How to File CNMR and PNMR on the goAML Portal Under TFS Guidance, 2025

Protect your business with reliable and effective AML strategies with AML UAE.

How to File CNMR and PNMR on the goAML Portal Under TFS Guidance, 2025

This blog elaborates on the July 2025 updates to the Targeted Financial Sanctions (TFS) Guidance. These updates introduce sharper procedures, especially around screening and reporting, and call attention to nuanced revisions, such as:

Fund Freeze Report (FFR) changed to Confirmed Name Match Report (CNMR)
Clarified screening during weekends and public holidays
Updated procedures related to Partial Name Match Reporting
Additional examples on PNMR Reporting
Grievance procedures were deleted and published separately on the EOCN website.

The blog also includes a detailed explanation of what TFS obligations are, an in-depth understanding of CNMR and PNMR filing obligations and step-wise processes under TFS Guidelines 2025, and the best practices that Reporting Entities can incorporate into their AML framework to ensure Sanctions Compliance.

Apart from procedural updates, this blog also provides a step-by-step walkthrough for CNMR and PMNR filing using the goAML portal, helping AML compliance professionals and Regulated Entities to understand their core TFS compliance obligations.

Guidance on Targeted Financial Sanctions, July 2025: What Reporting Entities Must Know

In order to decode the provisions of the TFS Guidelines July 2025, reporting entities must develop a sound understanding of the basic concepts, such as:

What are Targeted Financial Sanctions (TFS) in the UAE?

“Targeted Financial Sanctions” refers to an obligation to freeze the funds or other assets of designated individuals or entities, and to restrict access to such funds, assets, or related services, either directly or indirectly.

The primary purpose of TFS is to prevent designated persons and entities from accessing financial resources, thereby disrupting the use of such resources for illicit purposes or transactions that may benefit individuals or organisations involved in terrorism, proliferation financing, or other criminal activities.

TFS Compliance Obligations

Article 21 of Cabinet Decision No. 74 of 2020 has set the main TFS compliance obligations on Reporting Entities, including DNFBPs, FIs, and VASPs:

Register

Reporting Entities must register for the EOCN Notification Alert System (NAS) to receive automated email notifications on any update to the Sanctions List. In terms of practical implementation, Regulated Entities using Sanctions Screening Software can ensure that the screening software is paired up with a sanctions screening API that gives real-time data and updates as to additions and deletions of names in:

The UAE Local Terrorist List that contains the names of all the sanctioned individuals, entities, or groups designated by the UAE Cabinet.
The UNSC Consolidated List that contains the names of all the sanctioned individuals, entities, or groups designated by the United Nations Sanctions Committees or directly by the UNSC.

Screen

The “when” and “whom” of sanctions screening is covered under paragraphs 30 and 31 of the latest guidance, which provide that Reporting Entities must undertake regular and ongoing screening on the latest Sanction Lists. Sanctions Screening must be undertaken mandatorily in the following circumstances:

Updates, i.e., additions, deletions, and revisions of names to Sanction lists
Prior to onboarding a new customer, i.e., a potential customer
Persons or entities party to any transactions or related to parties of any transaction, including names of persons with direct or indirect relationships with designated individuals, entities, or groups
Upon periodic KYC reviews or if there is any material change in the nature or ownership of the customer is identified
Daily screening of the existing customer database
Daily screening of the offboarded customers or previous customers with whom the Regulated Entity had prior business relationships and transactions
- Reporting Entities need to be mindful that they are required to SCREEN all their previous or offboarded customers on an ongoing basis for a period of five (5) years after termination or cessation of the business relationship, even if there is no active business relationship or no assets are held with the Regulated Entity at present.
Before processing any transactions with a counterparty.

