demonstrates preparedness for regulatory inspections.

Establish Transparent Escalation Workflow

Regulated Entities in the DPMS sector must establish transparent internal escalation workflows for DPMSR filing.

A clearly defined escalation procedure makes sure that reportable transactions are escalated, reviewed, filed, and submitted by the right person. This closes major reporting gaps such as inconsistencies, delays and ensures swift, efficient DPMSR reporting.

How AML UAE Supports Robust Submission of DPMSR by Mitigating Common Challenges

Despite clearly written regulatory obligations for DPMSR filing, the DPMS sector often faces several problems in executing this compliance measure.

We here at AML UAE support DPMS businesses to develop a strong AML/CFT/CPF compliance framework that resonates with regulatory expectations and DPMS sector-specific requirements. In this, we cover comprehensive solutions for efficient DPMSR filing tailored to your business.

  1. Problem: Regulated Entities often enter incorrect data fields in the goAML portal while filing DPMSR, leading to report rejection.
    Solution: AML UAE assists DPMS sector Regulated Entities in preparing, reviewing and submitting DPMSR accurately on the goAML portal through its AML Regulatory Reporting services
  2. Problem: DPMS businesses struggle to detect linked transactions that cross the threshold of AED 55,000 when multiple purchases are made by the same customer on different days.
    Solution: AML UAE supports DPMS businesses to detect linked transactions by recommending advanced tools and systems that automatically flag such related transactions through its AML Software Selection services.  
  3. Problem: DPMS staff are mostly unsure which payment types or transaction scenarios trigger DPMSR filing and often confuse it with other regulatory reports, leading to incorrect reporting.
    Solution: AML UAE’s AML Training services provide practical guidance for filing DPMSR. These training sessions are tailored to the DPMS sector, which helps teams to understand sector-specific compliance requirements and remove confusion.
  4. Problem: A lot of DPMS sector Regulated Entities maintain compliance documentation but lack alignment with written controls and actual reporting practices.
    Solution: AML UAE, through its AML Health check services, helps DPMS sector Regulated Entities to assess whether the existing framework works effectively in real operation, and through its AML Policies, Controls and Procedures Documentation services, enhances the internal AML/CFT/CPF framework as per DPMS sector-specific AML/CFT/CPF compliance requirements.

Fulfil Dealers in Precious Metals and Stones Report (DPMSR) Reporting Requirement Confidently

Meeting Dealers in Precious Metals and Stones Report (DPMSR) reporting requirement is essential for DPMS sector Regulated Entities for complete compliance with the UAE’s AML/CFT/CPF regulatory obligation.

Even small lapses in identifying reportable transactions, capturing details or filing reports in the required timeline can expose the DPMS businesses to greater ML/TF/PF risks and regulatory scrutiny.

Thus, they need to count on tailored solutions and approaches for accurately filing DPMSR. AML UAE supports DPMS businesses to simplify the complex DPMSR reporting process through its specialised services and expert team. It offers the right guidance and advice that helps entities confidently meet their regulatory obligations.

Manage DPMSR Filing with Clarity and Confidence

Full-proof DPMS Sector AML/CFT/CPF Compliance with Our Expert Support and Efficient Services

Contact Us Now

FAQs on Dealers in Precious Metals and Stones Report (DPMSR) 

What is the minimum reporting threshold for DPMSR? 

Specified transactions that equal or exceed AED 55,000 are to be reported in DPMSR on the goAML portal.

No, both B2B and B2C transactions are to be reported in DPMSR on the goAML portal if transactions exceed the specified amount. 

No, as the transaction involves the local transfer between accounts in the same bank in the UAE.

Yes, as the transaction involves an international wire transfer, the same needs to be reported.

No, the transaction does not involve an international wire transfer, and hence it need not be reported as a DPMSR on the FIU goAML portal.

Share via :

About the Author

Linkedin-in

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Beyond Thresholds: Transaction Monitoring for UAE DPMS Businesses

Risk-Based Transaction Monitoring Model for DPMS Sector

Blogs

Home Blogs

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

In AML/CFT compliance, transaction monitoring is often thought about from the angle of banks, payment firms, or wealth managers. Retail jewellery is different. If one applies standard monitoring logic without adapting it for the Dealers in Precious Metals and Stones (DPMS) sector, one risks missing the real risks or overwhelming staff with false alerts.

That is exactly why this conversation matters for the UAE.

The UAE framework now reinforces risk-based compliance obligations for obliged entities, including DNFBPs such as Dealers in Precious Metals and Stones. Federal Decree Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025 set the broader expectation for customer due diligence, ongoing monitoring, and suspicious transaction reporting through a risk-based approach. The Ministry of Economy and Tourism has provided sector guidance for DPMS, including practical risk signals and supervisory expectations.

In jewellery retail, high-ticket sales are common. However, the nature of goods significantly impacts risk. A business dealing primarily in gold bullion, coins or uncut precious stones faces a different exposure than one selling finished jewellery. A practical monitoring framework must distinguish between these product lines from the outset.

Festival and wedding cycles shift volumes and payment behaviour. Walk-in customers may buy once and never return. Family members often split consideration across multiple instruments. Cash, cards, transfers, and third-party contributions may all appear in one transaction lifecycle. None of this is automatically suspicious, but all of it can mask risk if controls are poorly designed.

The real challenge is not simply to monitor transactions. It is deciding what should genuinely raise concern in a sector where high-value transactions and fluctuating customer behaviour are part of normal business.

To achieve this, a business must understand its own sales patterns. Without analysing the same, one cannot differentiate a genuinely anomalous transaction from a routine high-value sale during a peak season.

5 Questions That Make DPMS Monitoring Actually Work

Most compliance officers from the DPMS sector ask this:

  • What threshold should we set?
  • How do we minimise false alerts?
  • Who should review alerts and when?

Those are useful operational questions, but they are not the first questions to ask. The first line of questions should be:

1. What does normal look like for this specific shop format?

A flagship store in Dubai Mall and a Dubai gold souk outlet do not have the same behavioural baseline. Their average ticket size, customer mix (tourist vs resident), and payment preferences will vary accordingly.

For instance, a flagship store may see average ticket sizes of AED 15,000–50,000 with 70% card payments, while a gold souk outlet may see AED 1,000–10,000 tickets with 60% cash.

Seasonal peaks during Diwali or Eid may triple volumes in both, but the payment mix and customer profiles differ significantly. Without mapping these baselines, compliance teams cannot distinguish genuine anomalies from normal variance.

A practical first step is to segment your business by location and customer type to establish distinct profiles.

2. Which behaviours are commercially normal but risk-relevant?

Split payments can be for customer convenience, but repeated splitting just below internal controls may indicate structuring behaviour.

The key differentiator is often the explanation. A customer who voluntarily clarifies that the payment is split because they are using funds from multiple family bank accounts for a wedding provides a lower-risk context than someone who is evasive about the same payment structure.

3. Where is the highest blind spot: onboarding, point of sale, or post-sale review?

Many firms focus heavily on onboarding and underinvest in transaction pattern analysis. Post-sale pattern analysis is where you connect individual transactions to see the full picture. A single cash purchase may seem normal, but multiple cash purchases by related parties from different branches of the same store in one week are a pattern.

4. Can sales staff identify context, not just collect documents?

Good monitoring depends on asking sensible follow-up questions, not only ticking fields. It requires practical, scripted prompts that guide a conversation without making the customer feel uncomfortable.

5. Do your alerts lead to better decisions or just bigger queues?

If 95% of alerts are closed as false positives, your rules need redesign.

Review your closed alerts on a monthly basis. If the same type of alert is consistently false, modify the rule or remove it; keep the focus on meaningful signals.

If every alert triggers a review that yields no action, staff fatigue sets in, and genuine risks may be overlooked. Monitoring quality is measured not by alert volume, but by timely decision-making and escalation.

Why does the rule only transaction monitoring fail in DPMS?

A simple threshold model sounds attractive. For example, “alert anything above X amount” or “alert any cash usage.” In DPMS, this often fails for three reasons:

  • High value is normal: Expensive items are core business, not exceptions.
  • Seasonality distorts behaviour: Festive peaks can look anomalous in static models.
  • Customer profile variety is high: Tourists, residents, family buyers, collectors, and traders can engage in very different activities.

This is why many stores end up with massive alert volumes and limited analytical value.

The answer is not abandoning rules. The answer is layering rules with context.

A rule that treats all high-cash transactions as the same will drown you in tourist alerts while missing the trader structuring purchases to avoid scrutiny

A monitoring system succeeds not by the number of alerts it generates, but by its ability to disambiguate. Its effectiveness lies in consistently distinguishing true positives from false positives and identifying which alerts require escalation versus those that reflect routine commercial transactions.

Confused with how to mitigate ML, FT, and PF risks within your Regulated Entity?

Contact Us Now

A risk-based transaction monitoring model that works in practice

For UAE retail jewellers, a practical model should include five layers.

Risk-Based Transaction Monitoring Model for DPMS Sector

1. Business baseline mapping

Build behavioural baselines by jewellery store type, product category, and seasonality:

  • Typical ticket bands by jewellery category
  • Payment mix by delivery channel and location
  • Expected festival and wedding uplifts
  • Common customer archetypes

Without this baseline, every busy season looks risky, and every quiet week looks clean.

For example, a cash-paying tourist buying a single high-value piece for personal use is behaviourally different from a resident making monthly purchases on credit, who is different again from a trader buying bullion for business inventory, who is different from a collector acquiring rare gemstones.

Each has a legitimate reason for their behaviour, but each presents different risk indicators. Product type also fundamentally changes the risk exposure. A bullion dealer handling 1kg gold bars operates differently from a diamond merchant or a mixed jewellery retailer.

A practical approach is to review transaction data, segment by store format and product type, then document the ticket size, payment method, and customer frequency. Use this as your benchmark for what constitutes normal variance versus genuine deviation to build these baselines.

2. Risk-weighted triggers, not blunt thresholds

Use weighted indicators instead of a single amount trigger. For example:

  • Repeated split payments on connected parties
  • Sharp mismatch between stated profile and purchase pattern
  • Frequent reversals, cancellations, or quick resale-related signals
  • Use of multiple third-party payments without a clear commercial rationale
  • Patterned use of cash around internal thresholds

Each indicator alone may be benign. Combinations are what matter.

3. Frontline judgement framework

Sales teams are not AML investigators, and they should not be treated as such. But they are the first line of observation. Give them practical, plain language prompts:

  • “Can you confirm who is funding this purchase?”
  • “Is this for personal use, gifting, or commercial purposes?”
  • “Please clarify the relationship between payer and customer.”
  • “Could you explain the payment split structure?”

A short, practical prompt book often outperforms long policy manuals. Integrate these prompts into the sales workflow. The goal is not interrogation, but informed conversation.

4. Second line review discipline

Compliance or nominated reviewers should focus on:

  • Pattern linkage across transactions, not one transaction in isolation
  • Documented rationale for closure decisions
  • Escalation quality and timeliness
  • Learning loops from prior cases and typologies

Reviewers should maintain a simple log that tracks why an alert was opened and why it was closed. This log becomes your audit trail and your training material for future reviews.

5. Governance and calibration cycle

Monitoring models must be recalibrated periodically:

  • Monthly quick checks during high season
  • Quarterly tuning based on false positive and missed case analysis
  • Annual full model review aligned to enterprise and sector risk updates

Monthly reviews should ask: which rule generated the most noise this month, and why? Track the root causes for false positives.

See if most false alerts are from a specific store location, a particular product category, or a single rule? This tells you where recalibration is needed. For example, if your cash threshold rule generates 200 alerts monthly, but 190 are from your gold souk outlet where cash is dominant, the rule is poorly designed for that location.

Your monitoring model must reflect which products you actually sell. A “one-size model” will generate false alerts in areas that don’t apply to your business.

During calibration, engage your frontline staff. Ask them if the current rules are capturing the right behaviours or if they are seeing new patterns that the current model misses. Their practical insight is invaluable for keeping the system relevant.

Practical red flag logic for DPMS

A useful principle is “explainable risk.”

If a transaction is large but readily explainable through profile, source, and purpose, it may be lower risk than a smaller transaction with a weak narrative and inconsistent behaviour.

Consider these examples:

Example A: Large wedding purchase

  • High value, family participation, documented relationship, coherent explanation, and consistent payment trail.
  • Likely low to medium risk depending on full profile.

Example B: Mid-value repeated fragmented purchases

  • Same week, different family members, inconsistent reasons, payer and beneficiary mismatch, frequent threshold adjacency.
  • Potentially higher risk despite smaller values.

Example C: Cash-heavy pattern with rapid product exchanges

  • Repeated product swaps and refunds, multiple locations, unclear economic purpose.
  • Strong escalation candidate.

The point is simple: amount matters, but behaviour matters more. Document the rationale behind every escalation decision. If a pattern like Example C is escalated, the compliance officer’s notes should explicitly reference the combination of factors that triggered the concern, not just the cash element.

Common implementation mistakes

  1. Implementing a bank-style monitoring matrix in the DPMS retail/wholesale business.
  2. Training staff once per year with no scenario practice.
  3. Treating all split payments as suspicious, then ignoring alert fatigue.
  4. Failing to connect the Point of Sale (PoS) data with compliance review notes.
  5. Applying the same threshold and monitoring logic to bullion sales as to rough gemstones or finished jewellery sales, despite their vastly different liquidity and risk profiles.
  6. Assuming a “one-size-fits-all” monitoring approach for all retail locations, ignoring the demographic and behavioural differences between a mall boutique/flagship store and a traditional gold souk shop.
  7. Escalating late because “something felt odd” was never documented properly.

Each of these can be fixed with practical design and governance.

Therefore, it becomes important to document why a transaction was reviewed, what factors were considered, and what decision was reached. This creates an audit trail and improves future decision-making through pattern recognition.

A solution-oriented blueprint for UAE DPMS Businesses

If you are an owner, MLRO, or compliance lead, start here:

  • Define your top 10 risk scenarios specific to the nature and size of your business.
  • Build a tiered alert model: informational, review, escalation.
  • Create a two-page frontline question guide.
  • Introduce a weekly thirty-minute case review huddle.
  • Track three metrics only: true positive rate, time to decision, and escalation quality.
  • Recalibrate monthly during seasonal peaks.
  • Keep an auditable rationale for every material decision.

This provides proportionate, defensible monitoring that is practical for business teams and credible for supervisors. A small retail outlet does not need the same AML controls as a large wholesaler. Scale your operations to your actual transaction volume and risk exposure and apply appropriate risk controls.

Final thought on Transaction monitoring in DPMS

Transaction monitoring in DPMS should not be a borrowed framework from other sectors. It should be a risk-based, operationally realistic model tailored to how jewellery retail actually works in the country.

The right objective is not to produce more alerts. The right objective is to ask better questions, make better decisions, and provide evidence for both.

That is where compliance maturity sits, and that is where global AML/CFT practice meets local UAE reality.

Stay updated on UAE AML rules

Get guidance, regulatory alerts and practical onboarding tips.

