Blogs

The Complete Guide to the Ultimate Beneficial Owner Verification

Methods of placement in money laundering

What is Placement in Money Laundering?

Socio-economic impact of money laundering

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Updated list of FATF high-risk countries and countries under increased monitoring: 24th October 2025

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

FATF List of High Risk Countries

In the latest plenary, which concluded on 24th October 2025, South Africa, Nigeria, Mozambique, and Burkina Faso were removed from the Grey List. The FATF Grey List is also known as the Jurisdiction under Increased Monitoring list. This list includes countries that are actively working with the FATF to address strategic deficiencies in their regimes to counter money laundering, terrorist financing, and proliferation financing.

The FATF is an international body that establishes intercontinental standards to combat money laundering, counter-terrorism financing and combat financing of proliferation of weapons of mass destruction, updates the list of jurisdictions under increased monitoring thrice annually.

List of Jurisdictions under Increased Monitoring (Grey List) as of 24th October 2025

FATF Grey List and Blacklist Update History:

Date	Countries Added	Countries Removed	Countries in grey list
25^th October 2024	Angola Algeria Côte d’Ivoire Lebanon	Senegal	1. Angola 2. Algeria 3. Bulgaria 4. Burkina Faso 5. Cameroon 6. Côte d’Ivoire 7. Croatia 8.Democratic Republic of the Congo 9. Haiti 10. Kenya 11. Lebanon 12. Mali 13. Monaco 14. Mozambique 15. Namibia 16. Nigeria 17. Philippines 18. South Africa 19. South Sudan 20. Syria 21. Tanzania 22. Venezuela 23. Vietnam 24. Yemen
28^th June 2024	Monaco Venezuela	Jamaica Türkiye	1. Bulgaria 2. Burkina Faso 3. Cameroon 4. Croatia 5. Democratic Republic of the Congo 6. Haiti 7. Kenya 8. Mali 9. Monaco 10. Mozambique 11. Namibia 12. Nigeria 13. Philippines 14. Senegal 15. South Africa 16. South Sudan 17. Syria 18. Tanzania 19. Venezuela 20. Vietnam 21. Yemen
23^rd February 2024	Kenya Namibia	Barbados Gibraltar Uganda United Arab Emirates	Bulgaria Burkina Faso Cameroon Democratic Republic of the Congo Croatia Haiti Jamaica Kenya Mali Mozambique Namibia Nigeria Philippines Senegal South Africa South Sudan Syria Tanzania Türkiye Vietnam Yemen

1. Algeria
2. Angola
3. Bolivia
4. Bulgaria
5. Cameroon
6. Côte d’Ivoire
6. Democratic Republic of Congo
8. Haiti
9. Kenya
10. Laos

11. Lebanon
12. Monaco
13. Namibia
14. Nepal
15. South Sudan
16. Syria
17. Venezuela
18. Vietnam
19. Virgin Islands (UK)
20. Yemen

Jurisdictions under Increased Monitoring - Grey List

Which publicly recognizes jurisdictions that have committed to, or are actively working with, the FATF to resolve strategic deficiencies in their anti-money laundering, combatting of terrorism financing as well as combatting of proliferation financing (AML/CFT/CPF) regimes within agreed timelines. This list is commonly known as the “grey list.”

Let AML UAE Handle the Complexities of FATF Updates

Get specialised solutions for modifying your AML/CFT Policy, Controls and Procedures

FATF Grey List and Blacklist Update History:

In the latest plenary, which concluded on 24th October 2025, South Africa, Nigeria, Mozambique and Burkina Faso were removed from the Financial Action Task Force (FATF) Grey List.

In the last plenary, which concluded on 13^thJune 2025, Croatia, Mali, and Tanzania are removed from the Financial Action Task Force (FATF) Grey List and

Bolivia
the Virgin Islands (UK)

were added to grey list.

In the plenary, that concluded on 21^st February 2025, Philippines was removed from the Financial Action Task Force (FATF) Grey List, and:

Lao PDR
Nepal

were added to the Grey List.

In the plenary that concluded on 25^th October 2024, Senegal was removed from the Financial Action Task Force (FATF) Grey List, and:

Angola,
Algeria,
Côte d’Ivoire
Lebanon

were added to the Grey List.

In the plenary that concluded on 28^th June 2024, Jamaica and Türkiye were removed from the FATF Grey List and:

Monaco
Venezuela

were added to Grey List.

In its plenary, which concluded on 23rd February 2024, the FATF removed UAE, Barbados, Gibraltar, and Uganda from the Grey List, whereas:

Kenya
Namibia

were added to the Grey List.

In October 2023, the, while the following countries were removed: Albania, Cayman Islands, Jordan. and Panama and:

Bulgaria

was added to the Grey List.

The FATF established two statements as part of its listing and monitoring procedures to assure consistency with its international standards.

To learn more about the difference between FATF-blacklisted countries and greylisted countries: Checkout What are FATF Blacklist and Grey list countries?

No.	Country	No.	Country
1	Bulgaria	12	Nigeria
2	Burkina Faso	13	Philippines
3	Cameroon	14	Senegal
4	Croatia	15	South Africa
5	Democratic Republic of the Congo	16	South Sudan
6	Haiti	17	Syria
7	Kenya	18	Tanzania
8	Mali	19	Venezuela
9	Monaco	20	Vietnam
10	Mozambique	21	Yemen
11	Namibia

Need Your Enterprise-Wide Risk Assessment Updated as per the FATF updates?

We’ve got you covered with our years of experience and qualified experts

High-Risk Countries Subject to a Call for Action - FATF Blacklist

FATF categorises certain countries as “Blacklist” countries. This “Blacklist” identifies jurisdictions with substantial strategic weaknesses publicly in their AML/CFT/CPF regimes and calls on all FATF members to conduct enhanced due diligence and, in the most severe cases, implement countermeasures to protect the international financial system from money laundering, funding of terrorism and proliferation risks stood by the identified nations. This list is commonly referred to as the “Blacklist.”

Recently, the FATF has added Myanmar to this list of High-Risk countries subject to a Call for Action. Accordingly, with effect from 21st October 2022, the FATF “Blacklist” stands as under

Iran and the Democratic People’s Republic of Korea (subject to FATF call on its members/jurisdictions to apply countermeasures),

Myanmar (subject to FATF call on its members/jurisdictions to apply enhanced due diligence measures proportionate to the risks arising from Myanmar).

AML Compliance pertaining to grey-listed and blacklisted countries

All Financial Institutions (FIs) and Designated Non-Finance Businesses and Professions (DNFBPs) are required to have appropriate risk-based AML/CFT protections in place to limit the potential of money laundering and terror financing posed by countries subject to increased monitoring or listed as high-risk jurisdictions subject to a “Call for Action” by FATF.

As a result, FI and DNFBPs must screen customers against the FATF Jurisdictions under Increased Monitoring and High-Risk Jurisdictions Subject to a Call for Action while onboarding and continuously monitor their transactions throughout their business relationship. DNFBPs should ensure that their customer due diligence measures verify their customer’s residence in, or business with, listed countries and that their transaction monitoring measures can examine the size, frequency, and pattern of transactions involving high-risk countries to determine the possibility of occurrence of financial crimes such as money laundering.

FIs and DNFBPs must file suspicious transaction/activity reports (STR/SAR) to the Financial Intelligence Unit (FIU) when red flags are observed so that enforcement actions can be conducted.

Further, FIs and DNFBPs are obligated to report the transaction or activity with high-risk countries subject to a “Call for Action” to the FIU by filing High-Risk Country Transaction Report or High-Risk Country Activity Report (HRC/HRCA), as the case may be

Is Conducting a Re-KYC after the FATF Updates Too Cumbersome?

AML UAE is here to save the day

Role of AML UAE

AML UAE is a leading AML compliance services provider in UAE. We help you with fulfilling all the requirements for AML and CFT in UAE. Our spectrum of AML compliance services is not restricted to national boundaries, but we also make sure that you comply with the global regulations of AML.

We can help you with:

Creating firm-specific AML policies, procedures, internal controls, best practices, and guidelines for your smooth business operations
Setting up an expert AML compliance department for your firm that can handle all AML-related activities
Selecting the most effective and appropriate AML software for your business needs to ensure AML compliance
Helping you in filing and submitting annual AML/CFT risk assessment reports with the UAE government
Conducting training for your employees in handling KYC, screening, risk profiling, CDD, EDD, and filing of STRs

High-Risk Countries - FAQs

Through its position in setting global standards to combat terrorist financing, assisting jurisdictions in implementing financial provisions of United Nations Security Council resolutions on terrorism, and evaluating countries’ ability to prevent, detect, investigate, and prosecute terrorist financing, the FATF plays a critical role in global efforts to combat terrorism financing. Despite this, several nations have yet to apply the FATF Standards fully. They are unaware of the nature of the TF threats they face and lack adequate counter-measures.

When a regime is put on the Grey List by the FATF, it means the country is actively working with FATF to fight against money laundering and other risks. It means the government is taking active measures to identify the deficiencies in its regulatory structure and correct them within the agreed timelines.

FATF Blacklist features the high-risk jurisdictions subject to a Call for Action. As per the FATF October 2022 plenary report, the Democratic People’s Republic of Korea, Myanmar and Iran feature in the FATF Blacklist.

A member of the FATF may impose economic sanctions on a country on the blacklist. North Korea, Iran and Myanmar for example, are both on the FATF Blacklist. As a result, sanctions against North Korea, Iran and Myanmar are possible.

Add a comment

Related Blogs

The Complete Guide to the Ultimate Beneficial Owner Verification

What is Placement in Money Laundering?

Socio-economic impact of money laundering

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

A Comprehensive Guide to AML Customer Risk Assessment for DNFBPs in UAE

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

A Comprehensive Guide to AML Customer Risk Assessment for DNFBPs in UAE

As per UAE AML regulations and to cope with the ever-evolving financial landscape, the regulated entities – Financial Institutions, Designated Non-Financial Businesses and Professions (DNFBPs), and Virtual Asset Service Providers (VASPs) – are required to conduct Customer Risk Assessments. The Customer Risk Assessment is a critical AML measure focused on identifying the money laundering or financing of terrorism (ML/FT) risk posed by each customer.

In this article, we will discuss the significance of performing customer risk assessment for DNFBPs in UAE and the best practices to conduct the same to manage the risk and stay compliant with the UAE AML regulations.

Understanding the Importance of Customer Risk Assessment

UAE has introduced AML/CFT regulations, providing guidelines for regulated organizations to implement AML compliance programs and combat financial crimes like money laundering and terrorism financing. One of the AML measures provided under the UAE AML laws is the Customer Due Diligence (CDD) process.

CDD is a set of comprehensive measures to be applied while onboarding a customer. It includes Know Your Customer (KYC), aimed at identifying the customers and verifying their identity, including the Ultimate Beneficial Owners (UBOs). The name screening of the customers and UBOs also forms part of the CDD process. Additionally, the Customer Due Diligence measures also include customer risk assessment.

What is Customer Risk Assessment under AML Compliance Program?

Customer Risk Assessment plays a pivotal role in the AML program, as it assists in adopting the risk-based approach to deploy resources and optimally manage financial crime risks. It involves assessing the potential ML/FT risk the customer is expected to pose to the business, i.e., creating the customer risk profile or conducting the risk assessment. It is an essential element of a risk-based approach and regulatory requirement. FATF Recommendation 10 also advocates the importance of customer risk assessment.

By assessing the risk associated with customers, regulated organisations can determine the level of procedures to be performed and the controls to be applied to manage risk effectively.

The customer risk assessment is primarily based on customer identification information, the nature of business activities, the geographies they are associated with, the purpose of the business relationship, the expected transactions, the actual transaction pattern, etc. Evaluation of the risk basis of these factors, along with other relevant risk parameters, assists the business in determining the level of customer risk and accordingly deploying adequate AML measures.

Why is Customer Risk Assessment a significant part of the AML Compliance Program?

As an outcome of the Customer Risk Assessment, the customer’s risk profile is created and classified as either high, medium, or low risk for the business. It assists businesses in determining the level of due diligence measures to be applied. For example, enhanced due diligence measures are applied to manage the increased risk for customers categorized as posing a high risk to the business. The businesses may adopt simplified verification measures for customers with low ML/FT risk. Thus, it helps the organizations apply the risk-based approach in its true and use the resources optimally, with smooth customer onboarding in line with the risk profile.