The “what” of the sanctions screening requirement is covered under paragraphs 32 and 33, which state the “key identifiers” and “other identifiers” required to be obtained by regulated entities from their customers to screen their names against those contained in the latest sanctions lists. These key identifiers and other identifiers are:

Once the key identifier details are available with the regulated entity, the Screening Analyst can proceed with conducting sanctions screening either manually or through screening software. The latest guidance on TFS requires regulated entities to have in place an adequate screening mechanism to help ensure TFS compliance.

The sanctions screening process generates screening outcomes, which can be disambiguated into four categories, such as:

Confirmed Name Match: The name of the customer matches with the sanctions screening outcome.
Partial Name Match: The name of the customer partially matches with the sanctions screening outcome.
False Positive: The name of the customer does not match with the screening outcome.
Negative Match: The name of the customer does not generate a screening outcome.

The occurrence of any of these four outcomes requires the personnel of the regulated entity to take appropriate steps, which are more elaborately discussed in the table below:

Sanctions Screening Outcomes and Resultant Reporting Requirements
Screening Result	TFS Measures	TFS Reporting Requirement	Record-Keeping Obligation
Perfect Match or Confirmed Name Match	Freezing of Funds or Other Assets without any delay (within 24 hours) Prohibition from Making Funds or Other Assets or Services Available If the confirmed name match is of a potential customer, transaction must be immediately rejected (TFS measures discussed more elaborately in step 3)	Confirmed Name Match Report (CNMR) to be filed within 5 days alongwith obligatory information	Paragraph 46 of the TFS Guidance updated in July 2025 prescribes to maintain records for the duration of atleast five (5) years, irrespective of the screening outcome.
Partial Match	Immediate suspension of transaction without any delay Avoid offering funds or any other services Scenario-wise requirements apply	Partial Name Match Report (PNMR) to be filed within 5 days alongwith obligatory information
False Positives or False Match	Not applicable	No reporting required
No Match or Negative Match	Not applicable	No reporting required

Stop Guessing. Start Screening Right!

Ready to handle every match- Confirmed, Partial, or Not?

Implement TFS Measures

Reporting Entities must either freeze all funds and assets without delay, prohibit the provision of services/funds or reject the transaction. The core elements of TFS Measures prescribed by the Guidance on TFS include:

Asset Freezing without delay
Prohibition from making funds or other assets or services available
- Financial Assets
- Economic Resources
- Any other assets.

The distinction between “Freezing Measures” in the case of a Confirmed Match and “Suspension Measures” in the case of a Partial Match is discussed in depth in further paragraphs of this AML UAE blog.

Report

The mechanism to report any TFS measures taken by the Reporting Entity must be after identifying a Confirmed or Partial Name Match, reporting to the relevant Supervisory Authority and submitting one of the following two reports via goAML:

Confirmed Name Match Report (CNMR)
Partial Name Match Report (PNMR)

The TFS Guidance also requires Reporting Entities to include and enclose mandatory and obligatory information along with the CNMR and PNMR filed.

In the context of CNMR, the RE is required to enclose ID documents of the person or legal entity whose name is found in the sanctions lists, resulting in a confirmed match during screening, as without possession of ID documents, the RE cannot conclusively confirm that the screening match found is a perfect match, requiring regulatory reporting. Examples of obligatory information for CNMR are:

The amount of funds or other assets frozen with documentary evidence, such as bank statements, transaction receipts, investment portfolios, title deeds, account summaries, etc
Detailed description of rejected transactions or services.

In the context of PNMR, the RE is required to enclose documents such as ID documents (if and when available) and the full name of the person or entity whose name is found to have partially matched during screening. The examples of obligatory information that REs can attach to PNMR are:

Funds or other assets that are suspended
Detailed description of rejected transactions or services.

Confused by the Latest TFS Updates?

