What counts as acceptable address proof for individual KYC?

A utility bill, a government-issued document showing the residential address, a registered tenancy contract or lease agreement, or a bank or account statement from a government-regulated financial institution - dated within the last three months.

👤 Individual KYC

Individual KYC Compliance Tool: Interactive KYC Checklist for Natural Persons

A free, step-by-step individual KYC compliance tool for UAE DNFBPs - covering everything you need to collect when onboarding a natural person, with embedded compliance guidance on every field.

Open the KYC Tool Speak to an AML Expert

📋 Cabinet Resolution No. 134/2025 📘 MoET AML/CFT Guidelines - Sep 2025 📗 MoET CDD Guide - Dec 2024 🇦🇪 UAE DNFBPs

👤 Individual Customer

Individual KYC Wizard

Step-by-step guidance on what to collect when onboarding a natural person under UAE AML/CFT regulations.

📋 CR 134/2025 📘 MoET AML/CFT Guidelines — Sep 2025 📗 MoET CDD Guide — Dec 2024

⚠️ Disclaimer This tool is for general informational and educational purposes only and does not constitute legal, regulatory, or compliance advice. Based on Cabinet Resolution No. (134) of 2025, MoET AML/CFT Guidelines (September 2025), and MoET CDD Implementation Guide (December 2024). Regulations may change — always consult a qualified AML/CFT professional. AMLUAE.com accepts no liability for reliance on this tool.

Individual KYC Compliance Tool: Interactive KYC Checklist for Natural Persons | AMLUAE

Onboarding an individual customer in the UAE is not a paper exercise. It is a regulated, structured process that requires compliance officers and DNFBPs to collect specific information and documents in the right sequence and with the right level of scrutiny before a business relationship can begin.

Getting it wrong is costly. Missing a compulsory field, accepting an expired document, or failing to document the source of funds are the kinds of gaps that surface during regulatory inspections and CDD audits. They are also entirely avoidable.

Our Individual KYC Compliance Tool is an interactive, step-by-step checklist built specifically for UAE DNFBPs onboarding natural persons. It walks compliance officers through every required and recommended information item, explains what to collect and why, and guides the risk rating decision at the point it should be made - after collection, not before.

🔍What Is the Individual KYC Compliance Tool?

The Individual KYC Compliance Tool is a free, browser-based interactive checklist designed to support UAE DNFBPs during the Customer Due Diligence (CDD) process for individual customers.

It is built around the requirements of Cabinet Resolution No. (134) of 2025, the MoET AML/CFT Guidelines (September 2025), and the MoET CDD Implementation Guide (December 2024) - the three primary regulatory instruments governing KYC and CDD obligations for DNFBPs in the UAE.

The tool does three things:

🗂️

Guides KYC Process Systematically

Organises requirements into four focused steps so compliance officers work through one category at a time without missing items.

📖

Provides compliance reasoning

Every field includes an expandable guidance panel explaining what to collect, how to verify it, what red flags to look for, and the regulatory provision it draws from.

⚖️

Separates collection from risk rating

Risk rating is assigned on the summary page after all information has been collected, reflecting how sound CDD practice actually works.

🧭How the Tool Works: Step-by-Step

The tool is structured as a linear wizard with five stages. Each stage must be completed before moving to the next, and the progress tracker at the top updates in real time.

Step 1

Personal Identity

The first step collects the core identifying information that every individual customer must provide, without exception.

Full name is collected as the customer commonly uses it and cross-referenced against the identity document. The tool's guidance makes an important practical distinction: minor variations - a missing middle name, a transliteration difference - are common and should be noted rather than treated as automatic red flags. A materially different name must be investigated before onboarding proceeds.

Nationality covers all citizenships for dual nationals. Both must be recorded because nationality drives the PEP and sanctions screening lists that apply and contributes to the geographic risk score.

Date of birth and place of birth are both compulsory. Date of birth is a primary deduplication field in PEP and sanctions screening. Place of birth, carried forward from Cabinet Resolution No. (10) of 2019, serves as a secondary deduplication field and can be captured by self-declaration where it does not appear on the identity document.