It serves as the foundation to build the ongoing monitoring program to identify any unusual patterns or suspicious activities, allowing the businesses to prioritize the monitoring efforts toward high-risk customers.

Moreover, the customer’s information and the activity profile keep evolving over time; thus, it is pertinent to ensure the customer’s risk assessment is updated to identify the level of risk associated with the customer and ensure appropriate mitigation measures are applied.

With a comprehensive customer risk assessment process, businesses can protect themselves from being exploited by financial criminals and ensure compliance with the AML regulatory landscape of the country.

How to conduct Customer Risk Assessment (CRA)?

Adopting the following steps will enhance the effectiveness of the Customer Risk Assessment:

Identifying and evaluating the risk factors

The first step in CRA is identifying the risk factors that expose the business to ML/FT vulnerabilities. These risk factors can include the following:

nature of the customer
customer’s country of residence, business, nationality, and birth
occupation and employer details of the customer
nature of the proposed transaction
transactional parameters like nature of product, services
mode of payment
person’s background (adverse media, connection with sanctioned persons, or past incidence of reporting suspicious transactions)
customer’s source of funds and wealth

For example, the customer working with an industry connected with ML/FT typologies, such as precious metals and stones or real estate, is treated as a high-risk customer. Further, the customer whose proposed payment mode is cash or virtual assets without any business rationale may trigger a suspicion warranting to classify the customer as high-risk.

The customer associated with a country on the FATF Grey List or jurisdiction notorious for higher risk of money laundering poses a higher risk to the business than the customer with a jurisdiction having strong AML regulations.

The comprehensive and combined evolution of these factors helps the business determine the risk associated with each customer and create its risk profile.

The evaluation of the risk factors to help identify the inherent ML/FT risk the customer poses and the level of AML/CFT measures are required to mitigate this inherent risk. For instance, regulated organizations must perform additional verification checks and obtain documents for high-risk customers to establish the legitimacy of the customer’s source of funds and wealth. Moreover, senior management approval must also be sought to establish a business relationship with such a customer.

Adopting appropriate mitigation measures significantly reduces the ML/FT risk, ensuring an inherent level of risk is brought within the business’s risk appetite to conduct a transaction with such a customer.

The factors considered for the risk assessment, the methodology adopted and the outcome of the CRA must be well-documented to demonstrate AML compliance.

Periodic review and reassessment

The customer risk profile is not a static one, i.e., once a customer is classified as high-risk would not necessarily pose such increased ML/FT risk to the business. The risk exposure changes as the customer’s profile is updated, the business activities change, the relevant country’s AML regulatory framework changes, etc. Further, the evolving AML regulations and emerging risk typologies also impact the customer’s risk profile.

Thus, the regulated entities must ensure that the customer’s risk assessment is dynamic, updated as and when there is any movement in the risk factor.

Empowering the team

Well-crafted AML/CFT procedures and controls are of no use without having a well-trained team to implement the same effectively. The regulated entities must impart adequate AML training to their employees around the performance of customer risk assessment and its impact on the nature of AML/CFT measures to be applied. The factors to be considered for risk assessment and the methodology to be adopted must be discussed during the AML training program.

How can the use of tools and techniques improve the effectiveness of the Customer Risk Assessment?

When assessing customer risk, regulated entities can deploy a wide range of tools and techniques to obtain accurate and real-time results. These tools and techniques would be both – manual as well as automated using technology.

Use of emerging technology in performing Customer Risk Assessment

With the use of developing technologies, businesses can improve the effectiveness of the risk assessment process. The automated software and tools can process a large volume of customer data to assess the level of risk and provide insights into the customer’s risk profile.

Leveraging these technological tools can speed up the processes, providing real-time assessment of the customer risk upon every transaction executed with the customer, without worrying about remembering the requirement to reassess the customer risk.

Moreover, these solutions use the initially assessed risk level as a base and can promptly identify any unusual patterns and suspicious activities inconsistent with the customer’s profile.

Use of manual techniques for assessing customer risk

Though deploying technology for customer risk assessment is one of the best alternatives, the power of manual techniques can’t be ignored. Small and medium-sized businesses can use sophisticated Excel-based methods to assess the risk, including manually verifying customer documents and information.

With the human touch, businesses can assess the risk by interviewing the customer, studying their behavior, involving third parties to evaluate the customer’s financial position, etc.

When the manual techniques are combined with technological tools, the comprehensiveness of the CRA measures enhances, ensuring that tool-based assessment is supported by manual verification and no potential risk exposure goes unnoticed.

Let AML UAE help you design your Customer Risk Assessment Program

As the risk factors and AML regulations in UAE keep advancing, the methodologies of conducting customer risk assessment also change. Seek professional help from AML experts like AML UAE to develop your customer risk assessment policies and program, ensuring you appropriately determine the customer’s ML/FT risk and apply necessary mitigation measures.

AML UAE, with its diversified experience and subject knowledge, can assist the regulated entities in customizing the AML framework in accordance with the nature and risk exposure of the business while staying AML compliant and managing the risks effectively.

Whichever way you go – technological or manual – AML UAE can help you either by identifying and assisting in implementing the right AML software for CRA or designing the manual techniques and processes to create customer risk profiles effectively.

With Customer Risk Assessment, manage your ML/FT risks effectively!

Make significant progress in your fight against
financial crimes

With the best consulting support from AML UAE.

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

How to File CNMR and PNMR on the goAML Portal Under TFS Guidance, 2025

Best Practices for CNMR and PNMR Filing on the goAML Portal to Ensure TFS Compliance

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

How to File CNMR and PNMR on the goAML Portal Under TFS Guidance, 2025

This blog elaborates on the July 2025 updates to the Targeted Financial Sanctions (TFS) Guidance. These updates introduce sharper procedures, especially around screening and reporting, and call attention to nuanced revisions, such as:

Fund Freeze Report (FFR) changed to Confirmed Name Match Report (CNMR)
Clarified screening during weekends and public holidays
Updated procedures related to Partial Name Match Reporting
Additional examples on PNMR Reporting
Grievance procedures were deleted and published separately on the EOCN website.

The blog also includes a detailed explanation of what TFS obligations are, an in-depth understanding of CNMR and PNMR filing obligations and step-wise processes under TFS Guidelines 2025, and the best practices that Reporting Entities can incorporate into their AML framework to ensure Sanctions Compliance.

Apart from procedural updates, this blog also provides a step-by-step walkthrough for CNMR and PMNR filing using the goAML portal, helping AML compliance professionals and Regulated Entities to understand their core TFS compliance obligations.

Guidance on Targeted Financial Sanctions, July 2025: What Reporting Entities Must Know

In order to decode the provisions of the TFS Guidelines July 2025, reporting entities must develop a sound understanding of the basic concepts, such as:

What are Targeted Financial Sanctions (TFS) in the UAE?

“Targeted Financial Sanctions” refers to an obligation to freeze the funds or other assets of designated individuals or entities, and to restrict access to such funds, assets, or related services, either directly or indirectly.

The primary purpose of TFS is to prevent designated persons and entities from accessing financial resources, thereby disrupting the use of such resources for illicit purposes or transactions that may benefit individuals or organisations involved in terrorism, proliferation financing, or other criminal activities.

TFS Compliance Obligations

Article 21 of Cabinet Decision No. 74 of 2020 has set the main TFS compliance obligations on Reporting Entities, including DNFBPs, FIs, and VASPs:

Register

Reporting Entities must register for the EOCN Notification Alert System (NAS) to receive automated email notifications on any update to the Sanctions List. In terms of practical implementation, Regulated Entities using Sanctions Screening Software can ensure that the screening software is paired up with a sanctions screening API that gives real-time data and updates as to additions and deletions of names in:

The UAE Local Terrorist List that contains the names of all the sanctioned individuals, entities, or groups designated by the UAE Cabinet.
The UNSC Consolidated List that contains the names of all the sanctioned individuals, entities, or groups designated by the United Nations Sanctions Committees or directly by the UNSC.

Screen

The “when” and “whom” of sanctions screening is covered under paragraphs 30 and 31 of the latest guidance, which provide that Reporting Entities must undertake regular and ongoing screening on the latest Sanction Lists. Sanctions Screening must be undertaken mandatorily in the following circumstances:

Updates, i.e., additions, deletions, and revisions of names to Sanction lists
Prior to onboarding a new customer, i.e., a potential customer
Persons or entities party to any transactions or related to parties of any transaction, including names of persons with direct or indirect relationships with designated individuals, entities, or groups
Upon periodic KYC reviews or if there is any material change in the nature or ownership of the customer is identified
Daily screening of the existing customer database
Daily screening of the offboarded customers or previous customers with whom the Regulated Entity had prior business relationships and transactions
- Reporting Entities need to be mindful that they are required to SCREEN all their previous or offboarded customers on an ongoing basis for a period of five (5) years after termination or cessation of the business relationship, even if there is no active business relationship or no assets are held with the Regulated Entity at present.
Before processing any transactions with a counterparty.

The “what” of the sanctions screening requirement is covered under paragraphs 32 and 33, which state the “key identifiers” and “other identifiers” required to be obtained by regulated entities from their customers to screen their names against those contained in the latest sanctions lists. These key identifiers and other identifiers are:

Once the key identifier details are available with the regulated entity, the Screening Analyst can proceed with conducting sanctions screening either manually or through screening software. The latest guidance on TFS requires regulated entities to have in place an adequate screening mechanism to help ensure TFS compliance.

The sanctions screening process generates screening outcomes, which can be disambiguated into four categories, such as:

Confirmed Name Match: The name of the customer matches with the sanctions screening outcome.
Partial Name Match: The name of the customer partially matches with the sanctions screening outcome.
False Positive: The name of the customer does not match with the screening outcome.
Negative Match: The name of the customer does not generate a screening outcome.

The occurrence of any of these four outcomes requires the personnel of the regulated entity to take appropriate steps, which are more elaborately discussed in the table below:

Sanctions Screening Outcomes and Resultant Reporting Requirements
Screening Result	TFS Measures	TFS Reporting Requirement	Record-Keeping Obligation
Perfect Match or Confirmed Name Match	Freezing of Funds or Other Assets without any delay (within 24 hours) Prohibition from Making Funds or Other Assets or Services Available If the confirmed name match is of a potential customer, transaction must be immediately rejected (TFS measures discussed more elaborately in step 3)	Confirmed Name Match Report (CNMR) to be filed within 5 days alongwith obligatory information	Paragraph 46 of the TFS Guidance updated in July 2025 prescribes to maintain records for the duration of atleast five (5) years, irrespective of the screening outcome.
Partial Match	Immediate suspension of transaction without any delay Avoid offering funds or any other services Scenario-wise requirements apply	Partial Name Match Report (PNMR) to be filed within 5 days alongwith obligatory information
False Positives or False Match	Not applicable	No reporting required
No Match or Negative Match	Not applicable	No reporting required

Stop Guessing. Start Screening Right!

Ready to handle every match- Confirmed, Partial, or Not?

Implement TFS Measures

Reporting Entities must either freeze all funds and assets without delay, prohibit the provision of services/funds or reject the transaction. The core elements of TFS Measures prescribed by the Guidance on TFS include:

Asset Freezing without delay
Prohibition from making funds or other assets or services available
- Financial Assets
- Economic Resources
- Any other assets.

The distinction between “Freezing Measures” in the case of a Confirmed Match and “Suspension Measures” in the case of a Partial Match is discussed in depth in further paragraphs of this AML UAE blog.

Report

The mechanism to report any TFS measures taken by the Reporting Entity must be after identifying a Confirmed or Partial Name Match, reporting to the relevant Supervisory Authority and submitting one of the following two reports via goAML:

Confirmed Name Match Report (CNMR)
Partial Name Match Report (PNMR)

The TFS Guidance also requires Reporting Entities to include and enclose mandatory and obligatory information along with the CNMR and PNMR filed.

In the context of CNMR, the RE is required to enclose ID documents of the person or legal entity whose name is found in the sanctions lists, resulting in a confirmed match during screening, as without possession of ID documents, the RE cannot conclusively confirm that the screening match found is a perfect match, requiring regulatory reporting. Examples of obligatory information for CNMR are:

The amount of funds or other assets frozen with documentary evidence, such as bank statements, transaction receipts, investment portfolios, title deeds, account summaries, etc
Detailed description of rejected transactions or services.