Contact Us Now

Add a comment

Related Blogs

24/04/2026

AML Regulations for DNFBPs in UAE

Federal AML Laws and Executive Regulations Applicable to Accountants and Auditors
17/04/2026

AML Regulations for Accountants and Auditors in UAE

AML Regulations Applicable to TCSPs in UAE
16/04/2026

AML Regulations for Trust and Corporate Service Providers (TCSPs) in UAE

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Real Estate Activity Report (REAR) submission by real estate brokers and agents and law firms as per Circular Number: 05/2022

When to File a REAR

Blogs

Home Blogs

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

REAR At a Glance

  • What it is: REAR is a regulatory report filed on the goAML portal for certain freehold real estate transactions to support UAE AML, CFT and CPF compliance.
  • Who must file: Real estate brokers and agents, and lawyers, notaries and other independent legal professionals when they prepare, conduct, or execute property purchase or sale transactions for clients.
  • Main trigger: Filing becomes mandatory where a freehold property transaction involves cash payments of AED 55,000 or more (single payment or cumulative instalments).
  • Virtual assets trigger: REAR is also required if payment is made in virtual assets, or using funds converted from virtual assets, whether in part or in full.
  • Why it matters: REAR strengthens transparency and traceability, helping regulators and the FIU spot ML/TF/PF patterns over time, even where the transaction does not look suspicious at first glance.
  • Non-compliance risk: Failure to file can expose firms to serious regulatory action, including substantial fines and potentially restrictions, suspension, or licence cancellation, depending on the supervisory authority’s powers.

Submitting Real Estate Activity Report (REAR) is a vital Anti-Money Laundering (AML), Counter-Financing of Terrorism (CFT) and Counter Proliferation Financing (CPF) compliance measure for Real Estate sector-specific Regulated Entities in UAE.

Explore how an effective REAR framework supports regulatory compliance, understand its key requirements, and follow the reporting process step by step.

Real Estate Activity Report (REAR)

What is Real Estate Activity Report (REAR)?

Real Estate Activity Report (REAR) is a Regulatory Report that licensed Real Estate Brokers, Agents and Lawyers in UAE are required to submit when they come across freehold property transactions in cash (equal to or exceeding AED 55,000) or virtual assets or funds converted from virtual currencies.

The Rational behind REAR filing is to ensure accountability, transparency and regulatory oversight within the real estate sector is maintained.

The primary purpose is to make sure property transactions that involve significant cash or virtual assets are properly reported and documented so that the related ML/FT/PF risks can be countered effectively.

Who Needs to File REAR in UAE?

Businesses in the Real Estate sector that are involved in activities that fall under the covered activities for AML/CFT/CPF compliance, as classified in Article 3.2 of Cabinet Decision No. (134) of 2025 have a compliance obligation to file REAR.

Real Estate Sector-specific Regulated Entities are mandated to file REAR when they undertake specified transactions or arrangements pertaining to the purchase or sale of real estate properties for their customers. 

  • Real Estate Brokers
  • Real Estate Agents
  • Lawyers, Notaries and other independent legal professionals, when preparing, conducting or executing financial transactions of real estate property purchase or sale for their customers.

When to File a REAR?

The obligation to submit REAR arises when Real Estate Brokers, Real Estate Agents and other legal professionals are involved in transactions that meet the following specific criteria for reporting:

When to File a REAR

The transaction is related to freehold real estate, and the mode of payment for such property transactions has been carried out in one of the following ways; then REAR must be reported without a doubt.

  • The payment for the purchase or sale of such freehold property has been made in a single cash transaction that equals or exceeds AED 55,000.
  • The payment for the purchase or sale of such freehold property has been made in several cash transactions whose aggregate value equals or exceeds AED 55,000.
  • The entire or a portion of the payment for the purchase or sale of such freehold property has been made in virtual assets.
  • The entire or a portion of the payment for the purchase or sale of such freehold property has been made in funds that are converted from virtual assets.

If the above criteria are met, then filing the Real Estate Activity Report on the goAML portal becomes obligatory.  

What are Freehold Property Transactions in UAE?

Freehold property transactions in the UAE are real estate deals that allow buyers absolute ownership of the land and its unit, regardless of their nationality. It allows immigrants to buy, sell or lease properties without any restrictions in designated zones or investment zones.

The Real Estate Regulatory Authority (RERA) regulates and oversees real estate market activities and participants.

If Real Estate Brokers or Agents in UAE are facilitating these freehold property transactions, then they are subject to REAR Regulatory Reporting requirements when specific criteria are met as part of their AML/CFT/CPF obligations.   

Legal Obligations for Filing REAR

Ministry of Economy and Tourism Circular Number: 05/2022 on Real Estate Activity Report is the primary legal mandate explicitly introducing reporting of REAR for licensed Real Estate Brokers and Agents in the UAE. It comprehensively specifies which transactions need to be reported and when.

As per Article 3 of Cabinet Decision No. (134) of 2025, Real Estate Brokers and Agents are classified as Designated Non-Financial Businesses and Professions (DNFBPs) when they conduct activities relating to buying and selling real estate properties on behalf of their customers.

Similarly, Purchase and Sale of Real Estate for clients is one of the covered activities of AML/CFT/CPF compliance for Lawyers, Notaries and Other independent Legal Professionals. By virtue of this, they too are under the mandate of the Ministry of Justice’s circular no. 14 of 2022 regarding the REAR Real Estate Activity Report submission on the goAML portal when they are involved in transactions related to such activities.

Consequences of Failure to File REAR

Article 17 of Federal Decree Law No. (10) of 2025, gives power to Supervisory Authorities to impose severe penalties, including fines ranging from AED 10,000 to AED 5,000,000, potential suspension or revocation of their business license, restriction on business activities for non-compliance with any directives issued by them in connection with the AML/CFT/CPF compliance.

Accordingly, Real Estate Brokers, Agents and Legal Professionals may face regulatory penalties from their relevant Supervisory Authority if they fail to submit REAR.

Stay Updated with REAR Filing Legal Requirements.

Want to Know More?

Contact Us Now

Why is REAR filing Necessary for the real estate sector?

According to the MOET’s Supplemental Guidance for Real Estate Sector, the real estate sector is identified as a highly attractive sector for wrongdoers to launder their illicit funds, which necessitates reporting of REAR.

The Real Estate sector offers high-value property transactions, market stability and ease of use of intermediaries or third parties. These factors provide money launderers a chance to obscure the origin of their illegally obtained money in the guise of expensive property transactions, often using intermediaries to hide true ownership.

The Real Estate Activity Report (REAR) is a preventive compliance measure introduced by the Ministry of Economy and Tourism (MOET) and the Ministry of Justice (MOJ) to close these gaps.  

Through REAR, the mandatory reporting of specified transactions that are deemed to be at high risk due to involvement of large cash volumes or virtual assets ensures that they are brought under the eyes of Regulators as a preventive measure.

Moreover, REAR facilitates transparency for the FIU to perform data analysis. Even if the transaction does not appear suspicious initially, the REAR provides necessary data trails that allow Regulatory Authorities to detect complex ML/TF/PF patterns over time.

Common Challenges Faced by the Real Estate Sector in Filing REAR

The common challenges faced by the real estate sector in filing REAR include detecting transaction thresholds, confusion with different reporting requirements, complex investigations, counting multiple linked transactions, dilemmas in property classification, lack of skilled resources, inconsistent escalation process and technical difficulties.

Common Challenges Faced by the Real Estate Sector in Filing REAR

Detecting Transaction Thresholds

Many Real Estate sector-specific Reporting Entities and law firms often struggle to identify when a transaction crosses the REAR reporting threshold of AED 55,000, especially when payments are made in parts.

Without a robust transaction monitoring tool, there is a high risk of reportable cases being missed.  

Confusion with Different Reporting Requirements

There are various Regulatory Reports in UAE for AML/CFT/CPF compliance, and each regulatory report has different reporting requirements.

A lot of Real Estate Brokers and Agents get confused between when to file REAR and when other reports, such as SAR/STR, CNMR/PNMR, need to be filed. Further, the filing of REAR does not in any way exempt them from their responsibility of filing SAR, STR, CNMR, PNMR, HRC, or HRCA. Many real estate brokers and lawyers fail to understand this.

Complex Investigations

Some property transactions involve a layered ownership structure, third party involvements, and unusual payment arrangements.

Reviewing and understanding the details of complex financial transactions can be time-consuming and difficult.

Dilemmas in Property Classification

REAR is filed for freehold property transactions. However, a lot of Real Estate Agents and Brokers face problems determining whether a property qualifies as a freehold or falls under another category.

This confusion can lead to either a failure to file a mandatory REAR or the submission of redundant data for non-regulated property types.

Lack of Skilled Resources

Another major problem in submitting REAR is that not all Real Estate Agents and Brokers have dedicated compliance staff who understand the intricacy of AML/CFT/CPF obligations.

This can increase the risk of errors or missed reporting, subjecting them to regulatory penalties.

Inconsistent Escalation Process

Many of the Reporting Entities have inconsistent or outdated procedures in place for escalating reportable transactions.

Without a standardised internal escalation path, critical data often gets lost rather than being reported.

Technical Difficulties in goAML

REAR is filed via the goAML portal; however, Real Estate sector-specific Reporting Entities often struggle to deal with the technicalities of this platform.

The struggle intensifies especially when they are unfamiliar with REAR’s format, data fields and submission steps. This can slow down reporting and increase the risk of compliance failures.

Implementing Effective REAR Filing Across UAE: Step-by-Step Guide for the Real Estate Sector and Lawyers to Submit REAR

Implementing Effective REAR filing demands a structured approach and chronological process from Real Estate Regulated Entities.

The process of filing an accurate Real Estate Activity Report (REAR) involves identifying REAR-specific reporting transactions, obtaining significant documents (Emirates ID, Passport copy, Trade License, invoices, sale agreements), logging into goAML portal, selecting the REAR report type, entering mandatory information and uploading relevant documents pertaining to the transaction.

Step-by-Step Guide for the Real Estate Sector and Lawyers to Submit REAR

Identifying REAR Specific Reporting Transaction

The first step begins with identifying REAR-specific reporting transactions.

As explicitly stated by MOET and MOJ, when the purchase or sale of freehold real estate is carried out in cash (that equals or exceeds AED 55,000) or virtual assets or funds converted from virtual assets, the obligation to file REAR arises.

Obtaining and Recording Significant Documents

The second step is to obtain and record significant documents post-identifying a reportable transaction.

This includes collecting identification and real estate transaction-related documents. The following are the mandatory documents that Reporting Entities need to obtain and record before filing REAR.

  • Identification documents of the purchaser and seller.
    – For natural person: Emirates ID or Passport Copy
    – For legal person: Trade License, MOA/AOA, Emirates ID or Passport copy of Ultimate Beneficial Owners (UBOs), Register of UBOs.
  • Receipts, Invoices and Contracts
  • Purchase and Sale Agreement

Accessing the goAML Portal

The next step is to access the FIU goAML portal after obtaining and recording significant documents.

Real Estate sector-specific Reporting Entities need to log in to their goAML portal with credentials given at the time of their registration.

For Reporting Entities, it is very important to ensure that the passwords are updated and their organisational profile on the goAML portal is current.

Selecting REAR from the Dropdown Menu

The following step for Reporting Entities is to select the REAR report type from the given dropdown menu.

Post logging into the goAML portal, click on the “Web Report” tab, navigate to the report type dropdown menu and select Real Estate Activity Report (REAR) from the list of reports given.

While selecting the report type, Reporting Entities need to ensure that they do not get confused between the SAR/STR and REAR. Selecting the correct Report type is critical for an efficient REAR submission.

Entering Mandatory Data

The subsequent step for Reporting Entities is to enter mandatory data fields on the goAML portal before submission.

These data fields are mainly related to the information pertaining to the parties involved in the reportable transaction, transaction details, and property description.

Entering the names of the buyer and seller along with their nationalities and ID numbers, detailing the date, total value of the property and amounts paid in cash or virtual assets and describing the exact address and property type of the real estate in question, fulfils the essentials of REAR submission for Regulated Entities.  

Uploading Relevant Documents

Post entering the mandatory details, the next step for Reporting Entities is to upload relevant documents and click submit to complete the final process.

Attachments pertaining to scanned copies of ID documents, payment receipts, invoices, contracts, and purchase and sale agreements need to be uploaded along with the report. While uploading the attachments, Reporting Entities should ensure the file size meets the goAML portal’s requirements.

After completing each step, click on the submit button to file the REAR to UAE Financial Intelligence Unit (FIU UAE).

Post-Filing Actions

The final step for Regulated Entities after filing REAR is to retain and maintain a submission copy of REAR and its supporting documents for at least 5 years, subject to the obligations of record-keeping under the UAE’s AML/CFT/CPF regulations.

Best Practices for REAR Submission

Real Estate Activity Report filing is not just a generic compliance obligation, but it safeguards the financial system from any kind of potential ML/TF/PF risks arising out of high-value property transactions.

Regulated Entities in the Real Estate sector and legal professionals must maintain accuracy and timeliness in filing REAR by adopting best practices. These best practices include implementing advanced transaction monitoring tools, updating policies and procedures, imparting training, standardising documentation, and maintaining clear audit trails for REAR reporting.

Best Practices for REAR Submission

Implement Advanced Transaction Monitoring Tools

Regulated Entities in the real estate sector and lawyers must implement advanced transaction monitoring tools that can identify reportable transactions quickly and accurately.

These tools can track payment patterns, detect linked transactions, and flag cases that cross reporting thresholds. Automation reduces manual errors, saves time, and ensures that no reportable transaction pertaining to REAR is missed.    

Outline a Clear Escalation Path for REAR in Policies and Procedures

Reporting Entities must define a clear escalation path for REAR reporting in their internal AML/CFT/CPF policies and procedures.

Articulation of who reviews, approves and files REAR when a reportable transaction is identified ensures that cases are handled swiftly and consistently.

Moreover, well-documented policies and procedures demonstrate readiness during regulatory inspections.

Impart Training and Awareness

Real Estate sector-specific Reporting Entities and lawyers must provide regular training and awareness to their employees regarding REAR filing requirements.

Consistent training ensures that staff understand the obligations to file REAR, its reporting thresholds, and red flag indicators.

Moreover, Reporting Entities should also train their employees on how to navigate the goAML platform and technicalities pertaining to that portal, as ultimately, they must go and file the report there only.

Standardise Documentation Procedure

Reporting Entities must ensure that they have standardised documentation procedures in place.

Adopting uniform documentation checklists ensures that all necessary information is collected for every transaction. This improves accuracy, reduces major omissions, and speeds up report preparation.

Establish a Clear Audit Trail

Regulated Entities in the Real Estate Sector must establish a clear audit trail of REAR filing. Clear records of transaction reviews, decisions, and REAR submission must be maintained.

A strong audit trail supports preparedness during regulatory inspections and showcases thorough compliance with the AML/CFT/CPF obligations of the real estate sector to regulatory authorities.

Need Help in Implementing These Best Practices?

Let Our Experts Guide You to File an Accurate REAR

Talk to Our Experts Now

Documentation Requirement for REAR

Documents to be obtained for buyer and seller, if
Individual Corporate
  • Valid Emirates ID; or
  • Passport copy
  • Trade License
  • Articles of Association
  • Register of Beneficial Owners
  • Emirates ID or passport copy for all Beneficial Owners
  • Emirates ID or passport copy for all shareholders/partners

REAR - An Additional Reporting

It is important to note that filing of REAR to report the transaction pertaining to freehold property is an additional requirement.