Connect with our expert to ensure full compliance with the latest TFS Guidance

How to File a Confirmed Name Match Report (CNMR) While Implementing TFS Measures

The step-wise process for filing CNMR requires a well-developed internal workflow to be followed by employees of a Regulated Entity. Timely filing of CNMR is only possible when the process from match identification to submitting the report on the goAML portal flows seamlessly from one department to another. Regulated Entities need to appoint an AML Compliance Officer and register themselves on the goAML portal. Registration on the goAML portal enables REs to file reports to the UAE FIU (Financial Intelligence Unit) to fulfil regulatory reporting requirements. The step-wise process for filing CNMR includes:

The subscription to the EOCN Notification Alert System (NAS) is a prerequisite that REs must tick off their to-dos once they commence business operations concerning covered activities under UAE’s AML/CFT regime. The subscription to NAS is a one-time exercise, which enables REs to access updated Sanctions Lists in real-time.

Identification of Confirmed Name Match During Sanctions Screening

REs can opt to screen their customers manually across the Sanctions Lists obtained through NAS or rely on a Sanctions Screening Software or unified AML Software that relies on efficient Screening APIs. Using one of these or a combination of software tools ensures that Sanctions Lists relied on for screening customers are updated in real time as published by the regulator, or EOCN, in the context of TFS compliance. The process of screening customers generates screening results or screening outcomes, which need to be disambiguated by the Screening Analyst.

Regulated Entities must remain mindful that they screen across their customer databases, which include potential, existing, and former customers, with whom they had a previous business relationship during the past five (5) years

When a Screening Analyst, while disambiguating screening results, identifies a perfect match or a confirmed match, they need to assess the screening outcome to confirm its accuracy.

Assessment of Confirmed Name Match Outcome

Assessment of a Confirmed Name Match or Perfect Match outcome is quite straightforward. In the case of potential, existing, and former customers, the frontline team or the Screening Analyst is required to carefully examine and cross-verify the customer’s key identifiers and the screening outcome’s attributes to assess whether the initial identification and disambiguation of the screening is accurate or erroneous. Once the Screening Analyst or the frontline team is sure of the match outcome assessment, they need to escalate the customer profile and screening outcome findings to the AML Compliance Officer for carrying out further steps.

Escalation by the Frontline Team or Screening Analyst to the AML Compliance Officer

The AML Compliance Officer needs to assess the customer profile forwarded by the frontline or screening team and assess whether the customer (potential, existing, or former) is indeed a confirmed match or there is any confusion or error on part of screening or frontline team in identifying the match results accurately and proceed further with imposition of TFS Measures and fulfilling CNMR filing formalities in a timely manner.

Impose Freezing Measures on Potential, Existing, and Former Customers

Once the AML Compliance Officer is sure that the confirmed match screening outcome is correct and accurate, he needs to act fast and impose freezing measures without delay (within 24 hours of the confirmed match). The extent and manner of imposing TFS Measures shall differ on the basis of the maturity of the business relationship, as elaborated below:

In case of a Potential Customer

Rejection of transaction or service immediately

In case of an Existing Customer

Freeze all funds/assets
Prohibition from making funds, other assets, or services available to such customer

In case of a Former Customer

If the confirmed match is that of a former customer and the RE does not have any assets or funds available with them, they can still proceed with the CNMR filing process, stating that business relationship concluded and they are not in possession of any assets.

Preparation of Mandatory and Obligatory Information & Documents for CNMR in alignment with goAML Requirements

After imposing TFS Measures, the Compliance Officer then needs to ensure that he is equipped with all the mandatory and obligatory information pertaining to the customer against whom the CNMR is supposed to be filed. The ID documents (passport, Emirates ID, trade license) are assumed to be in possession of the RE and need to be submitted with CNMR. The examples of obligatory information are:

Asset value proof (bank statements, portfolio summaries, title deeds)
Description of rejected service or transaction.

Logging in on the goAML Portal to File CNMR

The AML Compliance Officer must log into their employer’s goAML portal account using RE’s log-in details to file CNMR.