In the context of PNMR, the RE is required to enclose documents such as ID documents (if and when available) and the full name of the person or entity whose name is found to have partially matched during screening. The examples of obligatory information that REs can attach to PNMR are:

Funds or other assets that are suspended
Detailed description of rejected transactions or services.

Confused by the Latest TFS Updates?

Connect with our expert to ensure full compliance with the latest TFS Guidance

How to File a Confirmed Name Match Report (CNMR) While Implementing TFS Measures

The step-wise process for filing CNMR requires a well-developed internal workflow to be followed by employees of a Regulated Entity. Timely filing of CNMR is only possible when the process from match identification to submitting the report on the goAML portal flows seamlessly from one department to another. Regulated Entities need to appoint an AML Compliance Officer and register themselves on the goAML portal. Registration on the goAML portal enables REs to file reports to the UAE FIU (Financial Intelligence Unit) to fulfil regulatory reporting requirements. The step-wise process for filing CNMR includes:

The subscription to the EOCN Notification Alert System (NAS) is a prerequisite that REs must tick off their to-dos once they commence business operations concerning covered activities under UAE’s AML/CFT regime. The subscription to NAS is a one-time exercise, which enables REs to access updated Sanctions Lists in real-time.

Identification of Confirmed Name Match During Sanctions Screening

REs can opt to screen their customers manually across the Sanctions Lists obtained through NAS or rely on a Sanctions Screening Software or unified AML Software that relies on efficient Screening APIs. Using one of these or a combination of software tools ensures that Sanctions Lists relied on for screening customers are updated in real time as published by the regulator, or EOCN, in the context of TFS compliance. The process of screening customers generates screening results or screening outcomes, which need to be disambiguated by the Screening Analyst.

Regulated Entities must remain mindful that they screen across their customer databases, which include potential, existing, and former customers, with whom they had a previous business relationship during the past five (5) years

When a Screening Analyst, while disambiguating screening results, identifies a perfect match or a confirmed match, they need to assess the screening outcome to confirm its accuracy.

Assessment of Confirmed Name Match Outcome

Assessment of a Confirmed Name Match or Perfect Match outcome is quite straightforward. In the case of potential, existing, and former customers, the frontline team or the Screening Analyst is required to carefully examine and cross-verify the customer’s key identifiers and the screening outcome’s attributes to assess whether the initial identification and disambiguation of the screening is accurate or erroneous. Once the Screening Analyst or the frontline team is sure of the match outcome assessment, they need to escalate the customer profile and screening outcome findings to the AML Compliance Officer for carrying out further steps.

Escalation by the Frontline Team or Screening Analyst to the AML Compliance Officer

The AML Compliance Officer needs to assess the customer profile forwarded by the frontline or screening team and assess whether the customer (potential, existing, or former) is indeed a confirmed match or there is any confusion or error on part of screening or frontline team in identifying the match results accurately and proceed further with imposition of TFS Measures and fulfilling CNMR filing formalities in a timely manner.

Impose Freezing Measures on Potential, Existing, and Former Customers

Once the AML Compliance Officer is sure that the confirmed match screening outcome is correct and accurate, he needs to act fast and impose freezing measures without delay (within 24 hours of the confirmed match). The extent and manner of imposing TFS Measures shall differ on the basis of the maturity of the business relationship, as elaborated below:

In case of a Potential Customer

Rejection of transaction or service immediately

In case of an Existing Customer

Freeze all funds/assets
Prohibition from making funds, other assets, or services available to such customer

In case of a Former Customer

If the confirmed match is that of a former customer and the RE does not have any assets or funds available with them, they can still proceed with the CNMR filing process, stating that business relationship concluded and they are not in possession of any assets.

Preparation of Mandatory and Obligatory Information & Documents for CNMR in alignment with goAML Requirements

After imposing TFS Measures, the Compliance Officer then needs to ensure that he is equipped with all the mandatory and obligatory information pertaining to the customer against whom the CNMR is supposed to be filed. The ID documents (passport, Emirates ID, trade license) are assumed to be in possession of the RE and need to be submitted with CNMR. The examples of obligatory information are:

Asset value proof (bank statements, portfolio summaries, title deeds)
Description of rejected service or transaction.

Logging in on the goAML Portal to File CNMR

The AML Compliance Officer must log into their employer’s goAML portal account using RE’s log-in details to file CNMR.

Selecting Report Type as CNMR & Entering Information and Documents

The AML Compliance Officer needs to select CNMR from the list of options given in the dropdown menu on the goAML portal. The AML Compliance Officer can either upload the CNMR in an XML format or fill in the details regarding a confirmed name match in real-time by opting for the web-report option on the goAML portal.

Saving and Submitting CNMR

Once the details regarding the confirmed name match are entered on the goAML portal successfully, the AML Compliance Officer must save the CNMR details and submit the same. The AML Compliance Officer must be mindful of the requirement to complete the legal obligation filing of CNMR on the goAML portal within 5 days after applying freezing measures.

Maintaining Records of CNMR Filed for Five (5) Years

REs are required by law to maintain records of all screening results, including CNMRs, the identification, decision, freezing measures taken, and details of the CNMR filed on the goAML portal for the period of at least five (5) years.

From Sanctions Screening to CNMR Filing: We’ve Got You Covered!

Struggling with real-time screening, escalation, and goAML reporting? Let AML UAE streamline it for you.

How to File a Partial Name Match report (PNMR) While Implementing TFS Measures

The step-wise process of filing a PNMR broadly consists of the steps elaborated in further paragraphs. However, based on the maturity of the business relationship, i.e., whether the customer is a potential customer, an existing customer, or a former customer, the employees of the Reporting Entity, such as the frontline team, Screening Analysts, KYC Analysts, and AML Compliance Officer, must make sure that they collect necessary information about the customer to ensure accurate filing of PNMR. Timely filing of PNMR can be achieved through well-coordinated efforts by all personnel concerned.

Needless to say, the prerequisite of subscription to the EOCN Notification Alert System (NAS) is implied when it comes to having a well-defined and documented process to file PNMR in place. The Reporting Entity may screen its customers manually, through updated sanctions lists and notifications received after subscribing to EOCN NAS or can rely on a Sanction Screening Software or an AML Software with Sanctions Screening API.

Identification of Partial Name Match During Sanctions Screening

Regulated Entities must ensure that they screen across their customer databases, including potential, existing, and former customers, with whom they had a previous business relationship during the past five (5) years.

When a Screening Analyst, while disambiguating screening results, comes across screening results or outcomes where only some or few of the attributes of the customer profile, and they cannot conclusively confirm whether or not such a match is a confirmed match or a false positive, then in such a scenario, they are required to escalate the customer profile and screening outcome to the AML Compliance Officer for further assessment.

Assessing Partial Name Match Outcome

Assessment of Partial Name Match Outcome after screening needs to be done to rule out the possibility of the initial match disambiguation being inaccurate, false positive, or a confirmed name match instead. However, the issue with Partial Name Match outcomes is that the Screening Analyst or frontline team cannot conclusively decide whether it’s a false or a complete match due to factors such as:

Lack of adequate information and non-availability of the customer’s ID documents in case of potential customers
Lack of information in Screening Outcomes, i.e., screening results exist but don’t provide adequate information so as to conclude successful disambiguation
A high number of screening outcomes or results are generated by the screening software due to lower match percentage thresholds configured, leading to high disambiguation volume with non-existent substantial information for disambiguation.

In order to simplify the Partial Name Match Outcome’s accuracy assessment, the following factors must be considered by Reporting Entities, such as:

For Potential Customers: Obtaining ID documents must be attempted when ID documents are not available, leading to a lack of information on key identifier details, so that the match can be disambiguated by having a complete set of information prior to disambiguation for accurate results.

If ID is received within 10 days, the RE must conduct Screening with details contained in the ID obtained. Based on the screening outcome, if the RE finds that the match is indeed a Partial Match, they must continue/implement Suspension/Freezing Measures and proceed with the PNMR/CNMR filing process. If, after fresh screening, the RE finds that the screening outcome is a false positive or no match, they must proceed with establishing a business relationship.
If ID is not received within 10 days, the RE must Reject/Cancel Transaction and proceed with PNMR filing process
If ID is received after 10 days, the RE must conduct Screening based on the recently acquired ID and implement Suspension Measures accordingly, if a Partial Match is found, or proceed with CNMR if a Complete Match is found, or establish a business relationship if false or no match found.

Existing and Former Customers: The possession of a Customer ID is assumed

Suspend any transaction, refrain from offering any funds, assets, or services.

Escalation by the Frontline Team or Screening Analyst to the AML Compliance Officer

The AML Compliance Officer needs to assess the customer profile forwarded by the frontline or screening team and determine whether the customer (potential, existing, or former) is indeed a partial match or confirmed match or false match, based on which further actions can be taken.

Impose Suspension Measures on Potential, Existing, and Former Customers

Once the AML Compliance Officer is sure that the partial match screening outcome is correct and accurate, he needs to act fast and impose a suspension of the business relationship and refrain from or avoid providing any service, assets, or funds to such a customer without delay (within 24 hours of the partial match).

The extent and manner of imposing TFS Measures, i.e., suspension, shall differ on the basis of the maturity of the business relationship, as elaborated below:

In case of a Potential Customer

Cancel the Transaction and proceed with the PNMR filing process

Existing and Former Customers

Suspend any transaction, refrain from offering any funds, assets, or services.

Preparation of Mandatory and Obligatory Information & Documents for PNMR in alignment with goAML Requirements

After imposing TFS Measures, the Compliance Officer then needs to ensure that he is equipped with all the mandatory and obligatory information pertaining to the customer against whom the PNMR is supposed to be filed. The ID documents of existing and former customers (passport, Emirates ID, trade license) are assumed to be in possession of the RE and need to be submitted with PNMR. The ID documents of potential customers can be submitted if and when available. The examples of obligatory information are:

Asset value proof (bank statements, portfolio summaries, title deeds)
Description of suspended service or transaction
Description of rejected transaction or service (when no funds are held).

Logging in on the goAML Portal for PNMR Filing

The AML Compliance Officer must log into their employer’s goAML portal account using RE’s log-in details to file PNMR.

Selecting Report Type as PNMR & Entering Information and Documents

The AML Compliance Officer needs to select PNMR from the list of options given in the dropdown menu on the goAML portal. The AML Compliance Officer can either upload the PNMR in an XML format or fill in the details regarding a confirmed name match in real-time by opting for the web-report option on the goAML portal.

Saving and Submitting PNMR

Once the details regarding the confirmed name match are entered on the goAML portal successfully, the AML Compliance Officer must save the PNMR details and submit the same. The AML Compliance Officer must be mindful of the requirement to complete the legal obligation filing of PNMR on the goAML portal within 5 days after applying suspension measures.

Following EOCN Response

REs after filing a PNMR must await and follow the EOCN instructions and maintain suspension measures until further instructions are received.

The EOCN instructions in the context of PNMR concern the treatment of suspension measures, particularly in the case of existing and former customers. The Reporting Entity must submit PNMR along with all the necessary and obligatory customer information so that EOCN can verify the PNMR submitted and give further instructions to the RE. Either of the following steps must be taken by RE, based on EOCN response:

If EOCN concludes PNMR filed as a False Positive, RE must cancel TFS suspension measures and proceed with the business relationship
If EOCN validates PNMR as a Confirmed Match, REs must freeze funds and submit CNMR.

In the case of potential customers, if customer information and documents are lacking, then EOCN will not be able to verify the PNMR report submitted into Confirmed Match or False Positive.

Maintaining Records of PNMR Filed for Five (5) Years

REs are required by law to maintain records of all screening results, including PNMRs, the identification, decision, suspension measures taken, and details of the PNMR filed on the goAML portal for the period of at least 5 years.

Partial Match or Confirmed? Don’t Second-Guess Compliance.

Get step-by-step guidance on match escalation, TFS imposition, and goAML filing.