Real estate brokers /agents and lawyers are also required to file Suspicious Transaction Report / Suspicious Activity Report / Fund Freeze Report / Partial Name Match Report, as and when the same are applicable. Accordingly, along with filing of reports as prescribed earlier for reporting of sanctions or suspicion, additional REAR is to be filed to report all freehold property related transactions as prescribed above.

Summary of compliance requirements for Real Estate Activity Report (REAR)

It is important to note that filing of REAR to report the transaction pertaining to freehold property is an additional requirement.

Real estate brokers /agents and lawyers are not absolved from filing of Suspicious Transaction Report / Suspicious Activity Report / Fund Freeze Report / Partial Name Match Report, as and when the same are applicable. Accordingly, along with filing of reports as prescribed earlier for reporting of sanctions or suspicion, additional REAR is to be filed to report all freehold property related transactions as prescribed above.

Transaction

Mode of payment

(for a portion or entire property)

Actions by Real Estate Brokers/ Agents & Lawyers

Documents to be obtained

Individual

Corporate

Purchase and sale transactions of Freehold Real Estate

Physical cash equal or exceeding AED 55,000

Obtain & record

  • Identification documents
  • Receipts, invoices, contracts and Purchase/Sale Agreement

Submit REAR on GoAML platform

  • Valid Emirates ID; or
  • Passport copy
  • Trade License
  • Articles of Association
  • Register of UBO
  • Emirates ID / Passport for all UBO and shareholders / partners

Virtual asset

Funds converted from Virtual asset

How AML UAE Supports Robust Submission of REAR by Mitigating Common Challenges

Real Estate sector-specific Reporting Entities in the UAE often encounter a number of issues while filing REAR. We here at AML UAE support Real Estate Agents and Brokers and legal professionals to build a robust AML/CFT/CPF compliance specifically customised to their business, which covers comprehensive solutions for efficient REAR filing.

  1. Issue: Reporting Entities struggle to interpret REAR requirements, thresholds and regulatory expectations, leading to missed or incorrect filing.
    Solutions: AML UAE provides comprehensive AML Training on Real Estate Activity Report (REAR) requirements, thresholds and regulatory expectations in line with the UAE’s AML/CFT/CPF laws and sector-specific guidance for Real Estate businesses, lawyers and other legal professionals.
  2. Issue: Regulated Entities do not know when or how to escalate reportable transactions for REAR due to unclear policies and procedures.
    Solutions: AML UAE supports Real Estate sector-specific Regulated Entities and lawyers with its AML/CFT/CPF Policies, Controls and Procedures Documentation services to develop customised policies and procedures that define a clear escalation and reporting path for REAR submission.
  3. Issue: Reporting Entities still rely on manual tracking to detect linked or high-risk transactions.
    Solutions: AML UAE facilitates regulated entities through its AML Software Selection services by recommending solutions that are advanced and can autonomously detect high-value linked transactions.
  4. Issue: Some Regulated Entities have an AML Compliance framework on paper; however, they still face challenges in filing REAR.
    Solutions: AML UAE offers Regulated Entities, extensive reviews of the existing AML/CFT/CPF framework, identifies gaps and provides actionable recommendations through its AML/CFT/CPF Health check services.

Submit Real Estate Activity Report (REAR) Promptly and Adequately Through a Structured Approach

Timely and Accurate submission of Real Estate Activity Report (REAR) is essential for AML/CFT/CPF compliance obligation for Real Estate sector-specific Regulated Entities such as Real Estate Brokers, Agents and Legal Professionals.

Even minor gaps in identifying reportable transactions, documenting details or submitting reports can expose businesses to ML/TF/PF risks and regulatory scrutiny.

AML UAE supports Real Estate Sector Reporting Entities in simplifying the REAR reporting process through its specialised services and expert team. With the right guidance, tools and procedures in place, businesses can confidently manage their REAR obligations as per the requirements of UAE’s AML/CFT/CPF laws.

Ensure Accurate REAR Filing with Confidence

Strengthen Real Estate Sector AML/CFT/CPF Compliance with Our Expert Support and Efficient Services.

Contact Us Now

Add a comment

Related Blogs

24/04/2026

AML Regulations for DNFBPs in UAE

Federal AML Laws and Executive Regulations Applicable to Accountants and Auditors
17/04/2026

AML Regulations for Accountants and Auditors in UAE

AML Regulations Applicable to TCSPs in UAE
16/04/2026

AML Regulations for Trust and Corporate Service Providers (TCSPs) in UAE

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

PNG FATF Grey Listing – Impact on DNFBPs AML Compliance

PNG FATF Grey Listing - Impact on DNFBPs AML Compliance

PNG FATF Grey Listing - Impact on DNFBPs AML Compliance

Home Blogs
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Papua New Guinea FATF Grey Listing: Impact on DNFBPs at a Glance

  • PNG was placed under FATF increased monitoring, i.e., Grey List, in February 2026.
  • The Mutual Evaluation Report identified PNG’s AML Regime weaknesses in conducting ML investigations, asset confiscation, supervising DNFBPs, and maintaining beneficial ownership transparency.
  • Unlike technical compliance gaps, PNGs deficiencies relate to effectiveness across the AML enforcement agencies.
  • DNFBPs in UAE having business relationships with PNG-based customers, suppliers, intermediaries or having presence or branch offices must reassess their geographic risk, monitoring controls, and refresh their re-KYC cycles to ensure regulatory alignment.

Papua New Guinea Added to the FATF Grey List: What Happened?

Papua New Guinea (PNG) was added to the FATF Grey List in February 2026. It is an economy with a GDP of around USD 31.6 billion and a population of over 9 million. Its economy is largely based on extractive industries, such as mining, petroleum, logging, and fishing.

PNG operates predominantly in a cash-intensive environment, with most of its population still outside the ambit of the formal banking system. The 2024 Mutual Evaluation Report (MER) with FATF identified substantial money laundering risks linked to predicate offences such as corruption, bribery, fraud, tax offences, and environmental crimes.

While PNG has an AML/CFT Regime in place, the MER found weaknesses in enforcement outcomes, particularly in money laundering investigations, confiscation of proceeds of crime, beneficial ownership transparency, and weak DNFBP supervision.

Why Was Papua New Guinea Placed Under Increased Monitoring?

PNG was placed under increased monitoring, i.e., FATF Grey List, as the executive summary of the Mutual Evaluation Report highlighted several structural deficiencies in its AML regime, such as:

  • Limited prosecution and asset recovery for money laundering offences and not pursuing investigations.
  • Weak beneficial ownership transparency and unverified or inaccessible beneficial ownership information.
  • Suspicious Activity and Transaction reporting from DNFBPs in PNG is negligible, and their supervision has gaps.
  • Lack of proactive measures around international cooperation to mitigate money laundering risks and confiscate or seize proceeds of crime.

These factors collectively contributed to FATF’s decision to subject PNG to increased monitoring.

What This Means for UAE Businesses with Exposure to PNG?

DNFBPs in the UAE having customers, suppliers, intermediaries, business associates, or branch offices or presence in PNG may require careful reassessment of geographic risk exposure. They must consider the impact of PNG Grey Listing on the following aspects of their AML program.

Enterprise-Wide Risk Assessment (EWRA) Update

The geographic risk component of PNG’s Grey Listing must be incorporated in a DNFBPs EWRA. This would entail reassessing inherent risk, control effectiveness, residual risk, and related factors to align with the business’s risk appetite.

AML/CFT Policy Revision

Upon updating EWRA, DNFBPs need to revise their AML/CFT Policy to reflect the updated status of FATF Grey List countries, including Kuwait, which was also Grey Listed in February 2026 alongside PNG. The DNFBP might also be required to revise or refine their Customer Acceptance or Exit policies to ensure alignment with a risk-based approach.

Customer Risk Assessment (CRA) Methodology Update

DNFBPs are required to include PNGs’ revised Grey Listed status in their risk scoring models as it might impact:

  • Risk categorization thresholds
  • Re-KYC cycle configuration and timelines
  • Appropriate implementation of due diligence measures such as simplified, standard or enhanced.

Software and Screening Reconfiguration

AML Software tools also need reconfiguration in order to:

  • Reflect the name of PNG under increased monitoring
  • Initiate fresh screening and risk-scoring as well as risk classification of customers wherever required in terms of exposure to PNG
  • Re-tune transaction monitoring parameters and alert thresholds according to the risk that requires proportionate mitigation.

Realignment of CDD Measures

A major concern for DNFBPs with PNG is the exposure to the subsequent treatment of existing business relationships, which may require risk-based re-KYC and review. New customer onboarding procedures might also require tweaks or refinement to reflect the risk of PNG’s inclusion on the grey list and its impact to the business’s risk exposure.

Staff Awareness & Governance Documentation

Compliance Officers working within DNFBPs must document Grey List change management in their internal records and report the same to Senior Management and ensure that the staff is adequately trained and updated on geographic risk treatment in the firm’s EWRA, CRA and revised CDD measures, if any, to ensure awareness and readiness to treat geographic risk changes appropriately.

Should Your AML/CFT Risk Assessment Be Updated?

PNG’s Grey Listing does not mandate or lead to automatic enhanced due diligence or blanket de-risking. DNFBPs must take risk-based decisions to ensure structural alignment of EWRA, AML Policy, CRA, AML Software, documentation and record-keeping with UAE’s AML regulations.

DNFBPs should assess whether:

  • PNG’s risk classification and impact are accurately reflected in its EWRA
  • The Customer Risk Assessment (CRA) methodology requires fine-tuning or adjustments
  • AML Software configuration aligns with updated geographic risk
  • Governance documentation reflects the risk-reassessment process
  • Control measures are re-aligned to ensure that the DNFBP does not onboard or continue a business relationship with a PNG-based customer if the risk of doing so exceeds its risk appetite.

Maintaining and recording documentation involved in risk management measures taken by the DNFBP subsequent to PNG’s grey listing strengthens its regulatory auditability.

Is your Business Exposed to Papua New Guinea?

It may be time to recalibrate geographic risk into your EWRA and CRA Parameters!

Contact Us Now!

Practical Compliance Steps for UAE DNFBPs

Following Papua New Guinea’s Grey Listing, UAE DNFBPs should translate changes in their risk identification and assessment measures into operational controls. Some of the practical compliance steps would include the following:

  • Re-Screening PNG-Linked Customers against updated geographic risk classifications and sanctions databases.
  • Conducting targeted Re-KYC Reviews for existing business relationships with clients, business associates, intermediaries, UBOs or suppliers from PNG.
  • Revalidating beneficial ownership information, specifically in cases of complex ownership structures involving multiple layers.
  • Re-tuning Transaction Monitoring Parameters to reflect updated geographic risk, if needed, and avoiding unnecessary alert fatigue.
  • Reviewing High-Risk Business Relationship Approval Workflows to ensure that PNG-linked customers receive appropriate Senior Management oversight
  • Documenting Every Risk-Based Decision for Record-Keeping Purposes related to DNFBPs exposure to PNG-linked customers or business associates.
  • Conducting Focused Personnel Training Sessions to ensure staff awareness and fulfil AML obligations of conducting staff training and awareness.

These practical steps should remain risk-based, that is, proportionate and commensurate to the scale of ML/TF and PF risks faced by the DNFBP from PNG exposure and the nature and size of its business operations as well as its risk appetite.

How Can AML UAE Help DNFBPs with PNG Exposure to Ensure Compliance?

Papua New Guinea’s Grey List inclusion requires DNFBPs in the UAE to reassess the geographic risk element in their EWRA, as well as CRA, to ensure that existing business relationships are within the defined risk appetite.

AML UAE supports DNFBPs with updating and revising EWRA components, recalibrating Customer Risk Scoring parameters, strengthening beneficial ownership verification, and aligning onboarding and monitoring controls proportionately.

AML UAE’s approach ensures that geographic risk adjustments are well-documented, auditable, and consistent with UAE AML regulatory expectations with minimal business disruption.

Grey Listing isn’t a headline risk!

It’s a Governance Test, make sure your AML Framework Aces it!

Request AML Health Check

Frequently Asked Questions – Papua New Guinea Grey Listing

Does PNG’s Grey Listing prohibit business relationships?

No, Papua New Guinea’s Grey Listing requires risk-based decision-making when it comes to business relationships, on the basis of FATF’s recommendation around a risk-based approach.

No, Enhanced Due Diligence measures must only be applied when circumstances warranting EDD present themselves, which could differ from one business to another due to differences in their risk appetite and risk-scoring parameters.

The decision to classify PNG as high-risk solely depends on the business’s inherent risks, residual risks, control measures, and risk appetite. This depends on every business’s own risk-weighing, scoring methodologies, policies and procedures.

PNG was Grey Listed due to systemic weaknesses found in its AML regime, such as poor investigation outcomes, lack of confiscation, unclear beneficial ownership transparency, and lack of proper DNFBP supervision, as identified in the 2024 Mutual Evaluation Report.

The first practical step that UAE DNFBPs can take is to review and document the geographic risk posed by PNG to their business in their EWRA and reassess PNG-linked business relationships accordingly.

Share via :

Add a comment

Related Blogs

24/04/2026

AML Regulations for DNFBPs in UAE

Federal AML Laws and Executive Regulations Applicable to Accountants and Auditors
17/04/2026

AML Regulations for Accountants and Auditors in UAE

AML Regulations Applicable to TCSPs in UAE
16/04/2026

AML Regulations for Trust and Corporate Service Providers (TCSPs) in UAE

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Kuwait FATF Grey Listing – Impact on DNFBPs’ AML Compliance

Kuwait FATF Grey Listing

Kuwait FATF Grey Listing - Impact on DNFBPs’ AML Compliance

Home Blogs
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Kuwait FATF Grey Listing Impact on UAE DNFBPs at a glance:

  • Kuwait was placed on the FATF Grey List in February 2026.
  • The findings in Kuwait’s 2024 Mutual Evaluation Report (MER) identified weaknesses in its Terrorism Financing Risk Assessment and Targeted Financial Sanctions (TFS) implementation.
  • UAE DNFBPs with customers, suppliers, business associates, or branch offices in Kuwait must take risk-based decisions with regard to jurisdiction risk assessments, enhanced due diligence controls, business-wide as well as customer-specific risk assessment parameters.

Kuwait Added to the FATF Grey List: What Happened?

Kuwait is a high-income country due to its strong petroleum-based economy and is ranked 35th most peaceful country in the world by the 2023 Global Peace Index. Despite its economic strength, FATF identified its vulnerabilities related to terrorist acts and terrorist groups operating outside its jurisdiction.

The Mutual Evaluation Report noted that Kuwait’s Obliged Entities have a limited understanding of ML/TF and PF risks they are exposed to, and their AML regime has significant deficiencies in TFS implementation, with a limited scope for freezing and no general prohibition.

Why Was Kuwait Placed Under Increased Monitoring?

The Financial Action Task Force (FATF), the global AML/CFT and CPF watchdog, placed Kuwait on the Grey List after following its standard mutual evaluation procedure.

The FATF 2024 Mutual Evaluation Report assessed Kuwait’s overall effectiveness largely as Moderate, but certain critical areas were rated Low in the context of:

  • Insufficient beneficial ownership transparency
  • Lack of cross-border money laundering investigations regarding currency and bearer negotiable instruments
  • Deficiencies in suspicious transaction reporting (STRs) in non-banking sectors
  • Limited understanding and prosecutions of Terrorism Financing (TF)
  • Inadequate implementation of TFS measures not in alignment with FATF standards.