Selecting Report Type as CNMR & Entering Information and Documents

The AML Compliance Officer needs to select CNMR from the list of options given in the dropdown menu on the goAML portal. The AML Compliance Officer can either upload the CNMR in an XML format or fill in the details regarding a confirmed name match in real-time by opting for the web-report option on the goAML portal.

Saving and Submitting CNMR

Once the details regarding the confirmed name match are entered on the goAML portal successfully, the AML Compliance Officer must save the CNMR details and submit the same. The AML Compliance Officer must be mindful of the requirement to complete the legal obligation filing of CNMR on the goAML portal within 5 days after applying freezing measures.

Maintaining Records of CNMR Filed for Five (5) Years

REs are required by law to maintain records of all screening results, including CNMRs, the identification, decision, freezing measures taken, and details of the CNMR filed on the goAML portal for the period of at least five (5) years.

From Sanctions Screening to CNMR Filing: We’ve Got You Covered!

Struggling with real-time screening, escalation, and goAML reporting? Let AML UAE streamline it for you.

How to File a Partial Name Match report (PNMR) While Implementing TFS Measures

The step-wise process of filing a PNMR broadly consists of the steps elaborated in further paragraphs. However, based on the maturity of the business relationship, i.e., whether the customer is a potential customer, an existing customer, or a former customer, the employees of the Reporting Entity, such as the frontline team, Screening Analysts, KYC Analysts, and AML Compliance Officer, must make sure that they collect necessary information about the customer to ensure accurate filing of PNMR. Timely filing of PNMR can be achieved through well-coordinated efforts by all personnel concerned.

Needless to say, the prerequisite of subscription to the EOCN Notification Alert System (NAS) is implied when it comes to having a well-defined and documented process to file PNMR in place. The Reporting Entity may screen its customers manually, through updated sanctions lists and notifications received after subscribing to EOCN NAS or can rely on a Sanction Screening Software or an AML Software with Sanctions Screening API.

Identification of Partial Name Match During Sanctions Screening

Regulated Entities must ensure that they screen across their customer databases, including potential, existing, and former customers, with whom they had a previous business relationship during the past five (5) years.

When a Screening Analyst, while disambiguating screening results, comes across screening results or outcomes where only some or few of the attributes of the customer profile, and they cannot conclusively confirm whether or not such a match is a confirmed match or a false positive, then in such a scenario, they are required to escalate the customer profile and screening outcome to the AML Compliance Officer for further assessment.

Assessing Partial Name Match Outcome

Assessment of Partial Name Match Outcome after screening needs to be done to rule out the possibility of the initial match disambiguation being inaccurate, false positive, or a confirmed name match instead. However, the issue with Partial Name Match outcomes is that the Screening Analyst or frontline team cannot conclusively decide whether it’s a false or a complete match due to factors such as:

Lack of adequate information and non-availability of the customer’s ID documents in case of potential customers
Lack of information in Screening Outcomes, i.e., screening results exist but don’t provide adequate information so as to conclude successful disambiguation
A high number of screening outcomes or results are generated by the screening software due to lower match percentage thresholds configured, leading to high disambiguation volume with non-existent substantial information for disambiguation.

In order to simplify the Partial Name Match Outcome’s accuracy assessment, the following factors must be considered by Reporting Entities, such as:

For Potential Customers: Obtaining ID documents must be attempted when ID documents are not available, leading to a lack of information on key identifier details, so that the match can be disambiguated by having a complete set of information prior to disambiguation for accurate results.

If ID is received within 10 days, the RE must conduct Screening with details contained in the ID obtained. Based on the screening outcome, if the RE finds that the match is indeed a Partial Match, they must continue/implement Suspension/Freezing Measures and proceed with the PNMR/CNMR filing process. If, after fresh screening, the RE finds that the screening outcome is a false positive or no match, they must proceed with establishing a business relationship.
If ID is not received within 10 days, the RE must Reject/Cancel Transaction and proceed with PNMR filing process
If ID is received after 10 days, the RE must conduct Screening based on the recently acquired ID and implement Suspension Measures accordingly, if a Partial Match is found, or proceed with CNMR if a Complete Match is found, or establish a business relationship if false or no match found.