Step 2

Identity Documents

The second step collects the official government-issued documents that evidence the customer's identity. The applicable document depends on the customer's residency status.

Emirates ID is the primary identity document for UAE residents and citizens. Expired Emirates IDs are not acceptable.

Passport is required for non-residents or where Emirates ID is unavailable. The machine-readable zone should be verified. Expired passports must not be accepted.

Visa or Residence Permit is marked as a Best Practice item - reflected in the tool's purple badge as distinct from the green compulsory badge. Collecting the UID number, permit type, and expiry date is strongly recommended for expatriate customers because it corroborates immigration status and Emirates ID validity. An overstayed or expired visa is a red flag that must be escalated before onboarding proceeds.

Step 3

Address & Employment

The third step documents where the customer lives and, where applicable, who employs them.

Residential address must be a full street address - building, apartment, city, country. A PO Box alone is not sufficient. Address inconsistencies between what the customer declares and what appears on their documents must be explained and documented.

Address proof is a compulsory field requiring one supporting document to verify the residential address. The tool recommends accepting four document types: a utility bill (electricity, water, gas, or telecom) in the customer's name; a government-issued document showing the residential address; a tenancy contract or lease agreement registered with the relevant authority, such as Ejari in Dubai; or a bank or account statement issued by a government-regulated financial institution. The document should generally be dated within the last three months. Documents in languages other than English or Arabic should be accompanied by a certified translation.

Employer name and address is required where the customer is employed, as expressly stated in Art. 8 of Cabinet Resolution No. (134) of 2025. Self-employed customers should provide their business name and address. Employment details are cross-referenced against the source of funds to check for consistency.

Step 4

Business Relationship & Funds

The fourth step moves beyond identity into understanding why the customer is engaging your services and how transactions will be funded.

Nature and purpose of the business relationship must be documented for every customer, not just high-risk ones. A vague or undisclosed purpose is a regulatory red flag

Source of funds covers how the customer will fund the specific transactions conducted with the DNFBP. It is distinct from source of wealth. Documentary evidence should be requested where the transaction amount is significant or the declared source is unclear.

PEP self-declaration is the third field in this step and is marked as a Best Practice item. The tool's guidance is explicit on a critical point: a negative self-declaration does not replace independent PEP screening against recognised databases. Screening must be performed for every customer regardless of what they declare. A positive declaration should automatically trigger EDD and require senior management sign-off.

Final Step

KYC Collection Summary & Risk Rating

The summary page serves two functions: reviewing what has been collected and assigning the customer risk rating.

Collection review shows a full item-by-item breakdown across all four steps, with green ticks for collected items, red crosses for outstanding required items, and purple dashes for Best Practice items not yet collected. A status banner flags any gaps that must be addressed before onboarding is finalised.

Risk rating assignment is a deliberate decision made here - after collection - because you cannot accurately assess customer risk until you have reviewed the information. The compliance officer selects Standard or High Risk based on the information reviewed and their firm's Customer Risk Assessment methodology.

Selecting Standard Risk confirms that standard CDD is sufficient and provides a reminder about document retention and ongoing monitoring obligations. Selecting High Risk triggers the EDD outcome panel, listing the four additional items that must be collected: occupation and profession, source of wealth, volume and quantum of assets, and TIN where one exists - plus the requirement for senior management sign-off.

🏷️Compulsory vs Best Practice: Understanding the Distinction

The tool uses two distinct field classifications that compliance officers should understand clearly.

✅

Compulsory - Green Badge

Required at standard CDD for every individual customer. Non-negotiable regardless of risk rating, transaction size, or sector. Failing to collect a compulsory field is a CDD deficiency.

💡

Best Practice - Purple Badge

Not expressly mandated at standard CDD under CR 134/2025 but strongly recommended. Their presence materially strengthens the customer file and the firm's defensible compliance position.

In the summary, Best Practice items that have not been collected are shown with a purple dash rather than a red cross and are excluded from the outstanding items count. They do not block onboarding completion. The two Best Practice fields in this tool are the visa or residence permit and the PEP self-declaration.

👥Who Is This Tool For?