What This Means for UAE Businesses with Exposure to Kuwait?

UAE-based businesses, such as DNFBPs including real estate agents, brokers, dealers in precious metals and stones, corporate service providers, lawyers and accountants, and gaming sector operators engaging with Kuwaiti customers, suppliers, and beneficial owners, may have practical AML compliance implications.

DNFBPs in the UAE must not apply enhanced due diligence measures or “de-risk” i.e., cut off business ties with all customers belonging to Kuwait; they must apply a risk-based approach.

Customer Risk Reclassification

The addition of Kuwait to the FATF Grey List warrants DNFBPs in UAE to:

  • Reviewing the risk-matrix and risk-scoring parameters of country risk.
  • Re-assessing and re-classifying the ML/TF and PF risk posed by existing Kuwait-linked customers.
  • Documenting and recording the rationale and reasoning behind such customer risk reclassification.
  • Ensuring that risk-adjustments remain proportionate and commensurate to actual ML/TF and PF risk exposure and the business profile of the customer or supplier.

Enhanced Due Diligence Considerations

As established earlier, applying EDD measures as a blanket risk-control mechanism would not align with a risk-based approach. DNFBPs in the UAE must consider taking a risk-based approach and decide whether or not to apply EDD measures, depending on Kuwait-specific factors such as:

  • In the event of coming across corporate customers with unreliable Beneficial Ownership information.
  • Other circumstances warranting EDD, such as:
    • large or unusual transactions
    • transactions without economic or business rationale
    • doubts arising upon the authenticity or veracity of customer information and documents
    • Appearance of red flags in terms of customer behavior or transactions.

Cross-Border Transaction Monitoring

Businesses in the UAE operating in fields like real estate, precious metals and stones, and incorporation services must recalibrate AML/CFT control measures around their cross-border transactions linked to Kuwait so as to ensure that their transaction monitoring frequency is risk-based and commensurate with the risk posed by their Kuwaiti clients or business associates.

Should Your AML/CFT Risk Assessment Be Updated?

Kuwait’s Grey Listing does not automatically require DNFBPs in UAE to apply any blanket control measures, but to take a risk-based approach. DNFBPs must consider how the inclusion of Kuwait in the FATF Grey List impacts the geography risk component of their Enterprise-Wide Risk Assessment (EWRA).

As the geographic risk gets tweaked, based on Kuwait’s inclusion, a DNFBP is required to document and imbibe the same into its AML Programme. Once the AML/CFT Policy is updated, as a result, the Customer Risk Assessment (CRA) methodology needs to be revised to accurately score and classify customers or suppliers from Kuwait. 

DNFBPs are also required to reconfigure their AML/CFT Software and align their Customer Due Diligence measures to ensure that adequate due diligence is performed and risk-based compliance measures are implemented on their existing customers as well as during customer onboarding.

Are your business operations exposed to Kuwait?

You may need to revise and document jurisdiction risk in your EWRA to align with latest FATF Grey Listing.

Get in touch!

Practical Compliance Steps for UAE DNFBPs

DNFBPs in the UAE can take the following practical steps to ensure compliance with AML/CFT obligations.

  • Reviewing Geographic Risk classifications: Enabling reassessment and reconfiguration of risk factors, control measures, risk appetite, and residual risk.
  • Reassessing existing Kuwait-linked clients: Ensuring that changes in their risk profile, if any, have been mitigated with adequate control measures and risk-based decision making.
  • Strengthening Beneficial Ownership Verification: Ensuring that no misuse of corporate structures, complex ownership structures, shell or shelf companies is done to evade UBO identification.
  • Evaluating EDD Thresholds: Ensuring that there is no under- or over-compliance and that due diligence measures remain risk based.
  • Updating Screening and Monitoring Systems: Incorporating Kuwait’s name in Grey Listed countries, Re-KYC cycle configuration, changing transaction monitoring rules, revising triggers for screening, KYC and risk assessment.
  • Documenting Board and Compliance Oversight: Ensuring that no high-risk business relationship with Kuwait based customer or supplier is continued or established without senior management approval.
  • Conducting adequate Staff Training and Awareness: Ensuring that personnel are equipped with the Customer Acceptance Policy and Customer Offboarding Procedures based on inclusion of Kuwait to the FATF Grey List.
  • Implementing adequate Record-Keeping Measures: Ensuring that any changes made to DNFBPs’ policies or procedures, including Kuwait’s name in the FATF Grey List and resultant procedural tweaks, are recorded and documented to fulfil record-keeping obligations and withstand regulatory scrutiny.

How Can AML UAE Help DNFBPs with Exposure to Kuwait?

DNFBPs in UAE having customers, suppliers, intermediaries, or beneficial owners linked to Kuwait may require a focused reassessment of geographic risk factors in their EWRA to ensure that continuing and establishing business relationships with Kuwaiti clients is within their firm’s risk appetite.

AML UAE assists DNFBPs with reviewing EWRA parameters, recalibrating customer risk scoring, strengthening beneficial ownership verification, and aligning screening controls proportionately.

AML UAE’s approach helps DNFBPs ensure that geographic risk remains well documented and consistently aligned with UAE’s evolving AML regulatory expectations, while avoiding under- or over-compliance.

Frequently Asked Questions around Kuwait’s FATF Grey Listing

Does Kuwait’s FATF Grey Listing prohibit business with Kuwaiti clients?

No, FATF Grey Listing does not prevent conducting business with Kuwaiti clients, it only necessitates that businesses take a risk-based approach and continue with the business relationship with Kuwaiti clients after conducting adequate due diligence to mitigate ML/TF and PF risks, if any, posed by them.

UAE DNFBPs need not apply enhanced due diligence as a blanket approach, they must take into account the geographic risk element and decide appropriate due diligence measures. In simple words, stronger due diligence with high-risk customers and simplified due diligence for low-risk customers from Kuwait.

The decision to classify Kuwait as high-risk depends on the individual business’s risk appetite. Many DNFBPs may opt to increase the geographic risk rating, following the FATF grey listing and some may not, depending on their risk appetite. Any adjustment in the internal risk assessments must be adequately documented within the firm’s EWRA.

FATF placed Kuwait in the Grey List due to several deficiencies such as weakness in terrorism financing risk assessment, poor TFS implementation, unclear beneficial ownership transparency in its 2024 Mutual Evaluation Report.

UAE DNFBPs with exposure to Kuwait should consider reviewing geographic risk ratings, conducting KYC of existing customers from Kuwait again, to incorporate geographic risk and re-classify customer risk ratings, reconfiguring AML Software for updating monitoring parameters and documenting the outcome of their compliance review.

Stay updated on UAE AML rules

Monthly guidance, regulatory alerts and practical onboarding tips for DNFBPs.

CONTACT US NOW

Share via :

Add a comment

Related Blogs

24/04/2026

AML Regulations for DNFBPs in UAE

Federal AML Laws and Executive Regulations Applicable to Accountants and Auditors
17/04/2026

AML Regulations for Accountants and Auditors in UAE

AML Regulations Applicable to TCSPs in UAE
16/04/2026

AML Regulations for Trust and Corporate Service Providers (TCSPs) in UAE

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

What are FATF Blacklist and Grey list countries? 13th February 2026

FATF Blacklist and Grey list countries

Blogs

Home Blogs
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Updated FATF Grey-Lists and Blacklists at a glance:

  • Currently, 22 jurisdictions are under FATF Grey List.
  • New Additions to Grey List: Kuwait and Papua New Guinea.
  • Deletions from Grey List: None.
  • Blacklist: Remains unchanged.

What are FATF Blacklist and Grey list countries? February 2026

The Financial Action Task Force (FATF) is an independent organisation that works internationally to prevent money laundering and terrorism financing. It provides several recommendations for governments that help them to make their AML compliance framework sturdy and robust. FATF has issued a blacklist. This blacklist mentions the names of the countries which do not cooperate in the global efforts to prevent financial crimes such as money laundering, financing of terrorism, and financing of proliferation of weapons for mass destruction.  

While the other list issued is the grey list of countries where the AML regulations are not entirely compelling and efficient enough to counter money laundering and terrorism financing. 

FATF Blacklist and Grey list countries

About the FATF Blacklist and Grey list

In layman terms, blacklist is a word used to refer a list that needs to be avoided or considered unacceptable due to certain peculiarities, features, or attributes which are the cause for such ‘blacklisting’.  

FATF blacklist is a list of countries that are not in alignment with FATF standards such as having in place, an AML/CFT and CPF regime to prevent the spread of ML/FT and PF. 

Greylist is a word used to refer to a list that isn’t blacklisted for obviously unacceptable attributes and is neither white-listed nor considered fully standardised. Simply put, a greylist refers to a ‘grey’ area denoting ‘work-in-progress’ towards achieving standards required to move out of the grey area and be fully standardised.  

FATF greylist is a list of countries with AML/CFT and CPF regimes in place, but such a regime has certain deficiencies and shortcomings that need to be worked on. 

FATF Blacklist 2026 - Updated as of February 2026

What is FATF Blacklist?

The FATF Blacklist enlists the countries that do not have an efficient AML system or instead do not intend to control financial crimes. Their trade activities are not guided to prevent money laundering, financing of terrorism, or proliferation financing. Their AML frameworks are insufficient to deal with the global threat of money laundering. Their trade activities also put other countries at risk of financial fraud and jeopardized their economic system.  

The FATF blacklist countries are officially known as High-Risk Jurisdictions subject to a Call for Action, which acts as a deterrent for countries doing business with the listed countries because of their non-cooperation in the global fight against financial crimes. The FATF blacklist makes other countries aware of the status of the blacklisted country, and they know that doing business with such a country or person hailing from these countries would be dangerous for their economy and the global economy.  

With the FATF black list, the countries know which countries they need to put on the sanction lists, which helps their business organizations understand which countries they should not do business with. When FATF has deemed the blacklisted countries insufficient, other countries should cut off ties with the blacklisted countries until they improve their AML frameworks and satisfy the FATF criteria of being AML compliant, sufficient enough to remove their name from the FATF blacklist. 

Please note that the FATF updates the blacklist three times annually, so businesses must continuously check them for new listing and delisting. The number of countries on the blacklist varies depending on the effectiveness of the AML compliance framework – if the blacklisted countries have improved their AML efforts to curb the evils of financial crimes. The FATF analyze the same and makes an informed decision about their continued listing or delisting. The FATF continuously monitors the country’s contribution and efforts to check on financial crimes and gathers reliable information on which the listing process is based.  

As FATF does not have direct powers to ban a country from conducting business with other countries, its issuance of a blacklist is a recommendation to other countries dealing with a blacklisted country – not to continue such trade as it will put their business and the country’s financial system at risk. 

At present (October 2025), only the Democratic Republic of North Korea, Iran and Myanmar are mentioned in the FATF blacklist – countries subject to a Call for Action. 

FATF Grey List 2026 - Updated as of 13th February 2026

What is FATF Grey List?

Along with the blacklist, the FATF also issues the grey list, which enlists FATF Grey List countries with a higher risk of money laundering and terrorism financing (yes, definitely less than the blacklisted countries). These countries are put on the grey list because FATF is assured that they are working towards improving their AML compliance structure.  

The main difference between the countries mentioned on the blacklist and the FATF grey list is that the former shows no signs of making an effort toward the AML compliance structure. At the same time, the latter follows the FATF recommendation to fix the issues in their AML compliance and regulatory framework. 

The FATF scrutinizes the grey list countries regularly to check the specified countries’ progress towards an efficient AML compliance framework. The FATF assesses the progress of the countries on the grey list. At present (as 24th October 2025), 20 countries are on the FATF Grey list, including Algeria, Angola, Côte d’Ivoire, Lebanon, and many more.

Kuwait and Papua New Guinea Added to FATF Grey List Update 13th February 2026

The FATF Grey List is also updated thrice annually, and de-listings and new additions are made based on the performance of the countries and the thorough analysis done by the FATF basis various parameters. 

FATF Grey List – FATF Jurisdictions under Increased Monitoring – Update History

On 13th February 2026, Kuwait and Papua New Guinea were added to the FATF Grey List.

On 24th October 2025, South Africa, Nigeria, Mozambique, and Burkina Faso were removed from the Grey List. 

On 13th June 2025 , Croatia, Mali, and Tanzania were removed from the Grey List while Bolivia and the Virgin Islands (UK) were added to Grey list.  

On 21st February 2025, Philippines was removed from the FATF Grey List and Nepal, and Laos – Lao People’s Democratic Republic (Lao PDR or LPDR) were added to the Grey List, which is also known as jurisdiction under an increased monitoring list. 

On 25 October 2024, Senegal was removed from the FATF Grey List and Algeria, Angola, Côte d’Ivoire, and Lebanon were added to the Grey List, which is also known as jurisdiction under an increased monitoring list. 

On 28th June 2024, Jamaica and Türkiye were removed from the FATF Grey List and Monaco, and Venezuela were added to the Grey List.

On 23rd February 2024, UAE was removed from the FATF Grey List.

Source: Financial Action Task Force (FATF): Jurisdictions under Increased Monitoring as of 13th February 2026.

What is the difference between FATF blacklisted countries and greylisted countries?

Let us understand the difference between the FATF black list and the FATF grey list. The FATF blacklisted countries or jurisdictions suffer from strategic deficiencies in combating money laundering, terrorist financing, and financing the proliferation of weapons of mass destruction. The FATF blacklisted jurisdictions are subject to enhanced due diligence and sanctions to protect the global financial system from the risks of money laundering, terrorist financing, and proliferation financing.

The FATF Greylisted countries are the jurisdictions working closely with the FATF to address strategic deficiencies in their regimes to counter money laundering, terrorist financing, and proliferation financing. The Greylisted jurisdictions are committed to resolving the identified issues within agreed timeframes and are subject to increased monitoring.

How many countries does the FATF grey list include?

The exact number of countries on the FATF grey list can be found by accessing the latest grey list issued by the FATF, as it is updated three times a year. Click here to know the number of countries included in the FATF list at present, as well as in previously issued grey lists.

AML Compliance pertaining to grey-listed and blacklisted countries

All Financial Institutions (FIs) and Designated Non-Finance Businesses and Professions (DNFBPs) are required to have appropriate risk-based AML/CFT protections in place to limit the potential of money laundering and terror financing posed by countries subject to increased monitoring or listed as high-risk jurisdictions subject to a “Call for Action” by FATF. 

As a result, FI and DNFBPs must screen customers against the FATF Jurisdictions under Increased Monitoring and High-Risk Jurisdictions Subject to a Call for Action while onboarding and continuously monitor their transactions throughout their business relationship. DNFBPs should ensure that their customer due diligence measures verify their customer’s residence in, or business with, listed countries and that their transaction monitoring measures can examine the size, frequency, and pattern of transactions involving high-risk countries to determine the possibility of occurrence of financial crimes such as money laundering. 

FIs and DNFBPs must file suspicious transaction/activity reports (STR/SAR) to the Financial Intelligence Unit (FIU) when red flags are observed so that enforcement actions can be conducted.  

Further, FIs and DNFBPs are obligated to report the transaction or activity with high-risk countries subject to a “Call for Action” to the FIU by filing High-Risk Country Transaction Report or High-Risk Country Activity Report (HRC/HRCA), as the case may be

How many countries are part of FATF?