Existing and Former Customers: The possession of a Customer ID is assumed

Suspend any transaction, refrain from offering any funds, assets, or services.

Escalation by the Frontline Team or Screening Analyst to the AML Compliance Officer

The AML Compliance Officer needs to assess the customer profile forwarded by the frontline or screening team and determine whether the customer (potential, existing, or former) is indeed a partial match or confirmed match or false match, based on which further actions can be taken.

Impose Suspension Measures on Potential, Existing, and Former Customers

Once the AML Compliance Officer is sure that the partial match screening outcome is correct and accurate, he needs to act fast and impose a suspension of the business relationship and refrain from or avoid providing any service, assets, or funds to such a customer without delay (within 24 hours of the partial match).

The extent and manner of imposing TFS Measures, i.e., suspension, shall differ on the basis of the maturity of the business relationship, as elaborated below:

In case of a Potential Customer

Cancel the Transaction and proceed with the PNMR filing process

Existing and Former Customers

Suspend any transaction, refrain from offering any funds, assets, or services.

Preparation of Mandatory and Obligatory Information & Documents for PNMR in alignment with goAML Requirements

After imposing TFS Measures, the Compliance Officer then needs to ensure that he is equipped with all the mandatory and obligatory information pertaining to the customer against whom the PNMR is supposed to be filed. The ID documents of existing and former customers (passport, Emirates ID, trade license) are assumed to be in possession of the RE and need to be submitted with PNMR. The ID documents of potential customers can be submitted if and when available. The examples of obligatory information are:

Asset value proof (bank statements, portfolio summaries, title deeds)
Description of suspended service or transaction
Description of rejected transaction or service (when no funds are held).

Logging in on the goAML Portal for PNMR Filing

The AML Compliance Officer must log into their employer’s goAML portal account using RE’s log-in details to file PNMR.

Selecting Report Type as PNMR & Entering Information and Documents

The AML Compliance Officer needs to select PNMR from the list of options given in the dropdown menu on the goAML portal. The AML Compliance Officer can either upload the PNMR in an XML format or fill in the details regarding a confirmed name match in real-time by opting for the web-report option on the goAML portal.

Saving and Submitting PNMR

Once the details regarding the confirmed name match are entered on the goAML portal successfully, the AML Compliance Officer must save the PNMR details and submit the same. The AML Compliance Officer must be mindful of the requirement to complete the legal obligation filing of PNMR on the goAML portal within 5 days after applying suspension measures.

Following EOCN Response

REs after filing a PNMR must await and follow the EOCN instructions and maintain suspension measures until further instructions are received.

The EOCN instructions in the context of PNMR concern the treatment of suspension measures, particularly in the case of existing and former customers. The Reporting Entity must submit PNMR along with all the necessary and obligatory customer information so that EOCN can verify the PNMR submitted and give further instructions to the RE. Either of the following steps must be taken by RE, based on EOCN response:

If EOCN concludes PNMR filed as a False Positive, RE must cancel TFS suspension measures and proceed with the business relationship
If EOCN validates PNMR as a Confirmed Match, REs must freeze funds and submit CNMR.

In the case of potential customers, if customer information and documents are lacking, then EOCN will not be able to verify the PNMR report submitted into Confirmed Match or False Positive.

Maintaining Records of PNMR Filed for Five (5) Years

REs are required by law to maintain records of all screening results, including PNMRs, the identification, decision, suspension measures taken, and details of the PNMR filed on the goAML portal for the period of at least 5 years.

Partial Match or Confirmed? Don’t Second-Guess Compliance.

Get step-by-step guidance on match escalation, TFS imposition, and goAML filing.