Key Differences Between CNMR and PNMR: Comparative Table

Differences Between CNMR and PNMR
Distinguishing Aspects	CNMR (Confirmed Name Match Report)	PNMR (Partial Name Match Report)
Trigger Event	Identification of Confirmed Match during Sanctions Screening	Identification of Partial Match during Sanctions Screening
Immediate Action Needed	Freezing Measures for TFS Compliance to be applied within 24 hours	Suspension Measures for TFS Compliance to be applied within 24 hours
Filing Timelines	Within 5 days after imposing Freezing Measures	Within 5 days after imposing Suspension Measures
Documents Required	Complete Customer ID + Documents of Freezing Measures/ Transaction Rejection	Complete or Partial Customer ID + Documents of Suspension Measures
Post Filing Measures	Freezing Measures to say in place. However lift Freezing Measures if Person/Entity is Delisted from Sanctions List or Freezing Cancellation Decision given by EOCN	Await EOCN Response, maintain Suspension Measures, may need to file CNMR or mark match as False Positive

Key Differences Between Freezing and Suspension Measures

Differences Between Freezing and Suspension of Funds
Distinguishing Aspects	Freezing Measures	Suspension Measures
Sanctions Screening Disambiguation Outcome	Confirmed or Perfect Match	Partial Match
Report to be filed on GoAML Portal	CNMR	PNMR
TFS Compliance Requirements	Freezing measures remain in place until person/entity is delisted from Sanctions List or Freezing Cancellation Decision given by EOCN	Suspension measures remain in place until EOCN provides further instructions on the match’s status

Partial Match or Confirmed? Don’t Second-Guess Compliance.

Get step-by-step guidance on match escalation, TFS imposition, and goAML filing.

General Do’s and Don’ts to Ensure TFS Compliance

Compliance with Targeted Financial Sanctions (TFS) is legally mandated under UAE law and reinforced by the 2025 TFS Guidance. These emphasize proactive, risk-based screening, reporting, and asset freezing for designated persons. The following do’s and don’ts guide Reporting Entities, i.e., DNFBPs, FIs, and VASPs in meeting TFS obligations, particularly for CNMR and PNMR submissions via goAML.

Dos to Ensure TFS Compliance

Do subscribe to the Executive Office mailing list or alert system

Regulated Entities (DNFBPs, VASPs, and FIs) are required to register on the goAML platform to submit STRs and SARs to the FIU. They must also use the platform to report CNMRs/PNMRs to the EOCN and the Supervisory Authority.

Do screen continuously, even on weekends and holidays

Reporting Entities must establish internal procedures for screening against the UAE Local Terrorist List and UNSC Consolidated List during weekends and public holidays, ensuring that access to funds or assets is restricted at all times. If no transactions or customer access occur during weekends or holidays, screening must begin immediately at the start of business activity, and freezing measures should be promptly applied.

Do Report and Disclose previous transactions or business dealings with Confirmed or Partial Name Matches.

Reporting Entities must submit CNMRs and PNMRs for all relevant transactions, business relationships, and accounts held within the past five years, including those closed before the designation, even if no current assets or ties exist. The report must explicitly state that no funds or assets are presently held, no ongoing relationship exists with the designated party, and that the account in question is closed.

Do Report Matches via Email to the EOCN if You’re Not a goAML User

For an entity not registered with goAML (that do not fall under the definition of FIs, DNFBPs, or VASPs and are therefore not under an obligation to register on goAML), CNMRs or PNMRs must be reported by emailing and providing a complete set of case details that clearly explain the identified match with all relevant supporting documents attached in the message.

Do Escalate Matches Found in Criminal or Unilateral/Multilateral Sanctions Lists

Reporting Entities must consult the relevant Supervisory Authority (SA) for guidance on handling matches found with unilateral or multilateral sanctions lists, or other criminal lists, and consider submitting an STR or SAR to the Financial Intelligence Unit (FIU) if such matches are confirmed. The Reporting Entity should not use CNMR/PNMR reports in goAML for matches found on other sanction or criminal lists like OFAC, EU, HMT, or INTERPOL. These reports are only for matches with the UAE Local Terrorist List and UN List.

Do understand the change in penalty for non-compliance and inform staff

Reporting Entities must equip themselves with the awareness of changes made to the penalty imposed on TFS violations and incorporate the changes, such as imprisonment for a period of one to seven years. REs must also understand that Administrative Sanctions might be applied to them, resulting in a warning for license cancellation.

Keep Screening 24/7- Even on Holidays!

Set up a continuous screening process to avoid compliance gaps

Don'ts to Ensure TFS Compliance

Don’t overlook changes in ownership structures, as even minority holdings may evolve into controlling stakes.

Reporting Entities are required to impose freezing measures on any entity that is majority-owned (more than 50%) by designated persons or entities. During implementation, REs must determine whether a designated person owns or exercises control over more than 50% of the proprietary rights. If the designated individual holds only a minority stake (50% or less), the entity is not subject to freezing measures unless ownership shifts, and the designated person gains a majority stake or controlling interest. Furthermore, all funds or assets owed to designated individuals must be frozen and must not be made accessible under any circumstances.

Don’t notify customers before freezing measures, as doing so may be considered tipping off

Reporting Entities must avoid informing customers about freezing measures before they are applied, as this may constitute tipping off. Customers may be notified once the measures have been implemented.

Don’t Forget to Document False Positives

Reporting Entities do not need to report a False Positive result to the EOCN and may proceed with the business transaction. However, they must maintain internal records of the screening alert and all actions taken.

Don’t rely solely on third-party screening services to meet compliance obligations

Reporting Entities must not consider third-party screening services as a guarantee of compliance. Reporting Entities remain responsible and must assess the reliability and robustness of external systems before using them.

Don’t Rely on Assumptions or Unverified Links

When a Confirmed or Partial Name Match is identified, the Reporting Entity must obtain and review the customer’s identification documents. Following the review, appropriate freezing or suspension actions should be taken and properly documented.

Best Practices for CNMR and PNMR Filing on the goAML Portal to Ensure TFS Compliance

Filing of CNMRs and PNMRs via goAML portal is a key compliance requirement for Reporting Entities, including DNFBPs, FIs, and VASPs. By implementing the following best practices, Reporting Entities can ensure effective compliance with the UAE’s Latest Guidance Targeted Financial Sanctions (TFS):

Establish Comprehensive Sanctions Compliance Policies and Internal Controls

Reporting Entities must set and implement policies, procedures, and internal controls that align with the requirements of the latest TFS Guidance. These should ensure compliance with freezing obligations, include reasonable measures to identify beneficial owners, signatories, and strictly prohibit staff from disclosing freezing actions to customers or third parties. REs must allocate appropriate human and technical resources to fulfil TFS obligations effectively.

Using Sanctions Screening Software for Accuracy

REs must deploy Sanctions Screening Software that enables high-accuracy detection of designated individuals and entities across the UAE Local Terrorist List and the UNSC Consolidated List. The software should allow configurable thresholds to minimise false positives while ensuring true matches are not missed. The software must support real-time updates to watchlists, automatic batch screening, and ongoing monitoring of customer databases and transactions. These capabilities are critical for ensuring that CNMRs and PNMRs are identified without delay.

Providing Sanctions Compliance Training to Employees

REs must conduct regular and role-specific training for employees, especially those in compliance, operations, and client onboarding teams. The training must cover the detection and handling of CNMRs and PNMRs, the use of sanctions screening software, and the regulatory obligations outlined in the latest TFS Guidance. Training should also emphasise the importance of confidentiality (prohibition of tipping off) and include practical case scenarios to ensure readiness for real-life detection and reporting situations.

Group Oversight Across All Branches and Trade Zones

REs must establish Group Oversight to ensure consistent application of CNMR and PNMR processes across all branches and trade zones. This includes unified match thresholds, centrally managed screening tools, and standardised escalation procedures. Group Compliance must include overseeing implementation, conducting regular audits, and providing training to ensure effective and consistent Sanctions Screening. Central oversight ensures that potential matches are identified and resolved promptly, reducing the risk of sanctions breaches across the institution’s entire operational footprint.

Tamper-Proof Record-Keeping

REs must maintain tamper-proof record-keeping systems to ensure the integrity and security of data related to CNMR and PNMR activities. Records of screening results, match investigations, and escalation decisions must be securely maintained with access controls that restrict unauthorised viewing or editing. The system must include audit trails that log all user actions and prevent any undetected alterations or deletions.

Implementing Centralised Record Management Systems

REs must implement Centralised Record Management Systems to ensure consistent, secure, and traceable handling of data related to CNMR and PNMR processes. These systems should consolidate customer and transaction records across all business units and branches, enabling efficient access and retrieval during sanctions screening, investigations, and regulatory inspections. Centralisation ensures that relevant data is readily available as a single source of truth, supporting timely identification, review, and escalation of potential matches. Easy access to accurate records is essential for demonstrating compliance with TFS obligations and facilitating smooth regulatory visits.

Internal Reporting & Escalation Module

REs must establish a structured Internal Reporting & Escalation Module to manage alerts generated through CNMR and PNMR processes. This module should define clear roles, timelines, and procedures for the review, escalation, and resolution of potential sanctions matches. Automated workflows should support timely alert handling, while ensuring that all actions are logged for audit purposes. Effective internal reporting and escalation are essential for preventing delays, ensuring regulatory compliance, and facilitating prompt decision-making in line with TFS obligations.

Freeze, File, and Comply Without the Panic!

Our experts help you navigate every step of the sanctions screening and CNMR/PNMR reporting process.

Bringing It All Together: TFS Measures, Match Outcomes, and goAML Reporting

The advent of TFS Guidance, July 2025, calls for more than reactive and passive compliance measures; it requires proactive internal policies and procedures that take care of timely screening, clear escalation protocols, and accurate CNMR/PNMR reporting through the goAML portal and reposting to the relevant Supervisory Authority. Irrespective of dealing with confirmed or partial match in case of potential, existing, or former customers, regulated entities must implement appropriate freezing or suspension measures, document actions taken, and maintain records for a period of five (5) years.

Incorporating these practices into daily workflows helps ensure regulatory compliance while reinforcing operational resilience. With right Sanctions Screening Software, Role Specific AML Training, and governance, REs in UAE can go beyond reactive compliance and master proactive and risk-based TFS Compliance.

Need CNMR/PNMR SOPs, Templates, or Screening Software & Personnel Training?

From Screening to GoAML, we help you operationalise every step of CNMR/PNMR Compliance

FAQs

What is the difference between CNMR and PNMR under UAE TFS Guidance 2025?

CNMR can only be filed in a scenario where the customer details completely and entirely match with those of the screening outcome, whereas PNMR can be filed when some of the customer details match with those of the screening output, but it cannot be conclusively determined to be a confirmed match or a false match due to a lack of information or clarity.

What are the timelines for CNMR or PNMR filing in UAE?

CNMR and PNMR both need to be filed within 5 business days of imposing freezing or suspension measures.

Can REs file CNMR/PNMR manually without screening software?

Absolutely, filing of CNMR/PNMR can be done through logging into the goAML portal using REs’ credentials. The role of the Screening Software is limited to carrying out Sanctions Screening, generating alerts upon finding matches, streamlining workflows and escalations and preparing or downloading screening reports and details for the purpose of filing CNMR/PNMR accurately.

AML UAE – your partner for AML training requirements

Contact us now, and let's get started.

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

AML compliance vs AML risk management: Closely aligned despite striking differences

Protect your business with reliable and effective AML strategies with AML UAE.

AML compliance vs AML risk management: Closely aligned despite striking differences

The main difference between AML Compliance and AML Risk Management is that AML compliance is a regulatory requirement which can be achieved through implementation of AML Risk Management practices. AML Risk Management deals with how a Regulated Entity plans to deal with money laundering, terrorism financing, and proliferation financing risks through developing and implementing AML,CFT and CPF framework that includes policies, procedures, practices, and internal controls.

Understanding AML compliance vs AML risk management is essential. In the realm of AML, businesses use compliance and risk management as substitutes. Both are crucial for any business entity. So, you must understand the differences between risk management and compliance in AML.

Anti-money laundering compliance is an ‘in-trend’ term for businesses nowadays. Another similar term that has been in use for quite a long time is risk management, specifically in the case of financial institutions. While the former talks about adherence to rules, the latter entails managing threats to a business.

In this blog, we will explore the distinctions between the two. First, we will understand what AML compliance and AML risk management mean. Then, we will discover the similarities and differences between AML risk management and compliance.

Say Hello to a risk-free world of business for you,

By partnering with AML UAE’s expert consultants.