FATF, as of 27th October 2023, is composed of 40 members, with the latest addition of Indonesia. It relies on FATF-Style Regional Bodies (FSRBs) to achieve its goals and objectives. As of now, there are 9 FSRBs working closely with the FATF. Over 200 jurisdictions around the world have committed to the FATF recommendations through the global network of FSRBs and FATF membership.

What happens if FATF blacklists a country?

Once a country is placed on the FATF blacklist, the FATF member states and other international bodies will impose sanctions and restrictive measures against the blacklisted country. The blacklisted country can experience a negative impact on its economy as the economic sanctions imposed by various countries and global financial institutions will make it difficult for a blacklisted country to secure funds.

Further, the blacklisted country will experience declining international trade and foreign exchange inflows. International trade will become costly, and the blacklisted country’s banking system will find it difficult to survive.

Why North Korea is blacklisted by the Financial Action Task Force (FATF)

The Financial Action Task Force (FATF) has blacklisted North Korea because the Democratic People’s Republic of Korea (DPRK) has failed to address the deficiencies in its money-laundering and terrorist financing (AML/CFT) regime, and it poses serious threats to the integrity of the global financial system. The FATF has serious concerns about North Korea’s illicit activities related to the proliferation of weapons of mass destruction (WMDs) and its financing.

Is Russia on FATF blacklist?

As of October 2025, Russia is not on the FATF blacklist. The Russian Federation is also not part of the FATF grey list. Instead, the FATF has suspended the Russian Federation’s membership and asked countries to remain vigilant for the emerging risks and apply necessary measures to mitigate the risks. 

FATF Grey List, Blacklist, and AML Compliance

The FATF Grey List and Blacklist serve as a guiding light for businesses to assess the risks associated with jurisdictions and customers. The regulated entities take a risk-based approach and decide if the risks posed by a customer are within its risk appetite. The FATF lists for jurisdictions subject to a call for action, and jurisdictions under increased monitoring undergo review and change 3 times a year.

Are grey list countries high risk?

FATF grey list countries have a strategic deficiency in their AML/CFT regime, and depending on the risk-based approach taken by an entity, grey list countries are treated as high-risk countries.

Are blacklist countries high risk?

Yes, countries on the FATF black list are high-risk countries for money laundering, terrorist financing, and proliferation financing.

FATF Blacklist and Grey list - Screening & monitoring process 

Financial institutions and the designated non-financial businesses and professions, including virtual asset service providers, must continuously monitor their customer databases against FATF Blacklist and Grey list countries.  

The screening will help them be alert against the non-cooperative countries that are not taking the AML compliance process seriously. It will protect them from doing business with such countries, which can cause financial losses and reputational damage. So, continuous monitoring is necessary to protect a nation’s financial system from the risk of money laundering and non-compliance with the AML laws and regulations.  

AML Compliance Requirements in UAE

So, they should keep the identity verification, Customer Due Diligence, and Enhanced Due Diligence process updated and screen the customers regularly against the sanction lists, the FATF blacklist, and the grey list. Identification of suspicious transactions and accounts should be immediately reported to the authorities. With the timely submission of STRs and SARs – institutions will contribute to and help strengthen the fight against money laundering and financing of terrorism. 

FAQs About the FATF Blacklist and Grey list

How many countries are there on the Grey List of FATF 2026?

As per the FATF February Plenary 2026, there are 22 countries on the FATF Grey List, i.e., “jurisdictions under increased monitoring”.

Countries mentioned under the FATF GREY list are committed to addressing the strategic deficiencies in their measures to combat money laundering and terrorism financing within the agreed timeframe. While these countries are working on improving the AML regimes, it is commended that the designated entities perform enhanced due diligence (by seeking additional information such as the source of funds/wealth, the purpose of the transaction, and obtaining management approval before onboarding these customers) for the customers hailing from these countries or who have a close business association with these jurisdictions.

India is not included in the FATF grey list, as its measures to combat money laundering (ML)/terrorist financing (TF) and proliferation financing (PF) are comprehensive, according to the latest Mutual Evaluation of India, conducted in 2024.

In the latest Mutual Evaluation, India’s AML/CFT framework is found to be Compliant and Largely Compliant in most technical assessment parameters, with a moderate to Substantial level of effectiveness in the Effectiveness Parameters.

The 2024 Mutual Evaluation highlights India’s ability to effectively prevent, tackle and mitigate ML/TF and PF risks with relative ease, despite its large population. Currently, it is categorised as “regular follow-up,” requiring reporting to the Plenary within three years of the latest assessment.

Turkiye was included in the FATF grey list in 2021, but was removed from the same in 2024 due to significant measures taken to combat ML/TF.

Since February 2024, UAE is not the FATF grey list.

Since 22nd June 2025, KSA is not on the FATF grey list.

Yes, as of 13th Febuary 2026, Kuwait is on the FATF grey list.

Yes, as of 13th Febuary 2026, Papua New Guinea is on the FATF grey list.

Our timely and accurate AML consulting services

For your smooth journey towards your goals

Contact Us Now

Share via :

About the Author

Linkedin-in

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Risk-Based Customer Onboarding Lifecycle for UAE Real Estate Businesses

Risk-Based Customer Onboarding Lifecycle for UAE Real Estate Businesses

Risk-Based Customer Onboarding Lifecycle for UAE Real Estate Businesses

Home Blogs
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Brief Overview of Risk-Based Customer Onboarding Lifecycle for UAE Real Estate Businesses

  • Risk-based customer onboarding is a frontline AML measure for UAE real estate DNFBPs, which requires firms to assess and classify customer risk before establishing a business relationship and apply proportionate due diligence aligned with the National Risk Assessment.
  • Risk classification is done as low, medium, or high risk at customer onboarding based on factors such as customer type, ownership structure, transaction value, geography, PEP status, etc. This determines whether simplified CDD, standard CDD, or enhanced due diligence is required.
  • Mandatory sanctions screening under UAE EOCN guidelines applies at onboarding and during ongoing transactions. Ongoing monitoring ensures that customers are reclassified when risk profiles change over time.

Introduction to Risk-Based Customer Onboarding Lifecycle for UAE Real Estate Businesses

Risk-based Customer Onboarding is a critical AML control and the first line of defence against financial crime, especially for the Real Estate sector. It helps UAE real estate businesses assess and manage customer-related risk before establishing a business relationship. For DNFBPs, it is not just another administrative step but a proactive regulatory control.

Regulators require real estate businesses to adopt a risk-based approach while conducting due diligence. A proper customer risk assessment (CRA) is required to determine the level of due diligence necessary. EDD is required where the ML/TF risks are higher.

Defining Risk Tiers at the Start of Real Estate Customer Onboarding

Defining risk at the stage of customer onboarding is essential for implementing a risk-based approach and identifying risks. Regulators require real estate firms to assess risk before entering into a business relationship rather than after the transaction has occurred. Such early classification of risk helps in safeguarding an organisation’s reputation and avoiding legal penalties.

Real estate customers usually include investors, buyers, sellers and landlords. Each of these has different risks associated with it and requires a risk-based approach to manage those risks. Indicators of risk, such as customer type, nationality, legal structure, transaction size, funding methods, UBOs, etc., must be applied at onboarding. This helps with assigning low, medium, or high-risk ratings accurately, which in turn helps determine the level of due diligence and monitoring required.

Low-Risk Customer Onboarding Controls for UAE Real Estate Firms

DNFBPs are permitted to apply simplified CDD when the customer is rated as low risk, there is no suspicion of money laundering or terrorism financing, and the transaction is in line with the customer’s profile and is low value.

Simplified CDD measures include verifying the customer’s identity using reliable documents and confirming basic ownership and control. Verification of individuals during onboarding involves vetting of documents like a passport or Emirates ID verification, while entities require valid registrations or licenses and UBO details. All the documents collected should be accurate, sufficient, consistent, and retained to demonstrate that risk assessment procedures were applied and regulatory requirements are met.

Medium-Risk Customer Onboarding and Escalation Triggers

During customer onboarding, when risk indicators are elevated but manageable, the customer is classified as medium risk. UAE regulators expect real estate businesses to apply additional scrutiny at this level of risk, such as requesting address proof, occupational/employment details, information on the nature of business, and the purpose of the transaction.

Clear escalation logic must exist within onboarding workflows so that there can be a timely determination of when compliance teams or senior management need to be involved.

Some of the common triggers for escalation are higher transaction values, multiple shareholders, or exposure to certain foreign jurisdictions.

The objective of having such internal controls is to determine risks before onboarding is completed and maintain a risk-based approach. Proper handling of medium-risk customers helps prevent under-classification, missed risk and demonstrates a controlled regulatory environment.

High-Risk Customer Onboarding and Enhanced Due Diligence Measures

High-risk customers, including Politically Exposed Persons (PEPs), offshore entities, complex ownership structures, trusts, and customers linked to high-risk jurisdictions, etc., require Enhanced Due Diligence (EDD) before onboarding.

Where the risks of money laundering or terrorist financing are higher, DNFBPs need to conduct enhanced CDD measures, consistent with the risks identified.

Beyond basic KYC, EDD requires a deep assessment of the customer’s profile, including negative media searches and understanding the purpose of the business relationship. Verifying the source of funds (SoF) and source of wealth (SoW) is also a crucial part of customer onboarding for high-risk customers. High-risk customers also require intensified, ongoing, and real-time transaction monitoring.

Upon completion of Enhanced CDD, senior management needs to be involved in the decision-making as to whether to onboard (or continue business relationship with) such customers.

Involvement of senior management ensures that they are aware of all the risks associated with the customer and that decisions align with the business’s risk management framework. This makes senior management accountable for the decision, rather than just blindly relying on an automated system.

Stay updated on UAE AML rules

Monthly guidance, regulatory alerts and practical onboarding tips for DNFBPs.

CONTACT US NOW

Sanctions Screening and TFS Controls During Customer Onboarding

Sanctions screening is a mandatory measure during customer onboarding and must be conducted before any business relationship is established. All persons, natural or legal, must follow the Sanction screening process to implement the Targeted Financial Sanction measures before the onboarding process and before carrying out a transaction.

Screening at the time of onboarding focuses on preventing the formation of business relationships with prohibited customers, beneficial owners, or related parties.

Screening during the transaction stage helps identify sanctions exposure arising during ongoing transactions.

Potential matches must be promptly reviewed to identify true matches and distinguish them from false positives.

Where a perfect or confirmed name match is identified, real estate firms must freeze funds or assets within 24 hours, prohibit making funds or services available, reject the onboarding or transaction, and file a Confirmed Name Match Report (CNMR) within five days.

In cases of a partial match, transactions must be suspended immediately, services withheld, and a Partial Name Match Report (PNMR) filed within five days based on scenario-specific requirements.

Ongoing Monitoring and Risk Reclassification After Onboarding

The risk associated with customers is ever-evolving. Real estate businesses are expected to conduct ongoing monitoring throughout the customer lifecycle and reassess risk whenever any change or event occurs post-onboarding.

Customer profiles are not static; a low-risk customer may later become medium or high-risk due to factors like new sanctions or PEP status, adverse media, changes in ownership or transaction behaviour, or geographic exposure, etc.

To ensure continuity, effective onboarding frameworks must be integrated with ongoing monitoring systems. Such reclassifications and regular customer record updates ensure that EDD is applied where required and protect businesses from heavy legal penalties.

Regulatory Defensibility of Onboarding Decisions for Real Estate Firms

Real estate firms must be able to provide a clear basis on which a customer was accepted, escalated, or rejected. Onboarding decisions should align with the National Risk Assessment and sectoral guidance, with proportionate controls approved by senior management.

Financial Institutions, DNFBPs, and Virtual Asset Service Providers are required to document the processes for identifying and assessing risks, transaction monitoring, escalation records, approvals, and supporting evidence. Firms must maintain these records for at least five years.

These records must be auditable and capable of tracing decisions, especially for high-risk or cash transactions, for audit trails and inspection readiness.

Common supervisory gaps identified during reviews include undocumented risk rationale, weak escalation evidence, missing senior management approvals, incomplete UBO identification, inadequate SOW/SOF documentation, reliance on manual processes, and failure to monitor for changes in ownership after onboarding.

Supporting Risk-Based Real Estate Onboarding with AML UAE Services

AML UAE helps real estate firms to translate regulatory expectations into practical onboarding workflows.

These services integrate KYC, KYB, risk scoring, sanctions screening, escalation, and ongoing monitoring into a unified risk-based onboarding framework.

They help organisations to meet regulatory expectations while reducing manual errors, improving consistency, and enhancing inspection readiness.

AML UAE helps in positioning onboarding as a scalable compliance capability by enabling swift identification of high-risk customers while automating compliance for lower-risk clients.

Frequently Asked Questions

What is risk-based customer onboarding in the UAE real estate sector?

Risk-based customer onboarding is part of the AML framework, in which real estate firms assess customer-related risk at onboarding and apply proportionate risk-based due diligence.

Enhanced due diligence is applied for high-risk customers, such as PEPs, sanctioned individuals, adverse media exposure, complex ownership structures, or exposure to high-risk jurisdictions.

Sanctions screening is mandatory at onboarding to ensure customers and beneficial owners are not subject to UAE Targeted Financial Sanctions before entering into a business relationship.

Yes, a low-risk real estate customer can become high risk after onboarding due to factors like changes in ownership, transaction behaviour, or sanctions and PEP exposure.

Customer onboarding decisions are reviewed by regulators to verify that risk-based judgments were properly documented, proportionate, and defensible under UAE AML regulations.

Stay updated on UAE AML rules

Monthly guidance, regulatory alerts and practical onboarding tips for DNFBPs.

CONTACT US NOW

Share via :

Add a comment

Related Blogs

24/04/2026

AML Regulations for DNFBPs in UAE

Federal AML Laws and Executive Regulations Applicable to Accountants and Auditors
17/04/2026

AML Regulations for Accountants and Auditors in UAE

AML Regulations Applicable to TCSPs in UAE
16/04/2026

AML Regulations for Trust and Corporate Service Providers (TCSPs) in UAE

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

What is a sanction list?

Sanctions List

What is a Sanctions List?

Home Blogs
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Key Highlights: What is a Sanctions List

  • Sanctions Lists recognise individuals, entities or countries subject to restrictions due to security, political and economic risks.
  • Sanctions Lists are a crucial part in combating the TF and PF crimes and protecting the integrity of the financial
  • Businesses must conduct daily Screening of customer databases, which includes names of parties to any transactions, directors or agents acting on behalf of customers, persons with indirect relationships with designated individuals or groups, existing customer databases, potential customers’ databases prior to initiating transactions or commencing business relationships, and former customers upto a period of five (5) years.
  • Failure to comply with Sanctions obligations can result in severe legal fines and penalties including reputational harm for regulated entities.

What is a Sanctions List?

Sanctions List typically includes names of sanctioned individuals, , or commercial organisations that are considered a threat to national or global security, financial systems or economic stability. Along with government officials, international authorities publish Sanctions Lists to restrict and control individuals, entities and jurisdictions involved in illegal, unethical or high-risk activities.

Sanctions are imposed on Terrorist Financing and Proliferation Financing. Screening across Sanctions Lists help prevent onboarding any customers or continuing business relationship with any newly classified sanctioned individual or entity, thus helping Regulated Entities ensure compliance with Targeted Financial Sanctions (TFS) requirements.