Key Differences Between CNMR and PNMR: Comparative Table

Differences Between CNMR and PNMR
Distinguishing Aspects	CNMR (Confirmed Name Match Report)	PNMR (Partial Name Match Report)
Trigger Event	Identification of Confirmed Match during Sanctions Screening	Identification of Partial Match during Sanctions Screening
Immediate Action Needed	Freezing Measures for TFS Compliance to be applied within 24 hours	Suspension Measures for TFS Compliance to be applied within 24 hours
Filing Timelines	Within 5 days after imposing Freezing Measures	Within 5 days after imposing Suspension Measures
Documents Required	Complete Customer ID + Documents of Freezing Measures/ Transaction Rejection	Complete or Partial Customer ID + Documents of Suspension Measures
Post Filing Measures	Freezing Measures to say in place. However lift Freezing Measures if Person/Entity is Delisted from Sanctions List or Freezing Cancellation Decision given by EOCN	Await EOCN Response, maintain Suspension Measures, may need to file CNMR or mark match as False Positive

Key Differences Between Freezing and Suspension Measures

Differences Between Freezing and Suspension of Funds
Distinguishing Aspects	Freezing Measures	Suspension Measures
Sanctions Screening Disambiguation Outcome	Confirmed or Perfect Match	Partial Match
Report to be filed on GoAML Portal	CNMR	PNMR
TFS Compliance Requirements	Freezing measures remain in place until person/entity is delisted from Sanctions List or Freezing Cancellation Decision given by EOCN	Suspension measures remain in place until EOCN provides further instructions on the match’s status

Partial Match or Confirmed? Don’t Second-Guess Compliance.

Get step-by-step guidance on match escalation, TFS imposition, and goAML filing.

General Do’s and Don’ts to Ensure TFS Compliance

Compliance with Targeted Financial Sanctions (TFS) is legally mandated under UAE law and reinforced by the 2025 TFS Guidance. These emphasize proactive, risk-based screening, reporting, and asset freezing for designated persons. The following do’s and don’ts guide Reporting Entities, i.e., DNFBPs, FIs, and VASPs in meeting TFS obligations, particularly for CNMR and PNMR submissions via goAML.

Dos to Ensure TFS Compliance

Do subscribe to the Executive Office mailing list or alert system

Regulated Entities (DNFBPs, VASPs, and FIs) are required to register on the goAML platform to submit STRs and SARs to the FIU. They must also use the platform to report CNMRs/PNMRs to the EOCN and the Supervisory Authority.

Do screen continuously, even on weekends and holidays

Reporting Entities must establish internal procedures for screening against the UAE Local Terrorist List and UNSC Consolidated List during weekends and public holidays, ensuring that access to funds or assets is restricted at all times. If no transactions or customer access occur during weekends or holidays, screening must begin immediately at the start of business activity, and freezing measures should be promptly applied.

Do Report and Disclose previous transactions or business dealings with Confirmed or Partial Name Matches.

Reporting Entities must submit CNMRs and PNMRs for all relevant transactions, business relationships, and accounts held within the past five years, including those closed before the designation, even if no current assets or ties exist. The report must explicitly state that no funds or assets are presently held, no ongoing relationship exists with the designated party, and that the account in question is closed.

Do Report Matches via Email to the EOCN if You’re Not a goAML User

For an entity not registered with goAML (that do not fall under the definition of FIs, DNFBPs, or VASPs and are therefore not under an obligation to register on goAML), CNMRs or PNMRs must be reported by emailing and providing a complete set of case details that clearly explain the identified match with all relevant supporting documents attached in the message.

Do Escalate Matches Found in Criminal or Unilateral/Multilateral Sanctions Lists

Reporting Entities must consult the relevant Supervisory Authority (SA) for guidance on handling matches found with unilateral or multilateral sanctions lists, or other criminal lists, and consider submitting an STR or SAR to the Financial Intelligence Unit (FIU) if such matches are confirmed. The Reporting Entity should not use CNMR/PNMR reports in goAML for matches found on other sanction or criminal lists like OFAC, EU, HMT, or INTERPOL. These reports are only for matches with the UAE Local Terrorist List and UN List.