Compliance and risk management: Term differences

What is compliance?

Compliance means adhering to regulations, laws, and rules. It means you are ethical in your business practices. You do what the government and the law expect you to without deviating from the business morals. Thus, it is a reactive exercise to show your country and regulator that you follow the rules.

Suppose you are a business in the UAE. You must follow the local rules and regulations related to your operations, license, environment, labour, and many other aspects.

The process of following these rules and how well you are able to do it means compliance.

By complying with laws, the regulator or relevant authority will not impose penalties or fines on you. Also, you will not face any legal cases for non-compliance. Thus, by complying, you save yourself from financial losses, legal ramifications, and reputational damages.

What is risk management?

Risk management means managing the risks to your business. How do you manage them? You identify these risks, categorise them, measure their probability and impact, and develop strategies to mitigate, control, or manage them.

You can try to avoid risks in the first place. Or, you can try to reduce their impact on your business activities. Whatever you do, you can plan it before the risks affect you. Thus, it is a proactive action from your side based on your expectations of potential risks.

When there is a change in the business environment, potential risks change. So, you must keep changing your risk management strategies. Thus, risk management requires you to be more strategic in your thinking while planning for it.

Thus, compliance and risk management differ in many aspects. But, when you consider these terms related to money laundering, some more differences crop up. Let’s explore these differences between AML risk management and compliance.

AML compliance vs AML risk management: Definitions

AML compliance

AML compliance means adhering to the regulations to protect your business from money laundering. It involves creating a framework that includes policies, procedures, practices, and internal controls to guide the fight against money laundering. Moreover, this framework or strategy is unique to each business’s needs and activities.

AML compliance requires businesses to comply with the local AML regulations. As per the UAE AML/CFT laws, you need to:

Create an AML compliance department and appoint an AML compliance officer
Assess the money laundering risks to your business from several factors so that you can fight them
Create a risk-based AML compliance program that enables adherence to each requirement of the law
Monitor transactions to identify suspicious ones
Conduct KYC, screening, and due diligence of customers to identify threats
Conduct training of your employees on AML-specific aspects
Implement technology solutions or manual systems to facilitate compliance
Create reports on suspicious transactions and customers and report them to authorities

AML risk management

If you check the aspects of AML compliance, risk management is an integral part of it. It requires you to identify the money laundering risks from your:

Customers
Transactions
Geographies
Delivery methods
Products and services

After risk identification, it entails analysis, rating, and categorising. Based on the levels of risks identified, you can take a risk-based approach for your AML compliance. It allows you to determine:

Stern AML measures for high-risk customers
Less strict AML actions for moderate-risk customers
Relaxed AML strategies for low-risk customers

These measures include:

KYC of customers, which is typical for every risk type
Customer due diligence, which is standard for every customer
Enhanced due diligence for high-risk customers
Monitoring of transactions of high-risk and medium-risk customers
Ending the relationship or cancelling the transaction is possible only in the case of high-risk customers

Differences between AML risk management and AML compliance

AML compliance vs AML risk management is crucial but challenging to understand. However, you must remember that to comply with AML regulations, you need to follow the rules. Risk management is a strategy to ensure that you adhere to these rules.

Superset vs subset

A crucial aspect of the AML compliance vs AML risk management contest is to identify which concept includes the other.

AML compliance is the set of activities you must undertake to adhere to the UAE regulations. AML risk management is a broader term that includes strategies, policies, and procedures an organisation implements to identify, assess, and counter ML/TF risks. Thus, AML compliance is a subset of AML risk management.

Compliance has always been a part of risk management. Further, there is something called compliance risk management, wherein the risks associated with non-compliance are identified, assessed, and managed.

Reactive vs proactive

AML compliance is a reactive exercise. As a business entity in the UAE, you must follow UAE’s AML regulations. To avoid penalties, you must adhere to each requirement. Thus, you react to a mandate by the government.

In contrast, AML risk management is a proactive exercise. You must protect your business from money laundering risks so you can take action to prevent or mitigate them. Thus, you act before these risks affect you.

Legal vs strategic aspect

Another factor that differentiates AML compliance from AML risk management is the business aspect covered.

AML compliance is a legal requirement in the UAE. Since you are one of the financial institutions, DNFBPs, or VASPs, you must follow the UAE’s AML regulations. So, the goal is the same for all of you, although your compliance journey might differ.

When you follow these rules accurately and on time, you are AML-compliant. These requirements include submitting:

Suspicious Transaction Report and Suspicious Activity Report
Confirmed Name Match Report and Partial Name Match Report
DPMSR and REAR reports
HRC and HRCA reports
PNMR and CNMR reports
Surveys and Questionnaires

On the other hand, AML risk management is a strategy to enable AML compliance. You must identify, categorise, rate, and assess risks to manage and mitigate risks. During this process, you generate KYC, CDD, PNMR, CNMR, DPMSR, REAR, STRs, and SAR records.

Your risk management differs from that of other organisations because the risks differ. Even in the same industry, the impact of these risks differs because your operations and business models vary. So, you need to create a unique strategy for AML risk management to help you with legal and regulatory compliance in AML.

Current vs futuristic

AML compliance is more of a current process. It defines your legal obligations for this year. So, this year, you have to follow these specific AML requirements. So, you know what you have to do. You are legally obligated to follow these rules, which makes you compliant for this year.

On the other hand, AML risk management ensures you are safe from money laundering risks now and in the future. You have to predict the risks your business will face from money launderers. You need to consider the emerging threats of predicate offences as well. Thus, it makes you more of a planner for the current and future risks.

Tangible vs intangible

The tangibility of the process is a crucial point in AML compliance vs AML risk management.

AML compliance is a tangible process. You have to follow specific rules to comply with industry standards. If you follow these particular requirements of the AML regulator, you become AML-compliant. If you do not follow them, you will have to face penalties. Thus, you will suffer financial losses, reputational damage, and legal proceedings.

In the case of AML risk management, there are no concrete rules. You have to analyse the business environment in which your firm operates. You need to predict and evaluate the possible ways criminals can launder money through your business processes. Thus, it is unique to every firm. If you cannot control or mitigate these risks, your business suffers. The money laundering risks will affect your business, causing losses in terms of customers, credibility, and money.

However, the FATF has recommended that regulated entities follow a risk-based approach, and similarly, the UAE Federal Decree by Law No. (10) of 2025 and related cabinet decisions require reporting entities to do the same. By virtue of this, AML risk management is embedded in the AML compliance requirements.

Tickmark exercise vs continuous process

AML compliance is more of a checklist-based process. The AML compliance department ensures the business adheres to each requirement and tickmarks it. If you miss any of these, you have to pay a penalty. Once you adhere to the requirements, your work ends.

In contrast, AML risk management is not a tickmark exercise. It’s not like you have submitted a report, so you are done with it. It is a continuous process. You need to keep identifying the money laundering risks your business faces. Analyse them. Find ways to mitigate, prevent, or manage them. So, you must continue the AML risk management exercise to reap complete benefits.

Besides these differences between AML risk management and compliance, there are also some similarities. These include:

Risk management tactics and compliance strategies keep changing. As and when the regulations change, you need to make changes in your AML compliance program. Moreover, the money laundering risks, macroeconomic climate, and industry trends keep changing, leading to amendments in your AML risk management policies.
Both AML compliance and risk management become better with the help of technology. Innovative solutions and technologies make these procedures smoother. The technologies use data analytics, artificial intelligence, and other advanced concepts to ensure your process is faster, smoother, and more accurate.
Both AML compliance and risk management need decision-making at the top level. Since identifying and managing money laundering risks is critical, the top management must set the tone. Only when you ensure AML compliance and risk management culture at the top, you can maintain it across the firm.
One significant challenge in both these procedures is maintaining a good customer experience. Customers demand a seamless user experience. If you are unable to do that, you might lose customers. So, while managing AML compliance and risk management, you must ensure the processes are not time-consuming or intrusive for them. On the other hand, collecting all information is also essential for successful procedures.

Setting the similarities and differences aside, your primary focus must be to protect your business from money laundering threats. To do this, you need to create a robust AML compliance program. This program will include a well-defined AML risk management strategy. In combination, it will help you meet UAE’s AML regulations and prevent risks.

Exploring these differences and similarities enables you to fit both into your strategy. You can determine the efforts, resources, timelines, and overall alignment with business operations. This is how you can prevent potential threats and create value for your business. To help you achieve this objective, partnering with an expert AML consultant like AMLUAE will help.

How can AMLUAE help you?

AMLUAE has revolutionised the AML compliance landscape in the UAE. We help clients strategise risk management and compliance in AML. Be it just one part of AML compliance or the entire journey, you can rely on us for quality services.

Your business can enjoy our expertise in:

Monitoring transactions and identifying suspicious ones
Conducting KYC and due diligence of customers
Identifying money laundering risks to your business and assessing them
Developing a risk-based AML compliance framework personalised to your entity
Imparting AML training to your employees
Preparing and submitting STR, SAR, and other industry-specific reports to authorities

By partnering with us, you get a streamlined AML compliance process for the fight against money laundering risks.

Access AMLUAE’s expert AML compliance services,

To say goodbye to your business’s money laundering risks.

Share via :

Add a comment

Related Blogs

The Complete Guide to the Ultimate Beneficial Owner Verification

What is Placement in Money Laundering?

Socio-economic impact of money laundering

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Crypto money laundering and how to combat the same

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

Crypto money laundering:

Money laundering is on the rise globally. Money launderers and financial criminals are increasingly exploiting technological advancements to conduct financial crimes. They are misusing loopholes in regulations and technology to find out new ways of placing and layering illicit money. And the latest victim of their laundering attacks is the world of virtual assets and cryptocurrency.

Why is crypto money laundering attractive to criminals?

Inadequate or no regulation

The absence or lack of controls and regulations on cryptocurrencies is the primary reason for a rise in crypto money laundering. Many laws and rules exist for other financial channels, currencies, and instruments, wherein fines and penalties are imposed for non-compliance with these laws.

However, these are not currently prevalent in regulating the world of cryptocurrencies. Since it is a new form of currency, not yet acceptable in all countries, it is not adequately regulated by most countries. There are no centralized authorities involved in crypto transactions. Money launderers are attracted to crypto assets, as loose regulations result in a higher scope of not being caught by authorities.

Anonymous in nature

Individuals do not have to share their names while dealing with cryptocurrencies. Public addresses are used in these transactions, which do not relate to the user’s name. It provides users with a degree of anonymity, which is what makes cryptocurrencies desirable to money launderers.

There is no paper trail of a transaction. Only a digital record exists on the distributed ledger technology. Therefore, it is easier for criminals to move large amounts of illicit funds through blockchain technology without disclosing their identity.

Fast and convenient

The processing of cryptocurrencies occurs through online exchanges. These online transactions can happen across borders without many protocols. Thus, launderers are not required to deal with cash, which is more suspicious to investigators. Also, these transactions can happen rapidly between senders and recipients in any part of the world without giving much time to AML regulators to notice the transactions.

Fewer chances of being suspected

Transactions of cryptocurrencies are recorded in public domains on the blockchain. Only the individual who carried out the transaction can access their wallet. It is highly encrypted. Therefore, there are fewer chances of linking it to a specific individual or wallet. It reduces the chances of being suspected of money laundering, as the specific transaction by a criminal may get mixed up with genuine transactions over the blockchain.

No legal tender

Since cryptocurrencies have no legal tender, they cannot be authorized. Also, anyone can subscribe to it. Since no owner details are maintained, it is easier to launder.

How does crypto money laundering occur?

Gambling and gaming websites

Money launderers use illicit cryptocurrencies to buy chips or game currency on gambling websites. Once they are finished with gambling or gaming, they encash the remaining amount. Thus, the illicit cryptocurrency entered the gaming or gambling website is cleaned and converted to cash.

Anonymizing services

Launderers can hide illicit funds’ sources by anonymizing services on crypto exchanges. Anonymizing services breaks the connection between cryptocurrency transactions. Launderers can also participate in Initial Coin Offering (ICO) – using one type of coin to buy another. Thus, they can disguise the origins of the unlawful money by creating multiple layers.

Tumblers and mixing services

Tumblers are mixtures of different digital assets – dirty and clean – from diverse addresses. Once these are blended well, they are redistributed to new addresses or wallets. Once mixed, it is difficult to differentiate the legal and illegal currencies.