Businesses are required to apply Sanctions Screening as part of their Customer Due Diligence (CDD) to mitigate these risks. This process involves screening customer database against relevant Sanctions Lists before establishing the business relationship, and during the course of business relationship, to ensure that they are not subject to restrictions or prohibitions. Sanctions Screening must also be conducted on database of former customers for a period of five (5) years.

However, Sanctions Screening does not end at onboarding. Enterprises must also implement Ongoing Sanctions Screening for their existing clients, as clients’ risk profiles might change over time. Ongoing Monitoring enables entities to identify newly sanctioned individuals or entities to take appropriate measures.  Hence, organisations must carefully consider the screening of the Sanction Lists.

A Sanctions list incorporates sanctioned individuals, governments, or commercial organizations. Firms, government officials, and individual entities are enlisted into this category as these individuals or organizations pose a high risk to the business or the economy of the country or world as a whole.

Economic sanctions are undoubtedly an essential tool to fight against financial crime such as anti-money laundering. If such sanction lists are not followed or are breached, one may face severe consequences under AML/CFT regulations. Hence, business organizations must apply sanction control to their clients while establishing business relationships with any customer. The process of screening the sanctioned list is one of the steps in the customer due diligence (CDD) procedures.

What are Sanctions in AML? Anti-Money Laundering Sanction List

Understanding Sanctions in AML requires understanding the origin of Targeted Financial Sanctions (TFS)  imposed by the United Nations Security Council under Article 41 of Chapter VII of the UN Charter, which are reinforced by the Financial Action Task Force (FATF) Recommendations 6 and 7 (R6/R7), requiring immediate asset freezing and prohibition on providing services to designated persons and entities.

As UAE is UN member, it implements and enforces TFS obligations through Cabinet Decision No. 74 of 2020 and maintains a UAE Local Terrorist List under UNSCR 1373 (2001), enabling the application of UN-mandated and domestic designations within its AML regime.

Sanctions List Meaning in AML Compliance

Sanctions Lists in AML Compliance refers to any official list issued by local government of a country or international body which contains names of sanctioned individuals, entities, vessels or jurisdictions due to their involvement in terrorism financing or proliferation of weapons of mass destruction. Sanctions lists serve as control measure while implementing TFS Compliance, which is carried out by screening names of potential, existing, and former customers across relevant and applicable sanctions lists.

Sanction List meaning in simplest terms is, a publicly listed directory of entities and individuals upon whom economic or legal restrictions have been imposed.

Sanctions lists should be used by Regulated Entities to prevent sanctioned entities from entering the financial system. AML, CFT and TFS laws mandate Regulated Entities to screen the customers, transactions and counterparties against applicable Sanctions Lists such as UAE Local Terrorist Lists, the UNSC Consolidated List or any other applicable list such as OFAC or the European Union.

Financial authorities and governments across the world maintain a list of sanctions. These lists are available in the public domain. Here are a few examples of sanctions lists necessary for a better understanding of the concept:

Sanctions List

Who appears on a Sanctions List?

In order to understand who appears on a sanctions list, its important to understand that Sanctions might be leveled as a result of explicit or illegal activities or in order to achieve a foreign policy or a diplomatic aim. These sanctions lists are usually passed by the act of an international authority or by governments, for instance, the United Nations Security Council Resolution.

Several international sanctions lists incorporate targets involved in the financing of criminal or terrorist activities. Sanctions screening lists basically include organizations, individuals, or the entire nation engaged in severe crimes like terrorist financing. As a result, sanctioned individuals, sanctioned persons, and sanctions companies or entities appear on sanctions list when they are found to be involved in below mentioned activities:

  • Terrorism and terrorist financing
  • Violation of human rights
  • Narcotics trafficking
  • Weapons proliferation
  • Money laundering activities
  • Violation of international treaties
  • Violation of international contracts

What is the purpose of AML Sanctions Lists?

  • The purpose of Sanctions Lists is to prevent designated individuals and entities or groups from accessing means to violate international peace and security, fund or support terrorism in any manner, or finance the proliferation of weapons of mass destruction. Sanctions Lists, particularly the UAE Local Terrorist List and the UNSC Consolidated List serve as bedrock for implementations of TFS measures.
  • Sanctions Lists fulfil the following objectives, in alignment with AML/CFT and TFS obligations, such as
  • Operational objectives including denial of resources to sanctioned individuals and entities by imposing freezing measures and denial of providing goods and services to such individuals or entities and prevention of misuse of financial systems by reporting such individuals and entities to the FIU
  • Achieving global and political goals such as international security, conflict resolutions, non-proliferation objectives, and non-military enforcement providing means of action for triggering specific obligations such as freezing and prohibition of services in alignment with AML/CFT and TFS provisions of UAE
  • Compliance with international standards such as UNSC decisions and FATF recommendations.

Compliance. Trust. Transparancy

Customized and cost-effective AML compliance services to support your business always

CONTACT US NOW

Impact of being on the Sanctioned List

Being listed on a Sanctions List can have significant consequences for individuals, entities or countries. Key impacts include:

  • Restrictions on financial transactions and business dealings: once, added to the Sanctions List, an individual, entity or nation is forbidden from having any financial or business relationships with the rest of the economies.
  • Travel bans and visa restrictions: As per UN Sanctions measures in the Travel ban, all member countries are required to deny entry or transit to designated individuals. This process, in turn, will restrict the physical movements of the sanctioned.
  • Reputation and perception of individuals and entities on the listthe designated individual carries reputational risk, as this is perceived as the individual or entity being involved in high-risk or illicit activities. Prompting others to sever business ties.

United Arab Emirates AML Sanctions List

The UAE is a member of three main regional bodies that issue sanctions – the Arab League, the Terrorist Financing Targeting Centre (‘TFTC’), and the Gulf Cooperation Council (‘GCC’).

Additionally, the UAE maintains two main lists of sanctioned individuals and entities, under UNSC Resolutions:

UAE Sanctions List

Also known as the local list – This list consists of a local terrorism list issued pursuant to the Anti-Terrorism Law. It is also called the UAE Sanctions List.

UNSC Sanctions List

Sanctions List Screening for AML Compliance

Sanctions list screening is again one of the essential aspects of Customer Due Diligence (CDD) under Anti-money Laundering regulations. Business houses have to implement AML risk assessment throughout the client onboarding and client monitoring processes. Anti-money laundering regulators impose heavy AML fines on organizations that fail miserably to comply with all the CDD Processes.

AML UAE provides Anti-Money Laundering Consulting Services to help companies adhere to the requirements of the AML Laws in UAE.

Check out Circular 1 of 2022: Implementation of Targeted Financial Sanctions on UNSCRs 1718 (2006) and 2231 (2015)

sanctions Screening in UAE

Final Overview: Sanctions Lists in AML Compliance

Hope this article has helped you to understand the meaning, need, and importance of Sanction Lists for any business organisation. However, you may need an expert's help, like us, to implement the process for screening the Sanction List to adhere to the AML/CFT regulations.

FAQs About Sanctions List

What is a sanction? 

A Sanction means a ban or restriction of specific individuals, countries, or entities directly or indirectly engaged in crimes and illegal activities.

The types of Sanctions include Sanctions for activities of:

Terrorism, narcotics trafficking, violation of human rights, weapons production, violation of international contracts and treaties.

Businesses in UAE have to follow two Sanctions lists, one is the UAE Local Terorist List that contains a list of local terrorists and the second one is the UNSC Consolidated List by the UN Security Council.

AML Sanction List is a list of individuals, entities or countries engaged in Terrorism Financing, and other crimes against international peace and security.

Sanctions check means trying all ways and measures to avoid engaging in business transactions with persons, entities or countries featuring on the Sanctions List.

Sanctions check involves screening customers against the UAE local terrorist list and the UNSC sanctions list.

A sanctioned individual is an individual mentioned in a Sanction List and so barred or prohibited from engaging in specific transactions.

The Office of Foreign Assets Control (OFAC), United States of America, issues the Sanctions List. The OFAC list aims to safeguard US foreign policy objectives and protect international trade from terrorist activities and illegal trading in arms and drugs. The individual and entities listed in the OFAC list are called specially Designated nationals (SDNs). Check the OFAC Website for the current SDN List.

If an individual or entity fails to comply with the Targeted Financial Sanctions (TFS) obligations in the UAE, such a natural or legal person will be subject to imprisonment or a fine Imprisonment and/or fine ≥AED 20,000,

TFS regimes must be complied with by individuals and entities located in the UAE, and such UAE persons must comply with the targeted financial sanctions restrictions when they are located or engaged in activities abroad.

If a current or former customer is listed on a Sanctions List, then the financial institutions or DNFBP must freeze funds and stop providing services to such customer and must immediately inform the Supervisory Authority and FIU via goAML Portal.

The Federal Cabinet Resolution No.74 of 2020 establishes the legal framework for the implementation of the UAE Local Terrorist List and the UN Consolidated List.

OFAC sanction programs are categorised under four main topics:

  • Country-based sanctions
  • List-based sanctions
  • Secondary sanctions
  • Sectorial sanctions

Executive Officer for Control & Non-Proliferation (EOCN) is the focal authority in the UAE to coordinate the implementations of all UN-imposed resolutions & Sanctions by combating Terrorism Financing (TF) and Proliferation Financing (PF).

The EOCN circulated the names of designated entities and individuals by the UN sanctions and UAE Terrorist List. It ensures the implementation and compliance of all Supervisory Authorities with the UN sanctions and UAE Terrorist Lists in coordination with the Supreme Council of National Security.

It analyses private sector TFS reports and provides feedback in coordination with FIU & Supervisory Authorities. It also works on increasing awareness in the Government and Private sector in regards to Targeted Financial Sanctions (TFS).

The purpose of Targeted Financial Sanctions (TFS) is as follows:

To deny certain individuals, groups, organisations, and entities the means to support terrorism or finance the proliferation of weapons of mass destruction.

To ensure no funds, financial assets, or economic resources of any kind are made available to such individuals, groups, organisations, and entities as long as they remain subject to the sanction’s measures.

Sanction regimes mainly seek to support the settlement of political conflicts, non-proliferation of nuclear weapons, and counter-terrorism by enforcing comprehensive economic and trade sanctions or more targeted measures.

The reporting entities in UAE need to implement international sanctions regimes, including OFAC, EU, HMT, etc., as per the guidance and instructions issued by the relevant supervisory authority.

The supervisory authorities in UAE:

  • Create awareness about the obligations of FIs, DNFBPs, and VASPs in relation to Targeted Financial Sanctions via several measures like outreach, training, online guidelines, etc.
  • Conduct examination and ensure compliance with decisions and regulations in relation to Targeted Financial Sanctions in UAE
  • Monitor compliance, prescribe remedial measures, and enforce penalties for Targeted Financial Sanctions non-compliance

The United Nations Consolidated List, and UAE Terrorist List can be downloaded from the EOCN website https://www.uaeiec.gov.ae/en-us/un-page?p=2.

One can download the UAE Local Terrorist List in PDF and Excel format from the above page. UN Sanction list can be downloaded in PDF, HTML, and XML format from the above link.

One can subscribe to the Executive Office for Control & Non-Proliferation (EOCN) mailing list on https://www.uaeiec.gov.ae/en-us/un-page?p=6 and keep track of additions, deletion, and amendments to the sanctions list.

If you ever come across an individual who is a sanctioned individual or entity per the UAE Terrorist List or UNSC Consolidated List, you should immediately (within 24 hours) freeze funds belonging to such designated individual or entity in your custody. A prior intimation to the sanctioned person is not needed in this case, and if done, amounts to tipping off, punishable by fines and penalties.

Further, you should prohibit the transfer, conversion, disposition, alteration, use, or dealing of funds or economic resources which result in Change in their volume, amount, location, ownership, possession, nature, or destination or that would in any way enable the use of such funds or economic resources for any purpose.

To conclude:

If the sanctioned person is an existing customer, then you should freeze funds within 24 hours and submit Confirmed Name Match Report (CNMR) with the goAML portal of FIU UAE within 5 days.

If the sanctioned person is a potential customer, you should reject the customer and submit the Confirmed Name Match Report (CNMR) Report within 5 days.

These CNMR reports are then forwarded by the goAML portal to the UAE FIU.

The freezing of funds shall remain in effect until such designated person is de-listed from the sanctions list.

The main obligations of FIs, DNFBPs, and VASPs in relation to the Targeted Financial Sanctions are as under:

  • To register with the EOCN mailing list to keep them updated with the change in local and UN sanction lists.
  • To screen customers, potential customers, beneficial owners, and transactions to identify possible matches with the UAE local sanction list and the UN sanction list.
  • To implement Targeted Financial Sanctions (TFS) measures and freeze and prohibit funds, and file CNMR with the goAML portal of the UAE FIU.
  • To prepare and implement internal AML policies and procedures in relation to the targeted financial sanctions.

As a DNFBP, you are supposed to screen the following:

  • Existing customer databases. All systems containing customer data and transactions need to
  • be mapped to the screening system to ensure full compliance.
  • Potential customers before conducting any transactions or entering a business relationship with
  • any Person.
  • Names of parties to any transactions (e.g., buyer, seller, agent, freight forwarder, etc.)
  • Ultimate beneficial owners, both natural and legal.
  • Names of individuals, entities, or groups with direct or indirect relationships with them.
  • Directors and/or agents acting on behalf of customers (including individuals with power of attorney).

The AML compliance officer is supposed to submit the Partial Name Match Report when a Potential Match to a sanctioned person is identified in the UAE Local Terrorist List or UNSC Consolidated List.

Here is the list of action items for the AML compliance officer for a partial name match:

Suspend without any delay the transaction and refrain from offering any funds, products, or services

Submit the Partial Name Match via goAML platform of UAE FIU by selecting the Partial Name Match Report (PNMR) within 5 days

Submit as much information as possible in relation to the partial name match

Do not enter into a transaction with the customer until further instructions are obtained from the UAE FIU.

One need not obtain any prior approval while freezing funds or suspending a transaction

A person (natural or legal) who, in good faith, freezes funds or refuses to provide services or report information in relation to designated individuals, groups, or entities in the UAE Terrorist List or UN consolidated list shall be exempt from any damages or claims, resulting from such actions.

Violating UAE Cabinet Resolution No. 74 of 2020 can expose the FI or DNFBP to administrative penalties and criminal prosecutions, including:

  • Increased scrutiny of future actions from the UAE Government
  • The supervisory authority may determine a ban of certain individuals from employment within the relevant sectors for a period of time.
  • A suspension, restriction, or prohibition of activity, business, or profession causes either revocation or withdrawal of the business license

As per Federal Decree by Law No. (10) of 2025 Regarding Anti-Money Laundering, and Combating the Financing of Terrorism and Proliferation Financing , Article (33), every natural or legal person shall immediately comply with the instructions issued by the EOCN and any Competent Authorities in the State concerning the implementation of the resolutions issued by UN Security Council.

  • The AML Policy Manual must prescribe the appropriate internal controls to ensure compliance with the most recent publication of targeted financial sanctions of the UNSC Consolidated lists and the UAE Local Lists.
  • The AML Policy Manual must have a section dealing with internal controls and procedures to ensure compliance with the obligations arising from Cabinet Resolution 74 of 2020.
  • The AML Policy Manual must have a clause prohibiting staff from, directly or indirectly, informing the customer or any third party that freezing action or any other measures are going to be implemented as per provisions of Cabinet Resolution 74 of 2020.