Do understand the change in penalty for non-compliance and inform staff

Reporting Entities must equip themselves with the awareness of changes made to the penalty imposed on TFS violations and incorporate the changes, such as imprisonment for a period of one to seven years. REs must also understand that Administrative Sanctions might be applied to them, resulting in a warning for license cancellation.

Keep Screening 24/7- Even on Holidays!

Set up a continuous screening process to avoid compliance gaps

Don'ts to Ensure TFS Compliance

Don’t overlook changes in ownership structures, as even minority holdings may evolve into controlling stakes.

Reporting Entities are required to impose freezing measures on any entity that is majority-owned (more than 50%) by designated persons or entities. During implementation, REs must determine whether a designated person owns or exercises control over more than 50% of the proprietary rights. If the designated individual holds only a minority stake (50% or less), the entity is not subject to freezing measures unless ownership shifts, and the designated person gains a majority stake or controlling interest. Furthermore, all funds or assets owed to designated individuals must be frozen and must not be made accessible under any circumstances.

Don’t notify customers before freezing measures, as doing so may be considered tipping off

Reporting Entities must avoid informing customers about freezing measures before they are applied, as this may constitute tipping off. Customers may be notified once the measures have been implemented.

Don’t Forget to Document False Positives

Reporting Entities do not need to report a False Positive result to the EOCN and may proceed with the business transaction. However, they must maintain internal records of the screening alert and all actions taken.

Don’t rely solely on third-party screening services to meet compliance obligations

Reporting Entities must not consider third-party screening services as a guarantee of compliance. Reporting Entities remain responsible and must assess the reliability and robustness of external systems before using them.

Don’t Rely on Assumptions or Unverified Links

When a Confirmed or Partial Name Match is identified, the Reporting Entity must obtain and review the customer’s identification documents. Following the review, appropriate freezing or suspension actions should be taken and properly documented.

Best Practices for CNMR and PNMR Filing on the goAML Portal to Ensure TFS Compliance

Filing of CNMRs and PNMRs via goAML portal is a key compliance requirement for Reporting Entities, including DNFBPs, FIs, and VASPs. By implementing the following best practices, Reporting Entities can ensure effective compliance with the UAE’s Latest Guidance Targeted Financial Sanctions (TFS):

Establish Comprehensive Sanctions Compliance Policies and Internal Controls

Reporting Entities must set and implement policies, procedures, and internal controls that align with the requirements of the latest TFS Guidance. These should ensure compliance with freezing obligations, include reasonable measures to identify beneficial owners, signatories, and strictly prohibit staff from disclosing freezing actions to customers or third parties. REs must allocate appropriate human and technical resources to fulfil TFS obligations effectively.

Using Sanctions Screening Software for Accuracy

REs must deploy Sanctions Screening Software that enables high-accuracy detection of designated individuals and entities across the UAE Local Terrorist List and the UNSC Consolidated List. The software should allow configurable thresholds to minimise false positives while ensuring true matches are not missed. The software must support real-time updates to watchlists, automatic batch screening, and ongoing monitoring of customer databases and transactions. These capabilities are critical for ensuring that CNMRs and PNMRs are identified without delay.

Providing Sanctions Compliance Training to Employees

REs must conduct regular and role-specific training for employees, especially those in compliance, operations, and client onboarding teams. The training must cover the detection and handling of CNMRs and PNMRs, the use of sanctions screening software, and the regulatory obligations outlined in the latest TFS Guidance. Training should also emphasise the importance of confidentiality (prohibition of tipping off) and include practical case scenarios to ensure readiness for real-life detection and reporting situations.