Also, by blending the cryptocurrencies, their anonymity increases, making it more challenging for investigators to find the owners. Thus, criminals can save themselves from being suspected and transfer the blended funds to legal businesses or crypto exchanges.

Use of cryptocurrencies in terrorism financing or paying for drugs

Many terrorist organizations raise cryptocurrencies through Telegram and Facebook groups. Many intermediaries are involved in transferring such funds to terrorist organizations. Further, money generated from drug trafficking on the internet is disguised as cryptocurrencies.

Illegal payments are made in cryptocurrency. Fiat currency is converted to cryptocurrency through a blockchain trading platform. These are later transferred to drug traffickers’ accounts.

The payments received in cryptocurrencies are transferred to virtual wallets in different crypto exchanges. Thus, it becomes difficult to trace the origin of funds.

Dark exchanges

Many unregulated cryptocurrency exchanges operate across the world. They do not conduct any identity checks or KYC of customers or transactions. So, criminals use such exchanges to launder cryptocurrencies. Specifically, launderers use illegal money in fiat currency to open an online account with currency exchanges.

Money launderers repeatedly transfer illegal currency to multiple accounts or move from one currency to another, thereby developing various layers to cleanse the funds. They sent the cleaned currency to an external cryptocurrency wallet in the last transfer. Alternatively, they convert it into cash using crypto ATMs.

Over-the-counter (OTC) brokers

Over-the-counter brokers facilitate transactions between buyers and sellers of cryptocurrencies. They are the intermediaries who get commissions to facilitate transactions. They are involved in converting illegal cryptocurrency to cash or vice versa by charging high commission rates.

Integration stage

In the integration stage, criminals aim to legitimize illicit cryptocurrency. They have successfully laundered the illegal money but need to show a legal source. In such cases, crypto money launderers create a fake online company that allows crypt currencies as payment methods.

Thus, they transform illegal crypto into legal money by faking the trade transaction. Alternatively, launderers can show the money as the sale of a profitable business or an asset appreciation.

Real world Case Studies

Case 1: Silk Road Scandal

Silk road was one of the dark web’s largest marketplaces for hosting money laundering activities and illegal drug transaction using crypto currencies, though FBI shut down the Silk Road in 2013. Their illicit funds were moved through multiple crypto wallets and financial services to cover their origin. Techniques like coin tumbling were used to secure the transaction trail. But with the use of blockchain analysis tools US authorities found the traces of transaction.

Case 2: Binance Investigation

Binance is one of the largest cryptocurrency trading platforms in the world and has been under investigation by the US Justice Department since at least 2018 for failing to meet Anti-Money Laundering (AML) regulations for cryptocurrency. The lack of KYC implementation and insufficient procedures for high-risk entities made it difficult to track transactions effectively, raising concerns about illicit activities.

Common AML Compliance Mistakes by VASPs

VASPs often face intense regulatory scrutiny, and principled entities can stumble into compliance pitfalls, here some of the most common mistakes entities make:

Unstructured AML Framework
Overlooking Risk based approach
Failure to Register
Poor Monitoring of Transactions
Weak Staff Training
Avoiding FATF Guidelines
Lack of Transparency
Inadequate Documentation

What are the red flags of crypto money laundering?

Crypto Money Laundering Red Flags That VASPs Must Include in Their AML/CFT Policies and Training Programs:

When funds are received from a platform that does not have any AML regulations or has been categorized as a jurisdiction with high money laundering risks.
Several high-value transactions suddenly occur in an inactive account or in a new one.
When there are multiple transfers of cryptocurrencies from multiple crypto wallets to one account.
When there are several transactions of purchase of cryptocurrencies by several individuals with the same IP address, followed by several transfers to accounts in another country.
When the crypto sending and receiving transactions are just below the mark of reporting thresholds.
When several credit cards and bank accounts are linked to a single crypto wallet to use it to move funds around.
Connected crypto wallets where the customer profiles do not match.
Continuous occurrence of many high-value transactions in a short time.
When several high-value transactions occur in a regular pattern and stop entirely after a specific period.
When there are cryptocurrency transactions that do not match the profile of a customer.
When there are frequent transactions of fiat conversion to crypto with no logical reasoning.
When many unrelated wallets transfer cryptocurrencies to one common wallet, which immediately converts it to fiat currency.
When transactions occur with digital wallets whose owners are earlier connected to cases of fraud, ransomware, or feature in the sanctions list.

How to combat crypto money laundering?

Yes, there is anonymity in cryptocurrency transactions, which launderers take benefit of. But all the cryptocurrency transactions are documented on a distributed public ledger. These digital records stay permanently. One mistake in the entire money laundering process can help investigators trace the illegitimacy.

One way of protecting cryptocurrencies from money laundering threats is implementing KYC rules. With KYC norms, exchanges could identify the customers and have data about owners of virtual wallets and cryptocurrencies. Registration and licensing of operators in the cryptocurrency market is also a solution that can address the money laundering issue.

AML Tools that VASPs Can Leverage:

Virtual Asset Service Providers (VASPs) use a range of Anti Money Laundering (AML) tools to stay compliant with regulations and detect suspicious activity in the crypto business, some of the mostly used tools include:

Customer Due Diligence (CDD) & KYC Platforms
Transaction Monitoring Systems
Blockchain Analytics Tool
Sanctions and Watchlist Screening
Risk Scoring Engines
Suspicious Activity Reporting (SAR) Tools
Travel Rule Compliance Solutions

FATF Recommendations Concerning VASPs

FATF has issued updated recommendations to assist countries in combating misuse of virtual assets and services. The lack of implementation of regulations creates loopholes that criminals and terrorists can take advantage of entities. key directives include:

Mandatory KYC and customer identity verification by VASPs.
Continuous transaction monitoring for high-risk
Government registration/licencing of VASPs to ensure that they comply with AML/CFT regulations.
The Travel Rule requires accurate information on both parties to be shared with beneficiary VASPs during cross-border virtual asset transfers.
To improve transparency and traceability, key customer information should be transferred alongside the digital assets.
To prevent the facilitation of illicit activities, it is essential to perform comprehensive CDD, continuous monitoring transactions and adhering strictly to applicable regulations.
Periodic review and updates of customer information are necessary as risk profiles change.
Offshore VASPs being addressed through stronger international cooperation to prevent regulatory loopholes.
Stablecoins being closely monitored as they become primary channel for illicit activity.
DeFi platform, despite being decentralized, need to follow appropriate rules and regulations to ensure security and transparency.
Enforcement against noncompliance with penalties ranging from blacklisting to criminal liability.
These measures emphasize that compliances is not just checklist but a critical safeguard against legal and financial exposure.

How can AML UAE help?

Companies can hire AML consultants to help implement policies and controls to fight AML threats. AML UAE is one such consulting services provider in the UAE. We have been assisting firms in complying with the AML laws and identifying suspicious transactions.

Our AML/CFT services include creating AML policies and controls, setting up an AML compliance department, and training your employees to identify suspicious transactions. We also help our clients select cost-effective AML software, conduct KYC, KYT, and due diligence, and comply with reporting requirements.

Keep yourself ahead of money launderers with
the right AML support from AML UAE.

Speak to our experts here.

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

What is MENAFATF, and who are its members and observers?

Protect your business with reliable and effective AML strategies with AML UAE.

The Middle East and North Africa (MENA) region has its dedicated and focused FATF-Style Regional Body (FSRB), known as MENAFATF. This blog embarks upon a journey to introduce its members and overserves while providing a glimpse at MENAFATF’s mission, structure, governance, members, observers, and their key role in strengthening the region’s financial integrity.

What is MENAFATF, and who are its members and observers?

In a world highly interlinked with finance, trade, and technology, the risk associated with money laundering (ML) and the financing of terrorism (FT) has grown significantly. These activities pose a threat to economies, global security, and the integrity of financial systems. Recognising the threats posed by money laundering and terrorist financing operations to countries in the Middle East and North Africa Region, the Middle East and North Africa Financial Action Task Force (MENAFATF) stands out as a critical regional body dedicated to combating money laundering (ML) and financing of terrorism (FT).

The countries in the MENA region work conjointly to comply with MENAFATF’s standards that establish an effective system which countries need to implement in a way that does not contradict their cultural values, constitutional frameworks, and legal systems.

Establishment and Background of MENAFATF

MENAFATF was established in Manama, Bahrain, on 30^th November 2004 at an inaugural Ministerial Meeting wherein the Governments of 14 countries decided to establish MENAFATF as a FATF Style Regional Body (FSRB).

MENAFATF operates as an independent body, distinct and separate from any other international body and regionally focused organisation which is designed to reflect the unique political, economic and social culture of the region, and follows the model of the Financial Action Task Force (FATF), the global organisation that sets standards for AML/CFT.

Objectives and Functions of MENAFATF

The primary function of MENAFATF is to combat money laundering (ML) and terrorism financing (TF) by promoting regional cooperation and ensuring that the member countries implement effective measures aligned with international standards, particularly the FATF 40 recommendations. MENAFATF Member countries strive towards achieving the following objectives:

To encourage member nations to set up and implement a comprehensive AML/CFT structure, according to the FATF recommendations, and ensure implementation of relevant UN treaties and agreements and the UNSCRs (United Nations Security Council Resolutions).
To conduct a mutual evaluation of member nations to assess their adherence to international AML/CFT standards and identify the gaps that need to be taken care of.
To provide guidance, training, and support to member nations in developing, implementing, and enhancing their legal, regulatory, and institutional AML/CFT structure.
To facilitate the sharing of information, typologies, and best practices among member nations and international partners.
To take measures throughout the region to combat money laundering and terrorist financing in a manner that respects the cultural values, constitutional frameworks, and legal systems of the member countries.

MENAFATF Structure And Governance

MENAFATF follows a well-defined governance structure that ensures both strategic and operational efficiency. Key components of this structure include two bodies, i.e., the Plenary Meeting of Representatives of member countries, also referred to as the Plenary for the sake of simplicity, and the Secretariat:

The Plenary

The plenary is the decision-making body consisting of the representatives from all member nations. The Plenary meets at least twice a year to discuss policies, approve evaluation reports, and oversee the organisation’s activities. It nominates the President and Vice President among the member countries.

President and Vice President: The president and vice president are elected among the members for a term of one year. The president and vice president represent the MENAFATF at international forums.

More details about the plenary session are discussed in the following paragraphs.

Secretariat

The Secretariat is responsible for the day-to-day activities of MENAFATF. It is in Bahrain and supports the implementation of plenary decisions, coordinates evaluations, and manages communication with member nations and observers.

The Secretariat performs the following functions:

Prepare the annual report, work plan, and estimated budget, and submit them to the Plenary.
provide technical and administrative preparation for convening the plenary, working groups, and any established committees;
implement and follow up on the work plan as approved by the Plenary;
Submit regular reports on MENAFATF work to the Plenary and the President.
manage the expenditure of the approved budget and carry out mutual evaluation exercises;
Identify the training and technical assistance needs of member states and facilitate the provision of such needs in consultation with these countries.
Monitor worldwide AML/CFT developments and provide appropriate information to the Plenary;
carry out any other tasks assigned by the Plenary.

Working Groups

MENAFATF has different specialised working groups that work on areas such as mutual evaluation, typologies, research, technical assistance, and training. These groups help to bring together the experts from member nations to collaborate on specific projects.

Members of MENAFATF

MENAFATF comprises 21 countries from the region of the Middle East and North Africa. Each member is required to implement the FATF 40 recommendations and actively participate in MENAFATF’s activities. The member countries are-

1. Algeria
2. Bahrain
3. Djibouti
4. Egypt
5. Iraq
6. Jordan
7. Kuwait
8. Lebanon
9. Libya
10. Mauritania
11. Morocco

12. Oman
13. Qatar
14. Palestine
15. Saudi Arabia
16. Somalia
17. Sudan
18. Syria
19. Tunisia
20. United Arab Emirates
21. Yemen

Observers of MENAFATF

In addition to the member nations, MENAFATF associates with several observers, including international organisations as well as countries. They participate in MNAFATF’s meetings, provide technical expertise, and contribute to the overall mission of effective regional AML/CFT efforts. The international organisations that are members of MENAFATF are:

1. International Monetary Fund
2. World Bank
3. Co-operation council for the Arab states of Gulf
4. Financial Action Task Force
5. Egmont Group of Financial Intelligence units
6. Asia/Pacific Group on Money Laundering

7. World Customs Organization
8. Arab Monetary Fund
9. Eurasian Group on combating money laundering and financing of terrorism
10. United Nations
11. European Commission
12. Russian Federation

The countries that are the observers of MENAFATF are:

1. France
2. United Kingdom
3. United states of America

4. Spain
5. Australia
6. Germany

The countries listed above often have bilateral partnerships with MENAFATF members and play a significant role in international AML/CFT initiatives.