Article 19 (e) of Federal Decree by Law No. (10) of 2025 requires the prompt application of the directives when issued by the competent authorities in the state for implementing the decisions issued by the UN Security Council under Chapter (7) of UN Convention for the Prohibition and Suppression of the Financing of Terrorism and Proliferation of Weapons of Mass Destruction, and other related directives.

In addition, the UAE issued the Cabinet Decision No. 74 of 2020, establishing the framework regarding TFS, including the Local Terrorist List and the UN Consolidated List and the procedures to implement TFS.

Targeted Financial Sanctions (TFS) measures must be implemented by any Person (both natural and legal entities), including government authorities and FIs, DNFBPs, and VASPs located in the UAE and operating within the UAE’s jurisdiction

The Cabinet Decision No. 74 of 2020 deals only with the UAE Local Terrorist List and UN Consolidated List. Other international lists, like OFAC, EU, HMT, etc., are out of the scope of the cabinet decision.

Since you are not a FI, DNFBP, or VASP and therefore, you are not required to register with the goAML portal, If you come across a sanctioned individual or entity, you can send an email to the Executive Office iec@uaeiec.gov.ae with information about the confirmed or potential match.

Yes, supervisory authority checks compliance with the Cabinet Decision No. 74 of 2020 and carries out the onsite inspections of FIs, DNFBPs, and VASPs. The reporting entities should have adequate processes, policies, and procedures to comply with the provisions of the cabinet decision. A failure to comply with the TFS provisions may result in the application of criminal as well as supervisory sanctions.

No. FIs, DNFBPs, and VASPs may notify their customers after the freezing measures have been implemented, and it will not be considered as tipping off. However, FIs, DNFBPs, and VASPs must not inform their customers prior to taking the freezing measures.

The individuals and entities involved in acts of terror, violations of international law, and detrimental to global growth, development, and peace are added to the sanction lists.

Sanctioned lists are widely used as a go-to list by member countries which helps in the identification of the sanctioned. The member countries come together as a group to the identification of unethical wrongdoers.

The individuals and entities in those lists are prohibited from having business relations.

The sanctions list claims to encounter and restrict any individual or entity that disturbs international peace and security.

Individuals and Corporates are added when they pose an international threat to the economy. The process of removal or de-listing involves various requests such as petitions and reviews from the government and their recommendation. After that, the committee makes a final decision on whether to de-list or not. 

Individuals and companies can subscribe to both UN Consolidated list and Local Terrorist list from the EOCN website.

Sanctions in money laundering indirectly come under Economic sanctions. Disturbance of international peace by money laundering directly or indirectly will lead to sanctioning.

 

The period of sanctions depends on the activity status of that person or entity means whether that person is still operating in the same manner. Hence the sanction will last until it is actively involved in harming international peace.

Compliance. Trust. Transparancy

Customized and cost-effective AML compliance services to support your business always

CONTACT US NOW

Share via :

Add a comment

Related Blogs

24/04/2026

AML Regulations for DNFBPs in UAE

Federal AML Laws and Executive Regulations Applicable to Accountants and Auditors
17/04/2026

AML Regulations for Accountants and Auditors in UAE

AML Regulations Applicable to TCSPs in UAE
16/04/2026

AML Regulations for Trust and Corporate Service Providers (TCSPs) in UAE

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Best AML Consultants in UAE

Best AML Consultants in UAE

Best AML Consultants in UAE

UAE’s leading anti-money laundering advisory & compliance experts
35% faster onboarding | 100% audit-ready | Trusted by 300+ clients

Speak with an AML Consultant
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Key Highlights: AML Consulting in the UAE

  • AML UAE helps DNFBPs, financial institutions, and VASPs build audit-ready AML compliance programmes in the UAE. Our delivery typically includes an Enterprise-Wide Risk Assessment, AML policy and procedures, customer due diligence controls, sanctions and PEP screening workflows, goAML reporting readiness, staff training, and independent audit support. We align the programme to your supervisory authority, such as MoET, DFSA, FSRA, SCA, VARA, and UAE Central Bank. Many organisations reach an operational compliance baseline within 2 to 6 weeks, depending on their readiness and complexity.
  • Best for: DNFBPs, Financial Institutions, and VASPs seeking practical implementation and supervisory readiness
  • Typical deliverables: EWRA, AML policy manual, templates, training, goAML workflows, evidence packs, AML consulting

The best AML consultants in the UAE are certified experts with deep knowledge of UAE AML regulations (CBUAE, DFSA, FSRA, CMA, MoET, MOJ, etc.), proven compliance frameworks, and a strong track record of helping banks, VASPs, and DNFBPs achieve and maintain AML/CFT compliance.

Top AML Consultants in UAE

Our team comprises globally certified AML professionals with sector-specific experience and UAE jurisdictional expertise.



Name

Qualifications

Professional

Experience

Sector

Regulatory Framework

Key Expertise

Pathik Shah

CAMS, FCA, CS, CISA, DISA (ICAI), FAFP (ICAI)

28+ Years

FIs, DNFBPs, VASPs

MoET, MoJ, CBUAE, CMA, FSRA, DFSA, VARA

AML Compliance, AML/CFT Framework, RegTech, AML Consulting

Jyoti Maheshwari

CAMS, ACA

11+ yrs

FIs, DNFBPs, VASPs

MoET, MoJ, CBUAE, CMA, FSRA, DFSA, VARA

AML/CFT/CPF Framework, AML Consulting, Health Check

Dipali Vora

CAMS, ACS,

10+ yrs

FIs, DNFBPs, VASPs

MoET, MoJ, CBUAE, CMA, FSRA, DFSA, VARA

AML/CFT/CPF Consulting, Training, and Implementation

See Our Team ->

AML Consulting in the UAE

Who typically needs AML consulting in the UAE

Any business classified as a Financial Institution, a Designated Non-Financial Business or Profession, or a Virtual Asset Service Provider may need AML support, especially when starting operations, scaling, entering a new product line, or preparing for supervisory reviews.

What does an AML consultant in the UAE actually deliver

A practical compliance operating model including an Enterprise Wide Risk Assessment, an AML policy and procedures manual, KYC and CDD templates, screening and ongoing monitoring controls, goAML reporting readiness, training, and audit support.

How long does it take to become AML compliant?

Timelines depend on readiness and complexity. Many organisations can reach an operational baseline in 2 to 6 weeks, provided data, documents, and decision-makers are available.

Which regulators and supervisors does this cover

AML UAE supports programmes aligned with the supervisory expectations of CBUAE, MoET, MoJ, DFSA, FSRA, CMA, VARA, GCGRA, and other relevant competent authorities, depending on your licence and activities.

What makes a consultant “best” in the UAE context

A combination of regulatory clarity, evidence-led controls, sector experience, implementation capability, and the ability to produce an audit-ready trail that stands up to supervisor, bank, and auditor queries.

Facing high-risk customers, complex onboarding, and constant compliance demands?

Get Financial Institution-grade AML support that strengthens your governance, monitoring, and regulatory readiness.

Request a Call Back

Why should DNFBPs, VASPs, and FIs choose AML UAE for AML Consulting?

  • Over 5 years of experience in AML/CFT compliance across the UAE
  • In-depth knowledge of UAE-specific AML regulations, including those by the Central Bank, MoET, MoJ, DFSA, VARA, CMA, GCGRA, FSRA, EOCN, and UAE FIU
  • Tailored consulting for Banks and Financial Institutions
  • Experience in working with DNFBPs, including TCSPs, Lawyers, Accountants, DPMS, Real Estate, and the Commercial Gaming Sector
  • End-to-end AML/CFT compliance services for virtual asset service providers
  • Proven track record with over 300 successful AML compliance projects
  • 500+ thought-leadership articles, infographics, and educational booklets for continuous learning
  • 50+ Webinars and Knowledge-Sharing
  • 3000+ Hours of AML/CFT/CPF Training Imparted
  • More than 750 professionals trained on AML/CFT/CPF Compliance
  • 1000+ EWRA, AML/CFT/CPF Policies and Procedures delivered

Leading AML Consultants in UAE

The best AML consultants in the UAE are not simply advisers. They are implementation partners who can translate UAE legal and supervisory expectations into a working control set that your business can operate on a daily basis.

A leading AML consultant should be able to do six things consistently:

  1. Set a clear risk-based position for your business.
  2. Design documentation that matches what you actually do.
  3. Align the AML/CFT/CPF Policy manual with EWRA and the legal framework.
  4. Operationalise KYC, screening, monitoring, and reporting.
  5. Train teams to spot issues early and respond correctly.
  6. Support inspections and audits with evidence, not opinions.

Comprehensive AML Consulting Services

We provide end-to-end AML consulting services that cover design, implementation, and ongoing support.

1. Enterprise-Wide Risk Assessment and Risk Methodology

  • ML, TF, and PF risk assessment aligned to your sector, products, customers, geography, and delivery channels
  • Risk appetite and risk acceptance approach
  • Control effectiveness review and residual risk outcomes
  • Board and senior management reporting packs

2. AML policy and procedures manual

  • AML and sanctions policy aligned to your licence and supervisory authority
  • Customer risk assessment approach and onboarding procedures
  • CDD, EDD, and PEP handling procedures
  • Ongoing monitoring and transaction monitoring procedures, where applicable
  • Record keeping, governance, escalation, and reporting procedures

3. Managed KYC and Customer Due Diligence support

  • Practical KYC packs and templates for your sector
  • Document checklists, source of funds, and source of wealth workflows
  • UBO identification approach and verification support
  • Remediation support

4. Screening and ongoing monitoring

  • Name screening process design for sanctions, PEPs, and adverse media
  • Tuning guidance to reduce false positives and improve match quality
  • Ongoing screening workflows and audit trail expectations
  • Independent validation support for screening controls, where required

5. goAML registration and regulatory reporting readiness

  • goAML registration readiness support and internal workflows
  • Reporting decision trees and escalation governance
  • Filing support for relevant reports based on your sector and supervisor
  • Quality checks on narratives and supporting documents

6. AML training and awareness

  • Role-based training for compliance, operations, sales, and management
  • Practical case studies and red flags tailored to your sector
  • Assessment, attendance tracking, and training records for supervisory evidence

7. Independent AML audit support

8. AML Software Selection

  • Requirements Identification and Specifications
  • RFI, RFP, Software Selection
  • Vendor Negotiation, Contract Drafting
  • Implementation, Training, and Project Management

Struggling to stay AML-compliant in a fast-changing UAE regulatory environment?

Speak to our AML consultants today and get a clear, practical roadmap to fix gaps quickly.

Talk to Us Now!

Our Proven AML Consulting Process

This is how we move from intent to an operational AML programme.

Step 1: Discovery and initial consultation

We confirm licence type, supervisory authority, business model, products, customer types, and delivery channels. We also agree on the priority risks and outcomes.

Step 2: Compliance gap assessment

We compare your current arrangements to UAE expectations and produce a clear gap list, including quick wins and structural changes.

Step 3: Compliance roadmap

You receive a staged roadmap with responsibilities, timelines, and evidence requirements.

Step 4: Design and implementation

We deliver the EWRA, documentation, templates, workflows, and training, then support implementation across teams.

Step 5: Technology enablement where relevant

We support screening configuration and validation, as well as operational tuning, so your team can use tools confidently.

Step 6: Ongoing support and readiness

We support inspections, audit preparation, reporting readiness, and continuous improvement.

UAE AML Laws and Supervisory Expectations We Work With

Your AML programme must be aligned with UAE law and the expectations of your supervisory authority. We support alignment of compliance across the following.

  • UAE Federal Decree Law No. 10 of 2025 regarding Anti-Money Laundering and Combating the Financing of Terrorism and Proliferation Financing
  • Cabinet Decision No. 134 of 2025 and relevant executive requirements
  • UAE Central Bank AML guidelines were applicable
  • MoET supervisory requirements for DNFBPs
  • MoJ expectations for legal professionals, where applicable
  • DFSA rulebook requirements for DIFC firms
  • FSRA rulebook requirements for ADGM firms
  • CMA rulebook requirements for CMA-regulated entities
  • FIU goAML reporting expectations and filing workflows
  • Sector-specific supervisory measures as applicable to your activity

Which Industries Require AML Consulting in the UAE?

  • Real Estate Agents & Brokers
  • Dealers in Precious Metals & Stones
  • Legal Firms and Legal Professionals
  • Accounting & Auditing Firms
  • Trust and Company Service Providers
  • Commercial Gaming Operators
  • Banks
  • Financial Institutions
  • Virtual Asset Service Providers

AML Compliance Obligations in UAE

According to the Federal Decree Law No. (10) of 2025 and Cabinet Decision No. (134) of 2025, reporting entities carry the following AML compliance obligations:

  • Compliance Officer Appointment
  • goAML Registration
  • ML/FT/PF Risk Assessment
  • AML/CFT/PF Policy and Procedures
  • AML/CFT/CPF Training
  • Customer Due Diligence
  • Ongoing Monitoring
  • Regulatory Reporting (SAR, STR, CNMR, PNMR, REAR, DPMSR, HRC, HRCA)
  • Record Keeping
  • Periodic Report to Senior Management
  • Independent AML/CFT/CPF Audit

Proven AML Outcomes in the UAE

  • DNFBPs: Experienced a 35% faster AML compliance readiness compared to the industry average
  • Real Estate: Enabled REAR reporting and trained 650+ agents
  • VASPs: Full compliance within 4 weeks, including audit-readiness
  • 50%+ time-saving through compliance automation/AML software
  • 45%+ Cost-saving by adopting a risk-based approach
  • <4 Hours of TAT when it comes to solving AML/CFT/CPF compliance queries
  • 100% audit-ready records & documentation to have a complete peace of mind

Testimonials From Google:

  • DNFBPs: Experienced a 35% faster AML compliance readiness compared to the industry average
  • Real Estate: Enabled REAR reporting and trained 650+ agents
  • VASPs: Full compliance within 4 weeks, including audit-readiness
  • 50%+ time-saving through compliance automation/AML software
  • 45%+ Cost-saving by adopting a risk-based approach
  • <4 Hours of TAT when it comes to solving AML/CFT/CPF compliance queries
  • 100% audit-ready records & documentation to have a complete peace of mind

Our Latest Success Stories

Tailoring AML Strategies for Enhanced Customer Experience in DPMS Sector

KYC Managed Services for Rapid and Reliable Verification for an accounting_firm

KYC-Managed Services for Rapid and Reliable Verification for an Accounting Firm

Implementing Cutting-Edge AML Software in the DNFBP Sector

Implementing Cutting-Edge AML Software in the DNFBP Sector

Worried about penalties, inspections, or compliance gaps you cannot evidence properly?

Request an AML readiness review and get an action plan designed for your business model.

Contact Us Now!

Sector-specific AML Consultancy Services

AML Consulting for Real Estate Brokers and Agents in the UAE

Real estate firms face ML and TF exposure due to high-value transactions, third-party payments, complex ownership structures, and cross-border buyers. Our support focuses on an EWRA tailored to your business model, customer risk rating logic, enhanced due diligence triggers, screening workflows, red-flag guidance for agents, escalation pathways, and a clean evidence trail to meet MoET supervisory expectations. We also help make reporting workflows practical, so staff know when and how to raise internal alerts.