Group Oversight Across All Branches and Trade Zones

REs must establish Group Oversight to ensure consistent application of CNMR and PNMR processes across all branches and trade zones. This includes unified match thresholds, centrally managed screening tools, and standardised escalation procedures. Group Compliance must include overseeing implementation, conducting regular audits, and providing training to ensure effective and consistent Sanctions Screening. Central oversight ensures that potential matches are identified and resolved promptly, reducing the risk of sanctions breaches across the institution’s entire operational footprint.

Tamper-Proof Record-Keeping

REs must maintain tamper-proof record-keeping systems to ensure the integrity and security of data related to CNMR and PNMR activities. Records of screening results, match investigations, and escalation decisions must be securely maintained with access controls that restrict unauthorised viewing or editing. The system must include audit trails that log all user actions and prevent any undetected alterations or deletions.

Implementing Centralised Record Management Systems

REs must implement Centralised Record Management Systems to ensure consistent, secure, and traceable handling of data related to CNMR and PNMR processes. These systems should consolidate customer and transaction records across all business units and branches, enabling efficient access and retrieval during sanctions screening, investigations, and regulatory inspections. Centralisation ensures that relevant data is readily available as a single source of truth, supporting timely identification, review, and escalation of potential matches. Easy access to accurate records is essential for demonstrating compliance with TFS obligations and facilitating smooth regulatory visits.

Internal Reporting & Escalation Module

REs must establish a structured Internal Reporting & Escalation Module to manage alerts generated through CNMR and PNMR processes. This module should define clear roles, timelines, and procedures for the review, escalation, and resolution of potential sanctions matches. Automated workflows should support timely alert handling, while ensuring that all actions are logged for audit purposes. Effective internal reporting and escalation are essential for preventing delays, ensuring regulatory compliance, and facilitating prompt decision-making in line with TFS obligations.

Freeze, File, and Comply Without the Panic!

Our experts help you navigate every step of the sanctions screening and CNMR/PNMR reporting process.

Bringing It All Together: TFS Measures, Match Outcomes, and goAML Reporting

The advent of TFS Guidance, July 2025, calls for more than reactive and passive compliance measures; it requires proactive internal policies and procedures that take care of timely screening, clear escalation protocols, and accurate CNMR/PNMR reporting through the goAML portal and reposting to the relevant Supervisory Authority. Irrespective of dealing with confirmed or partial match in case of potential, existing, or former customers, regulated entities must implement appropriate freezing or suspension measures, document actions taken, and maintain records for a period of five (5) years.

Incorporating these practices into daily workflows helps ensure regulatory compliance while reinforcing operational resilience. With right Sanctions Screening Software, Role Specific AML Training, and governance, REs in UAE can go beyond reactive compliance and master proactive and risk-based TFS Compliance.

Need CNMR/PNMR SOPs, Templates, or Screening Software & Personnel Training?

From Screening to GoAML, we help you operationalise every step of CNMR/PNMR Compliance

FAQs

What is the difference between CNMR and PNMR under UAE TFS Guidance 2025?

CNMR can only be filed in a scenario where the customer details completely and entirely match with those of the screening outcome, whereas PNMR can be filed when some of the customer details match with those of the screening output, but it cannot be conclusively determined to be a confirmed match or a false match due to a lack of information or clarity.

What are the timelines for CNMR or PNMR filing in UAE?

CNMR and PNMR both need to be filed within 5 business days of imposing freezing or suspension measures.

Can REs file CNMR/PNMR manually without screening software?

Absolutely, filing of CNMR/PNMR can be done through logging into the goAML portal using REs’ credentials. The role of the Screening Software is limited to carrying out Sanctions Screening, generating alerts upon finding matches, streamlining workflows and escalations and preparing or downloading screening reports and details for the purpose of filing CNMR/PNMR accurately.

AML UAE – your partner for AML training requirements

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

How to File CNMR and PNMR on the goAML Portal Under TFS Guidance, 2025