The Individual KYC Compliance Tool is designed for:

Compliance Officers & MLROsat UAE DNFBPs who need a reliable, regulation-aligned checklist for onboarding natural person customers - real estate brokers, dealers in precious metals and stones, corporate service providers, and more.

Compliance Teamsbuilding or reviewing CDD procedures who want a structured reference to benchmark their existing processes against current requirements under CR 134/2025.

Junior Compliance Staffwho benefit from the embedded compliance guidance on every field - explaining not just what to collect but why it matters and what to look for.

Firms Preparing for Inspectionswho want to ensure their individual customer files are complete, consistent, and defensible against regulatory scrutiny.

Try the Individual KYC Compliance Tool

Free, interactive, and built around current UAE AML/CFT regulations. No login required.

Open the KYC Tool

❓Frequently Asked Questions

What regulations does this tool cover?

The tool is built around Cabinet Resolution No. (134) of 2025, the MoET AML/CFT Guidelines (September 2025), and the MoET CDD Implementation Guide (December 2024). These are the primary instruments governing KYC and CDD obligations for UAE DNFBPs.

Is this tool only for UAE-based customers?

No. The tool applies to any individual customer being onboarded by a UAE DNFBP, regardless of nationality or country of residence. Document requirements vary by residency status - UAE residents use Emirates ID as the primary document, while non-residents use a passport - and the tool reflects this distinction.

Why is the risk rating at the end rather than the beginning?

Because that is how risk rating is supposed to work. A customer's risk rating is a judgment made after reviewing their identity, documents, address, purpose, and source of funds - not a pre-screening filter applied before any information has been collected. Placing risk rating at the summary stage ensures the decision is informed by the full picture rather than an assumption made at the outset.

What is the difference between source of funds and source of wealth?

Source of funds refers to how the customer will fund the specific transactions they are conducting with the DNFBP - salary, business income, sale proceeds. Source of wealth refers to how the customer accumulated their overall asset base over time. Source of funds is a standard CDD requirement for all customers. Source of wealth is an EDD requirement triggered by high-risk status or PEP status - it appears in the EDD outcome panel on the summary page.

Does a negative PEP self-declaration mean I do not need to screen?

No. A negative PEP self-declaration - however clearly worded - does not replace independent PEP screening against recognised databases. Automated screening must be performed for every customer regardless of what they declare. The self-declaration is a documented checkpoint and audit trail element, not a substitute for screening.

What counts as acceptable address proof?

The tool accepts four document types: a utility bill in the customer's name; a government-issued document showing the residential address; a tenancy contract or lease agreement registered with the relevant authority; or a bank or account statement from a government-regulated financial institution. The document should show the customer's name and current address and should generally be dated within the last three months.

What happens if the customer is high-risk?

The EDD outcome panel on the summary page lists the four additional items that must be collected: occupation and profession, source of wealth, volume and quantum of assets, and TIN where one exists. It also flags the requirement for senior management sign-off before onboarding proceeds.

Does this tool replace a formal CDD policy?

No. The tool is a compliance aid and interactive checklist - it does not constitute a CDD policy, an AML/CFT programme, or legal or regulatory advice. Firms must maintain their own documented CDD policies and procedures that comply with applicable UAE AML/CFT requirements. The tool supports the execution of those procedures.

How long must KYC documents be retained?

All KYC documents collected must be retained for a minimum of five years from the end of the business relationship, in electronic or hard copy form, in a manner that is readily retrievable for competent authority requests.

Can I use this tool for corporate customers?

This tool covers natural persons only. A separate Corporate KYC Compliance Tool is available for onboarding legal persons - LLCs, PJSCs, branches, partnerships, foundations, and other corporate structures.

🔗Related Tool

⚠️ Disclaimer

This tool and article are provided for general informational and educational purposes only. They do not constitute legal, regulatory, or compliance advice. The information is based on Cabinet Resolution No. (134) of 2025, MoET AML/CFT Guidelines (September 2025), and MoET CDD Implementation Guide (December 2024) as understood at the time of publication. Regulations may change. Users should consult qualified AML/CFT compliance professionals before making compliance decisions. AMLUAE.com accepts no liability for reliance on this tool or article.