Key Activities and Achievements of MENAFATF

Over the past few years, MENAFATF has made key progress in enhancing the AML/CFT framework across the region. The key activities and achievements of MENAFATF are:

Mutual Evaluation

MENAFATF conducts several rounds of mutual evaluation of the member nations to assess their AML/CFT compliance with FATF standards. These rounds of mutual evaluation are discussed in further paragraphs. These evaluations help nations identify areas for improvement in their AML/CFT frameworks.

Capacity Building

MENAFATF provides extensive training to government officials, regulators, law enforcement agencies, and financial intelligence units through workshops, seminars, and technical missions.

Typology reports

MENAFATF publishes reports on regional ML/TF trends and methods. These reports help member nations identify and mitigate emerging threats.

Global Collaboration

MENAFATF works closely with FATF and other organisations like the Asia-Pacific Group on Money laundering (APG).

Public Awareness

MENAFATF supports efforts to educate the public about AML/CFT obligations and the importance of these compliances.

The Role of MENAFATF Plenary

The Plenary in MENAFATF is the highest decision-making body and plays a significant role in contributing to MENAFATF’s mission. It comprises representatives from each member nation, typically experts in AML/CFT or senior officials from the Ministry of Finance, Central Banks, or Financial Intelligence agencies.

The Plenary assembles at least twice a year and may hold extraordinary meetings if necessary.

In a plenary meeting, a wide range of issues are discussed by the members as well as observers and decided upon, which includes:

The approval of mutual evaluation reports
Adoption of strategic plans
Discussion of typology findings
Endorsement of training programs

The Plenary approves the MENAFATF work program and performs the following functions:

establish and approve the policies of MENAFATF;
determine the rules and procedures of MENAFATF;
approve annual report, work plan, and estimated budget, and ratify the financial report and auditor’s report of MENAFATF;
appoint the Executive Secretary and independent auditor, and approve the Secretariat’s organisational structure and other functions;
decide upon new member countries and observers;
adopt any amendments to the Memorandum of Understanding (MOU) that may be significant in the future;
identify technical assistance needs of member States and coordinate delivery of technical assistance in consultation with such nations and in co-operation with countries as well as international and regional organizations providing such assistance, particularly those holding observer status;
consider and approve mutual evaluation reports of members’ compliance with FATF standards;
establish working groups and committees when needed to undertake special tasks;
consider any other subjects proposed by any of the member countries, the President, or the Secretariat.

The Plenary also elects president and vice-president, and annually reviews the organisation’s work plan and budget. The rules of the Plenary are designed to encourage transparency, inclusiveness, and effective decision-making.

Moreover, the Plenary provides a platform for observer organisations and countries to interact and participate in the discussions, although they do not have any voting rights. The Plenary is important for ensuring that MENAFATF remains dynamic, responsive, and aligned with the international AML/CFT framework.

Mutual Evaluation Working Group

The Mutual Evaluation Working Group (MEWG) is one of the important components of MENAFATF’s operational structure. It includes the task of managing and overseeing the process of mutual evaluation and follow-up reports of member nations. MEWG ensures that the evaluation is conducted in accordance with FATF standards, and the result reflects an accurate assessment of the country’s AML/CFT system.

MEWG focuses on two reports-

Mutual Evaluation Report

The mutual evaluation process involves an extensive peer review where a team of experts assesses the member country’s compliance with the FATF 40 recommendations. The evaluation includes both the technical and effectiveness compliance. Furthermore, this Evaluation Report is responsible for coordinating evaluations, selecting review teams, guiding on-site visits, and reviewing draft evaluation reports before they are submitted to the Plenary for approval. These reports highlight areas of strength, areas for improvement, and potential red flags. Once these reports are approved by the Plenary, the evaluation report will be accessible to the public.

Follow-up Report

Once a mutual evaluation is completed, the member nations initiate a follow-up process to ensure they take corrective measures. The MEWG monitors this progress by reviewing follow-up reports submitted by the nations.

These reports elaborate on the steps taken to address the areas of improvement identified in the mutual evaluation report. Depending on the level of progress, nations may be subject to enhanced follow-up or regular follow-up with the timelines for submitting these progress reports. MEWG reviews these reports and assesses whether the nation can exit the follow-up process or require further monitoring.

Therefore, MEWG plays a crucial role in maintaining accountability and promoting continuous improvement among its members. This rigorous evaluation and effective follow-up help strengthen the nation’s AML/CFT compliance in accordance with the FATF’s 40 recommendations.

Withdrawal and Suspension of Membership

MENAFATF includes the provision for the withdrawal or suspension of membership of a member nation.

A member, if voluntarily wants to withdraw, may submit a written notice of withdrawal to the Secretariat. This process takes effect after a stipulated period, generally six months from the date of notification, unless an earlier date is decided.

In certain cases where a member nation fails to fulfill its obligations, such as mutual evaluation, continuous non-compliance with the AML/CFT framework, or a lack of cooperation, that member may be subject to suspension by MENAFATF. The Plenary, with a two-thirds majority vote, makes the decision regarding suspension. The decision to suspend results in the loss of voting rights and the ability to influence decisions within the organisation until the issues leading to the suspension are resolved.

The withdrawal and suspension of membership provision of MENAFATF enables better accountability and engagement among members, and facilitates a hassle-free exit process or disciplinary actions in cases of persistent non-cooperation.

Challenges and Future Outlook

Challenges faced by MENAFATF

MENAFATF has achieved notable success in recent times, but even today, it faces several challenges:

Political Instability: The member nations can be affected by ongoing political conflicts and governance, which can hinder their AML/CFT framework.
Resource Constraints: Not all member nations have enough resources; some may face resource constraints with respect to financial and human resources, which can impact their AML/CFT framework.
Diverse Legal System: The varied legal system among different member nations can hinder the standard AML/CFT framework.
Technological Evolution: The rise of advanced technology leads to the rise of digital currencies and fintech, which requires constant updates to regulatory approaches that can hinder their AML/CFT standards.

The challenges listed above need to be addressed, and MENAFATF must continue to strengthen its partnerships, enhance technical assistance, and promote the adoption of new technologies.

Outlook for MENAFATF

MENAFATF is expected to

Enhance their research and typology to be aware of emerging threats.
Boost the Mutual Evaluation processes to ensure efficient ongoing compliance.
Deeper integration with the international financial system and standards.
Boost greater private sector engagement in the AML/CFT framework.

MENAFATF: The Watch Continues

MENAFATF plays a significant role in ensuring financial transparency and security in the Middle East and North Africa (MENA) region. It stands as a cornerstone of regional cooperation in the fight against Money laundering and financing of terrorism.

By aligning their efforts with international standards and tailoring them to address the challenges of the MENA region, organisations play a significant role in strengthening financial systems, enhancing legal frameworks, and promoting transparency. As financial crime continues to evolve, the MENAFATF’s role remains important not only as a monitor and advisor but also as a driver of sustainable reform. Through continued commitment and innovation, MENAFATF can further empower its members to build more resilient and secure economies.

Join the Fight against Financial Crimes!

Protect your business with reliable and effective
AML strategies with AML UAE.

Share via :

Add a comment

Related Blogs

The Complete Guide to the Ultimate Beneficial Owner Verification

What is Placement in Money Laundering?

Socio-economic impact of money laundering

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Top 3 Movies and Series Every AML Compliance Professional Must See in 2025

Ozark (Series, 2017–2022) - A Closer Look at How Money Laundering Works

Top 3 Movies and Series Every AML Compliance Professional Must See in 2025

Protect your business with reliable and effective AML strategies with AML UAE.

Top 3 Movies and Series Every AML Compliance Professional Must See in 2025

Ever wondered why economic crime is fascinating on screen? This blog breaks it down for you by delving into the wide picture of three cinematic masterpieces:

The Wolf of Wall Street
Ozarks (Netflix Series)
Scarface

These two movies and one series bring out the nuances of money laundering, fraud, shell companies, cartel dealings, and front businesses, and they briefly introduce the reader to the concept of money laundering.

This blog takes us closer to the cinematic scenario and showcases techniques to explore financial crime, power, and corruption in the real world.

What is Money Laundering?

Money Laundering is the art of converting dirty money into clean money or making it appear as if it has come from a legitimate source. It is the bridge that develops between criminal profits, originating from predicate offences and luxury. Businesses employ anti–money laundering (AML) techniques to prevent the laundering of money. Money laundering typically involves three distinct stages of placement, layering, and integration.

Rank 1: The Wolf of Wall Street (Movie, 2013) - Linking Money Laundering to White Collar Crimes

What makes this movie rank No. 1 is that it explains how money laundering is carried out through white collar crimes, which is suspensefully depicted throughout the film.

Overview

The Wolf of Wall Street is a story that revolves around Jordan Belfort, a corrupt stockbroker who built a financial empire on fraud. This movie is directed by Martin Scorsese, starring Leonardo DiCaprio, and is based on real-life scenarios of the procedures of how the protagonist defrauded investors. The film begins with Belfort’s early days on Wall Street, where he initially learns the techniques of aggressive marketing. After losing his job during the market downfall of market, he began trading in penny stocks, which are low-value shares that can be sold for high commissions later. After witnessing the prospective growth, he kick-started his own company named Straton Oakmont, where he gave training to his teams to sell stocks while appearing dependable to investors to optimise and influence wealth by selling contingent stocks. As his wealth and company were established, he indulged himself in a lavish lifestyle, ultimately becoming a victim of unethical practices, drug addiction, fraudulent practices, and a lot of chaos.

The film was so well received by critics and audiences that it has been nominated for the Oscars 5 times. The terms used in the film often carry a negative impact, as they highlight and glorify illicit practices in the real world. However, these issues are real-life interpretations, which is where cinema and book publications come into play.

How is The Wolf of Wall Street related to AML/CFT?

These stories are real-life situations that help audiences understand the context and human decisions, and their consequences, leading to fines, penalties, and imprisonment.

Similarly, this film is a real-life story of Jordan Belfort, who started from a small brokerage firm using shady and pump-and-dump schemes and eventually rose to heights by handling IPOs of big companies. The movie covers the beginning from his lavish lifestyle to his downfall through economic crime and illicit practices – a power-packed mix of dark humour and entertainment.

Rank 2: Ozark (Series, 2017–2022) - A Closer Look at How Money Laundering Works

This series is a classic example of how gatekeeper professionals, such as Accountants, get exploited by criminals to further their illicit motives, ultimately leading to situations where the gatekeeper ends up being a complicit actor in laundering illicit funds.

Overview

Ozark is an interesting drama series on Netflix that follows Marty Byrde, a financial advisor who relocates his family to the Ozarks to launder money for a Mexican drug cartel. The protagonist is played by Jason Bateman. Marty moves along with his family to the Lake of Ozarks to swipe off millions of dollars by the medium of establishing his own local business. Over several seasons, the show revolves around how far one can go to balance their life between legality and luxury. This series has taken a very realistic approach to display the techniques of money laundering; the methods depicted in the film are like those of real-life scenarios.

In this series, Marty and his spouse Wendy do not escape with clean hands, as their techniques grew more complex, using casinos and shell companies, commingling of proceeds, invoice manipulation, and offshore banking, which eventually got noticed by officials.

How is Ozark related to AML/CFT?

Marty’s business starts to raise red flags related to smurfing, other ML-related red flags, and financial watchdogs start tracking their flow of financial funds. Finally, a whistleblower from the casino reports alarming transactions. International banks freeze their assets and transactions, and investigators could navigate the relationship between cartel money and Marty’s financial transactions, leading to a series ending with a mysterious warning-like impact.

Movie 3: Scarface – (Movie, 1983) Glimpse into Money Laundering Methods

This movie explains how front companies, large cash transactions, and corruption are used to conduct money laundering.

Overview

Scarface, in 1983, narrates the dramatic story of Protagonist Tony Montana, an immigrant who builds a drug empire in Miami. While his focus is on generating money through crime and destruction, this film displays a scenic narrative on how the money generated from drugs, i.e., predicate offence, is laundered. The film doesn’t explain the techniques in detail, but there are clear indications from the movie of how illegal money is circulated and appears to be clean.

In the film, it is very interestingly depicted how Tony handles money. The schemes he used are as follows-

How is Scarface related to AML/CFT?

It is interesting to note that the movie highlights the problems faced by law enforcement agencies that led to the enactment of stricter policies and regulations under the 1980s law in the USA, such as:

– The Money Laundering Control Act (1986)

As the saying goes, all bad things end one day, Tony Montana’s (villain protagonist) downfall comes not from violence, but from his financial criminal record. His lavish lifestyle and major cash dealings triggered government scrutiny. The officials investigated his front business, offshore accounts, and shell companies to create illegal money. His assets were seized and frozen, and his associates turned against him. Tony was lastly arrested for major money laundering and fraud. During trials, the paper trail of his companies became the key evidence. The story ended with Tony in prison, showing how the evolving money laundering laws and compliance systems can change someone’s life.

Reflection of the Films

Scarface, The Wolf of Wall Street, and Ozark all show how offenders try to launder money using different techniques. They also depict distinguishing schemes that have evolved over an extended period.

In Scarface, the protagonist conceals drug money, converting it into clean money through cash business and crooked deals. Back then, the government did not have any strong regulations to prevent money laundering; it was not until later that stricter laws were introduced to track and punish these crimes involving the illicit conversion of money.

The Wolf of Wall Street takes place in the mid-1990s and 2000s, wherein Jordan hides and conceals illicit money in the name of shell companies and manages Swiss Bank accounts. By that time, the law had been recognised, and stricter punishment was being enforced for the same. Banks reported suspicious transactions or any red flags, which made it tougher for Jordan to conceal dirty money; his arrest was a classic example of how law has raced to keep up.

Ozark shows today’s real world of Money Laundering, and how Marty and Wendy used Casinos, charities, and other businesses to mix clean dirty money and dirty money. However, since the laws are evolving, the government now uses efficient technology to keep track of everything that has been happening, depicting how tough it has become to get away with these crimes today.

All these movies document how criminals find new ways to commit financial crimes every time, but the law also keeps on evolving, tracking, and imposing punishments. Banks and businesses are now under stricter obligations to report suspicious transactions so that even the most cunning ones can be caught red-handed. Money laundering looks fascinating on screen, but little did they know that the law is always keeping an eye.

Join the Fight against Financial Crimes!

Protect your business with reliable and effective
AML strategies with AML UAE.

Share via :

Add a comment

Related Blogs

The Complete Guide to the Ultimate Beneficial Owner Verification

What is Placement in Money Laundering?

Socio-economic impact of money laundering

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Dissecting Hawala, Its Vulnerability and Misuse for Financial Crime

Dissecting Hawala - Its Vulnerability and Misuse for Financial Crime

Protect your business with reliable and effective AML strategies with AML UAE.

What is Hawala?

Hawala Meaning

Hawala is an informal value transfer system in which one person transmits funds to another without using formal money transfer mechanisms, such as banking. It’s a system based on trust in which transmitting funds from one place to another is made possible without the actual movement of cash through a nexus of hawaladars facilitating such fund or value transfer for a fee or percentage.

Historical Context for Hawala Transactions

To understand the concept of hawala better, it’s important to understand that it started centuries ago. Traders and merchants intending to send funds home would make a deposit with a hawala broker at their location, and the broker would communicate within their nexus to let the designated recipient collect funds from a hawala broker located in that region.

Key Participants in Hawala Transactions

Remitter:

A person who wants to transfer funds to someone without using formal banking channels.

Hawaladars:

A Hawala transaction cannot take place without the involvement of a hawaladar. There could be one or more Hawaladars involved in a single transaction at the point of origin and the destination. Hawaladars receive and make payments on behalf of their clients and settle those transactions among themselves as trade transactions.

Beneficiary:

The intended recipient of the Hawala transaction.

Hawala Transaction Process

The hawala process generally has the following steps, as discussed.

Approach:

A person intending to transfer value to the recipient at another location, i.e., the originator, gets in touch with a hawaladar and finalises the terms of fund transmission. At this stage, the originator and recipient decide on the secret key or passcode type. This passcode or secret key is communicated to the hawaladar and the intended recipient of the funds.

Coordination:

The said hawaladar, i.e., the originator’s hawaladar, coordinates with other hawaladars in his network to identify who can disburse payment to the client’s intended recipient on his behalf while discussing other terms. At this stage, the originator hawaladar conveys the secret key or passcode to the hawaladar in the recipient’s region so that they can confirm the same prior to disbursing funds to the recipient.

Passcode or Secret Key Confirmation:

The recipient approaches the hawaladar in their region, which is responsible for disbursing payments, and gives the secret key or passcode that acts as a signal for the hawaladar to release funds. The hawaladars decide how they want to confirm or validate the fund originators’ and recipients’ identification based on the regulations, if any, in their jurisdiction.

Account Settlement:

The trust factor amongst hawaladars is the key component on which the entire hawala network and business exists. They trust one another adequately that the funds disbursed on the word of the other will be settled in time, along with their share of fees or commission as agreed. The entire business of hawala runs on mutual trust and understanding, where hawaladars settle each other’s accounts by way of trade transactions.

Legitimate Vs Illegitimate Uses of Hawala

Hawala, as an informal value transfer system, attracts legitimate as well as users with devious motives to launder or transfer illicit proceeds for funding illegal activities. Hawala has both legitimate and illegitimate uses, as discussed below.

Examples of legitimate uses of Hawala include:

Avoidance of bank fees for fund transfers
Lack of banking access in the remittance-receiving jurisdiction
Cultural preference
Lack of trust in formal banking.

Examples of illegitimate uses of Hawala include:

Transfer of funds for illicit purposes
Evasion of regulatory scrutiny about the source of funds
Sanctions and trade embargo or restriction evasion
Evade disclosure of the identities of actual beneficiaries of the transaction, which, if resorted to the formal banking system, would have required disclosure of Ultimate Beneficial Owners (UBOs)who might turn out to be sanctioned or Politically Exposed Persons (PEPs), triggering regulatory reporting or enhanced due diligence (EDD) measures, respectively.

Characteristics of Hawala Transactions

Some of the distinguishing characteristics of Hawala transactions are as follows:

There is No Physical Movement of Cash From Point A to Point B. It’s the hawaladar’s nexus that makes the funds available to the recipient as finalised between the sender and the hawaladar. The sender does give funds to the hawaladar, but those exact funds or currency are not disbursed or transferred. Those funds are rather settled by the mode of trade transactions among a nexus of hawaladars.
Hawala Transactions are Unregulated and hence circumvent the requirement of customer identification and verification, contrasting with formal value transfer systems.
There is No Element of Mandatory Regulatory Record-Keeping obligations that hawala transactions or hawaladars have to adhere to.
The Information of the Hawala Transaction is Coded: The subject matter of each transaction, such as sender, recipient, agreed-upon fees, secret passcode, etc., is transferred across in a coded manner that ensures the privacy and anonymity of the parties involved.
Geographical Spread: The geographical spread of hawala networks facilitates recipients’ receiving funds in any part of the world based on information or possession of documents containing identifiable and verifiable information that the hawaladar can confirm to disburse funds.

Why is Hawala Preferred Over Formal Banking Systems?

The very characteristics of the Hawala system that make it appear more appealing than the formal banking system are the lack of regulation, documentation, and compliance obligations.

Why Hawala Attracts Money Launderers?

Hawala system attracts money launderers due to its abovementioned characteristics, but the following two are the major reasons discussed as follows:

No paper trail: As launderers do not prefer to be linked to their transactions and are always trying to separate their illicit proceeds from their origin, hawala helps by quickly getting rid of large sums of cash that an unwitting hawaladar accepts, not knowing the origin of those illicit proceeds.
Anonymity: The Hawala system does not follow the stringent practice of ID verification and customer due diligence that regulated entities under AML obligations do. Hence, money launderers can almost anonymously send and receive funds across the world through the hawala network.

At Which Stages of ML Can Hawala Take Place?

Money laundering takes place in three stages: placement, layering, and integration. Hawala network can be misused by money launderers at any stage of the money laundering process. The hawala system can facilitate placement, as it readily accepts large sums of cash without knowing that those could be illicit proceeds. The same goes for the layering stage, where funds are structured and remitted to and fro, and the integration stage, where the funds come back to the launderer after placement and layering, making it impossible to trace the origin of such proceeds.

Why Hawala Attracts Terrorism and Proliferation Finance Actors?

Hawala attracts terrorism and proliferation financing (TF and PF) actors for similar reasons as money laundering. The element of anonymity and lack of a paper trail that can be traced back to the actual person makes the hawala system highly vulnerable to misuse for TF and PF.

At Which Stages of the TF/PF Can Hawala Take Place?

TF has stages such as collect, store, move, and use, and PF has stages such as program fundraising, disguising the funds, and procurement of proliferation-sensitive materials. The misuse of hawala can be done at the moving stage of TF. With regards to PF, hawala can be misused for concealing as well as making payments for procurement of proliferation-sensitive materials in a high-risk, blacklisted, or sanctioned country. The limited amount of scrutiny and the existence of unlicensed or unregistered hawaladars who do not keep up with regulatory obligations are prone to be misused by TF and PF actors.

ML, FT, and PF Typologies Associated with Hawala Transactions

Typologies related to hawala transactions:

Structuring: Criminals break down a large sum of illicit money into small sections and launder the funds through several hawala transactions to avoid any suspicion.
Back-to-Back Transfers: Matching one client’s need to send money to another’s need to receive money in the opposite direction creates a circular or offsetting mechanism that avoids any actual money movement.
Trade-Based Settlement: Settling Hawala debts through over- or under-invoicing of goods. Hawaladars may run import-export businesses and manipulate trade values to balance their books.
Use of Third Parties or Mules: Criminals use third parties or mules to transfer funds among countries. These third parties or mules are often unaware that they are being misused for illicit fund transfers.
Integration with Criminal Proceeds: Criminals use hawala transactions to legitimise their illicit proceeds by disguising them as legitimate payments.
Use of False Invoices and Shell Companies: False invoices are often used to legitimise the transfer of illicit funds, creating the appearance of genuine transactions to meet regulatory requirements. Shell companies may also be established solely for the purpose of laundering money, with illicit funds disguised as proceeds from legitimate business activities.
Charities and Non-Profit Organisations: Funds are sent through Hawala to support terrorist organisations or individuals in high-risk jurisdictions, often linking them to charitable organisations or seemingly legitimate donations.
Cross-border Value Transfer Without Currency Movement: Hawaladars never physically transfer money; rather, one hawaladar contacts another hawaladar in another jurisdiction to give the same amount of money to the recipient without actually moving it.
Reverse Hawala Flows: Hawaladars settle their accounts without physically moving money. They maintain running accounts of corresponding Hawaladars, offset the balances against other transactions, and, if needed, settle the accounts periodically.

Harnessing Technology for Mitigating ML, FT, and PF Risk Emanating from Hawala Transactions

FIs, DNFBPs, and VASPs can rely on technology, such as transaction monitoring powered by data analytics and artificial intelligence, to detect patterns indicating hawala activities and help identify and report illegal hawala activity to comply with AML/CFT and CPF obligations. Implementing robust transaction monitoring systems helps detect any illegal and unregulated hawala transactions.

Concept of Hawala: Concluding Remarks

Conducting or encouraging hawala transactions comes with the inherent risk of being linked to illegal activities and funds for ML, FT, or PF activities. Regulated Entities must exercise caution when dealing with customers who might be using funds from questionable origins. Seeking sources of funds and sources of wealth to corroborate a paper trail of funds helps mitigate ML, FT, and PF risks, particularly from hawala, to a great extent, followed by senior management approval and enhanced due diligence measures.

Join the Fight against Financial Crimes!

Protect your business with reliable and effective
AML strategies with AML UAE.

Share via :

Add a comment

Related Blogs

The Complete Guide to the Ultimate Beneficial Owner Verification

What is Placement in Money Laundering?