AML Consulting for Dealers in Precious Metals and Stones in the UAE

DPMS businesses need controls that match the speed and value of trade, without slowing operations unnecessarily. We help implement customer due diligence workflows, sanctions and PEP screening, source of funds reasonableness checks for high-value transactions, record-keeping standards, and staff training on sector-specific red flags such as rapid buy-sell patterns, unusual split payments, and opaque beneficial ownership. The result is a compliance programme that is practical, defensible, and audit-ready.

AML Consulting for Trust and Corporate Service Providers in the UAE

TCSP risk commonly arises from beneficial ownership opacity, nominee arrangements, cross-border structures, and the misuse of corporate vehicles. We help design an EWRA that captures these risk drivers effectively, implement robust onboarding and EDD for UBOs and controllers, improve purpose and rationale checks for structures, and build ongoing monitoring triggers for ownership changes, unusual instructions, and high-risk jurisdictions. We also help maintain a strong trail of decisions for audits and bank queries.

AML Consulting for Accounting and Auditing Firms in the UAE

Accounting and audit firms often need a practical AML programme that fits professional workflows. We help implement client risk assessment logic, onboarding checklists, screening procedures, escalation steps for suspicious indicators, training aligned to staff roles, and record-keeping practices that satisfy MoET supervisory expectations without creating unnecessary bureaucracy.

AML Consulting for Legal Professionals and Law Firms in the UAE

Legal professionals need clear, defensible controls for client onboarding, matter risk assessment, screening, and escalation, especially where client funds, corporate structuring, or property transactions are involved. We help design procedures that are practical for fee earners, aligned to MOJ regulatory expectations, and supported by training and evidence templates that are easy to use.

AML Consulting for VASPs and Crypto Businesses in the UAE

VASPs typically operate under heightened expectations due to cross-border exposure, speed of transactions, and evolving typologies. We support governance, EWRA, customer risk rating, screening controls, monitoring logic where applicable, reporting readiness, and audit preparation. Our focus is on operational reality, so your team can implement controls consistently and evidence decisions properly.

AML Consulting for Banks and Financial Institutions in the UAE

Banks and Financial Institutions operate under strict AML/CFT expectations set by the CBUAE due to high transaction volumes, complex products, and cross-border exposure. We support governance and MLRO frameworks, EWRA, customer risk rating, sanctions and PEP screening, and transaction monitoring effectiveness. Our approach is practical and evidence-led, helping your teams implement controls consistently and document decisions properly. We also strengthen STR/SAR reporting readiness and support audit and supervisory review preparation.

AML Consulting for Commercial Gaming Operators in the UAE

Commercial Gaming Operators operate under heightened AML/CFT scrutiny, with expectations influenced by the GCGRA due to player behaviour risks and rapid fund movement. We help you build a risk-based AML framework, including EWRA, player due diligence, risk scoring, and ongoing screening. We also support detection logic, escalation workflows, and reporting readiness aligned to operational realities. The focus is on controls that teams can run confidently and evidence clearly during audits and inspections.

In-house vs AML Consultant vs Hybrid Model

This table explains the three most common AML compliance operating models used by UAE reporting entities and where each one works best. It highlights the strengths and limitations of relying only on internal resources, outsourcing fully, or combining both approaches. The comparison helps decision makers quickly identify which model delivers sustainable, audit-ready AML compliance for their organisation.

Decision Option

Best for

Strengths

Common gaps if not managed

What AML UAE typically does

In-house only

Larger firms with mature compliance teams and strong governance

Deep business knowledge, daily control ownership, faster internal coordination

Documentation may lag operations, limited sector benchmarking, weaker audit trail discipline, inconsistent training evidence

Supports with targeted gap reviews, EWRA refresh, policy upgrades, training packs, audit readiness support

External consultant only

New entities, fast-growth businesses, firms with no experienced AML lead

Speed, specialist expertise, frameworks built quickly, independence

If not implemented properly, it becomes a “manual on a shelf”; staff adoption is often weak

Builds a working programme with templates, workflows, training, evidence standards, and handover support

Hybrid model

Most DNFBPs, fintechs, and VASPs in the UAE

Best balance: implementation speed plus internal ownership; continuous improvement becomes easier

Needs clear RACI and decision-making governance, otherwise duplication occurs

Co-builds the programme, trains teams, sets escalation rules, defines roles, and establishes audit ready evidence packs

Recommendation in one line: For most UAE reporting entities, hybrid is the most sustainable model because it gives you internal ownership with specialist build and assurance support.

Not sure what exactly your AML/CFT obligations are under UAE supervision?

Book a consultation and we will map your obligations, controls, and next steps in plain language.

Book a Consultation!

What You Get with AML UAE vs a Typical AML Consultant

This comparison highlights the difference between receiving documents and achieving real, audit-ready AML compliance. It shows how AML UAE focuses on implementation, evidence, and operational readiness, rather than theoretical advice. The table helps businesses understand what truly supports regulatory inspections, audits, and ongoing compliance in the UAE.

Area

AML UAE approach

Typical consultant approach

Outcome

An AML programme that is operational, evidence-led, and inspection ready

Documentation delivered, implementation left to the client

Risk Assessment

EWRA that translates business model risks into controls, training, and monitoring triggers

Generic EWRA template with limited linkage to workflows

Policies and Procedures

Written to match actual operations, supported by templates and decision trees

Often theoretical and not connected to day-to-day processes

KYC and CDD delivery

Practical onboarding packs, checklists, EDD triggers, QA standards for files

High-level guidance without file-level operational detail

Sanctions and PEP screening

Workflow design, tuning guidance, disposition rules, audit trail expectations

Tool recommendation only or limited procedural write-up

goAML readiness

End-to-end process design: internal escalation, decision logic, evidence packs, filing readiness

Basic overview without operational workflow integration

Training

Role-based training with sector scenarios and record-keeping support

Generic training slides with limited sector relevance

Audit readiness

Evidence packs, remediation planning, corrective action tracking

Audit preparation left to internal teams

Sector coverage

DNFBPs, FIs, VASPs with UAE supervisory alignment

Limited sector depth or single-sector focus

Support model

Structured implementation plan with clear handover and ongoing support options

Project closes after document delivery

“Best AML Consultant” Checklist for UAE Buyers

This checklist helps UAE businesses understand what they should reasonably expect from a competent AML consultant. It sets out the essential capabilities, deliverables, and questions that indicate whether a consultant can deliver practical, inspection-ready compliance. The aim is to support informed decision-making, not marketing comparisons.

What you should demand

Why it matters in the UAE

What to ask on a call

Supervisor-specific alignment

UAE obligations differ based on licence and authority

“Which authority do you align my programme to, and how?”

EWRA that drives controls

Risk assessment must lead to practical control design

“Show me how the EWRA links to procedures and monitoring.”

Templates and workflows

Without them, staff cannot implement consistently

“Do you provide onboarding templates and decision trees?”

Evidence standards

Supervisors, auditors, and banks ask for proof

“What evidence pack will I have after implementation?”

Training with attendance records

Training must be demonstrable and role relevant

“How do you make training defensible in inspections?”

Reporting readiness

goAML workflows must be operational, not theoretical

“Do you set internal escalation and reporting logic?”

Quality assurance and remediation

Existing files often need uplift

“Can you review and remediate our customer files?”

AML Implementation Timeline in the UAE

(Typical 2 to 6 Week Roadmap for DNFBPs and Regulated Entities)

This timeline shows how AML compliance is typically implemented when approached as a control design and operational exercise, rather than just a documentation task.

Week 1: Discovery and Risk Scoping

Objective: Establish context and risk ownership

  • Confirm licence type and supervisory authority
  • Understand business model, products, customers, geographies, and delivery channels
  • Identify inherent ML, TF, and PF risk drivers
  • Collect existing documents, if any
  • Agree scope, timelines, and responsibilities

Key output:
Business model understanding and agreed implementation scope

Week 2: Enterprise-Wide Risk Assessment (EWRA)

Objective: Set the foundation for all controls

  • Assess inherent risks across customers, products, geography, delivery channels, and transactions
  • Define risk appetite and risk acceptance approach
  • Map existing controls and assess effectiveness
  • Determine residual risk levels
  • Prepare senior management-ready EWRA output

Key output:
Approved EWRA driving policy, procedures, and monitoring depth

Week 3: AML Policy and Procedures Design

Objective: Translate risk into clear rules

  • Draft AML and sanctions policy aligned to UAE requirements
  • Design customer onboarding, CDD, EDD, and PEP handling procedures
  • Define screening, escalation, and reporting workflows
  • Set record-keeping and governance expectations
  • Align procedures to how teams actually work

Key output:
AML Policy and Procedures Manual ready for implementation

Week 4: Operationalisation and Templates

Objective: Make compliance usable

  • Provide onboarding checklists and KYC templates
  • Define customer risk assessment methodology
  • Design screening disposition and escalation workflows
  • Prepare reporting decision logic and internal escalation paths
  • Align procedures with goAML reporting expectations

Key output:
Operational templates and workflows teams can apply consistently

Week 5: Training and Go-Live Support

Objective: Embed compliance into daily activity

  • Deliver role-based AML training
  • Use sector-specific red flags and scenarios
  • Train staff on escalation, documentation, and evidence standards
  • Address practical questions before go-live

Key output:
Trained staff with defensible training records

Week 6: Audit Readiness and Quality Review

Objective: Ensure defensibility

  • Review sample customer files for consistency
  • Validate documentation and evidence trail
  • Prepare audit and supervisory readiness checklist
  • Identify residual gaps and remediation actions

Key output:
Audit-ready AML compliance programme

AML Compliance RACI Matrix (DNFBPs, FIs, and VASPs)

This RACI clarifies who does what in a typical UAE AML compliance framework. It is especially useful for inspections, audits, and internal accountability.

R = Responsible | A = Accountable | C = Consulted | I = Informed

AML Ops

Board / Senior Management

Compliance Officer / MLRO

Operations / Front Office

External AML Consultant

Approve AML framework and risk appetite

A

C

I

C

Enterprise-Wide Risk Assessment

A

R

C

R

AML policy and procedures

A

R

C

R

Customer onboarding and CDD

I

C

R

C

Enhanced due diligence

I

R

C

C

Sanctions and PEP screening

I

R

R

C

Ongoing monitoring

I

R

R

C

Suspicious activity escalation

I

R

C

C

goAML reporting

I

R

I

C

Staff AML training

I

R

C

C

Record keeping

I

R

R

C

Internal quality assurance

I

R

C

C

Independent AML audit / review

I

C

I

R

Regulatory inspection support

A

R

C

C

Why this RACI matters

Supervisors and auditors expect clarity on ownership, accountability, and evidence. A documented RACI helps demonstrate that AML compliance is not informal or personality-driven, but structured and governed.

FAQs About AML Consulting in UAE

Who needs an AML consultant in the UAE?

Any business that falls under the UAE’s AML/CFT regulatory scope can benefit from an AML consultant. This typically includes Financial Institutions, DNFBPs (Designated Non-Financial Businesses and Professions), and Virtual Asset Service Providers (VASPs). If your firm handles customer onboarding, payments, high-value transactions, company formation, or any form of financial services, AML support is not optional. It is a key compliance requirement.

An internal compliance function is essential, but it can still face gaps in complex regulatory interpretation, audit readiness, and implementation depth. We support your team by bringing specialised AML/CFT expertise, practical frameworks aligned with UAE supervisory expectations, and proven execution support. In short, we help you reduce compliance risk, save time, and build controls that actually stand up during inspections.

In most cases, full AML compliance implementation takes 2 to 6 weeks, depending on your current readiness, documentation status, and operational complexity. If you already have partial controls in place, we can move faster. If you are starting from scratch, we will still keep the process structured, efficient, and focused on building an inspection-ready compliance framework.

AML UAE stands out because we combine deep regulatory understanding across UAE supervisory authorities with a hands-on, implementation-led approach. We do not just advise. We help you build, fix, document, train, and operationalise the compliance framework. With 300+ AML projects delivered and 750+ professionals trained, our work reflects not just knowledge, but real-world outcomes you can evidence confidently to regulators, auditors, and banking partners.

DNFBPs often engage AML consultants when they are establishing their AML framework, remediating gaps, preparing for a supervisory review, or implementing goAML reporting processes. A consultant helps translate supervisory expectations into workable processes, training, and evidence.

Typical services include an Enterprise Wide Risk Assessment, AML policy and procedures, KYC and CDD templates, screening and monitoring workflows, reporting readiness, AML software selection, training, and audit support. The exact scope should match your licence, activities, and supervisor.

Yes. We support readiness assessments, internal workflows, escalation governance, and reporting decision logic. We also help ensure narratives and evidence packs are robust and consistent.

Yes. We support firms aligned to DFSA and FSRA expectations, including governance, risk assessments, policy frameworks, and operational procedures, subject to the firm’s licence and activities.

We need Licence details, supervisory authority, business model summary, products and services, customer types, geography, delivery channels, existing policies and procedures, if any, and any prior inspection or audit findings.

DNFBPs include real estate brokers and agents, dealers in precious metals and stones, trust and corporate service providers, auditors and accountants, legal professionals, and commercial gaming operators, subject to licensing and activity scope.

An EWRA is a structured assessment of your exposure to money laundering, terrorist financing, and proliferation financing risks across customers, products, geography, delivery channels, and transactions, and it sets the foundation for controls, policies, and monitoring.

An EWRA assesses your business model risk. A Customer Risk Assessment evaluates risk at the individual customer level and determines the depth of due diligence, ongoing monitoring, and review frequency.

Common documents include the EWRA, AML and sanctions policy and procedures manual, customer onboarding procedures, CDD and EDD templates, screening procedures, reporting procedures, training plan and records, and an audit or independent review report.

Yes, real estate firms frequently require AML support for risk assessment, onboarding and EDD processes, recordkeeping, training, and reporting workflows, including ensuring staff understand red flags and escalation procedures.

VASPs often require robust frameworks due to higher risk profiles and supervisory expectations. Consulting support typically covers governance, risk assessment, screening, transaction-monitoring logic, reporting readiness, and audit preparedness.

The Compliance Officer typically oversees AML programme implementation and operations, ensures reporting workflows function properly, maintains training records, monitors effectiveness, and reports to senior management as required.

Yes. This includes defining roles, drafting procedures, building templates, training staff, creating case-handling workflows, and establishing evidence standards for supervisory reviews.

Audit-ready means your risk assessment, policies, procedures, files, training records, screening logs, and reporting decisions are properly documented and can be evidenced quickly during audits, supervisory reviews, or bank queries.

This is typically done through risk-based tuning, sensible matching thresholds, quality data capture, clear disposition rules, and consistent escalation workflows, without weakening compliance expectations.

Common reasons include weak documentation, inconsistent due diligence files, poor training evidence, unclear escalation, weak screening governance, and a lack of records showing how decisions were reached.

Yes. Support can be aligned to the DFSA and FSRA expectations, subject to the firm’s licence type and regulated activities, including governance, documentation, and operational procedures.

Yes. This includes file reviews, gap identification, remediation templates, risk reclassification, and QA checks to ensure the portfolio meets the expected standard.

We focus on aligning and implementing UAE supervisory requirements. The aim is not a theoretical manual, but a working control set with training, templates, evidence standards, and operational workflows.

Need AML consulting support but do not have time for long, drawn-out projects?

Start with a focused compliance sprint and get essential controls implemented within days.

Start Now!

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik