AML & DNFBP Compliance in the UAE
The United Arab Emirates has built one of the most rigorous Anti-Money Laundering and Counter-Terrorism Financing (AML/CFT) frameworks in the Middle East. Anchored by Federal Decree-Law No. 20 of 2018 (as amended) and Cabinet Decision No. 10 of 2019, the regulatory landscape places binding obligations on both financial institutions and Designated Non-Financial Businesses and Professions (DNFBPs). For businesses operating in Dubai and across the UAE, compliance is not optional; it is a legal requirement that carries significant penalties for failure.
DNFBPs include real estate agents, precious metals and stones dealers, auditors, accountants, lawyers, notaries, and Trust and Company Service Providers (TCSPs). These businesses are required to implement comprehensive AML/CFT programs that include customer due diligence, transaction monitoring, suspicious transaction reporting through the goAML portal, sanctions screening, record keeping, and regular staff training. Supervisory authorities such as the Ministry of Economy, RERA, and various free zone authorities actively inspect DNFBPs for compliance and impose penalties for deficiencies.
The UAE's commitment to international AML standards reflects its membership in the Financial Action Task Force (FATF) and the Middle East and North Africa Financial Action Task Force (MENAFATF). Following the FATF mutual evaluation in 2020, the UAE has significantly accelerated its enforcement activities. In 2023 and 2024, supervisory authorities conducted hundreds of inspections across DNFBP sectors, resulting in penalties exceeding AED 100 million. This enforcement trend is expected to intensify, making robust compliance programs essential for business continuity.
AURNE Private Advisory provides comprehensive AML and DNFBP compliance services covering every aspect of regulatory obligation. Our Dubai-based team combines deep knowledge of UAE AML regulations with practical implementation experience across all DNFBP sectors. Whether you need a complete AML program built from scratch, assistance with goAML registration and reporting, a compliance framework tailored to your sector, or ongoing monitoring and inspection preparation, we deliver solutions that protect your business while meeting every regulatory requirement.
Ready to get started with AML Compliance?
Let's discuss your requirements and find the best solution for your business needs.
Why AML Compliance Matters for Your Business
AML compliance in the UAE is driven by both legal obligation and sound business practice. Understanding these drivers helps prioritize compliance investment:
Legal Requirement
Federal Decree-Law No. 20 of 2018 mandates AML/CFT programs for all DNFBPs. Non-compliance is a legal offence, not merely an administrative matter.
Penalty Avoidance
Administrative penalties range from AED 50,000 to AED 5,000,000 per violation. Criminal penalties include imprisonment of up to 10 years for serious breaches.
Business Reputation
AML compliance demonstrates integrity to clients, partners, and regulators. Enforcement actions and penalties are increasingly publicized, damaging brand trust.
Banking Access
UAE banks conduct compliance due diligence on business clients. Companies without proper AML programs face account closures and difficulty opening new accounts.
International Standards
The UAE aligns with FATF standards. Compliance positions your business favorably for international partnerships, correspondent banking, and cross-border transactions.
Risk Mitigation
A structured AML program protects your business from being exploited for money laundering, reducing exposure to financial crime, regulatory action, and civil liability.
DNFBP Categories in the UAE
The following business types are classified as Designated Non-Financial Businesses and Professions under UAE law. Each category has sector-specific compliance requirements in addition to the baseline AML/CFT obligations:
| DNFBP Category | Supervisory Authority | Key AML Triggers |
|---|---|---|
| Real Estate Agents & Brokers | RERA (Dubai), respective emirate authority | Property purchases, large cash payments, off-plan sales, international buyers |
| Precious Metals & Stones Dealers | Ministry of Economy | Cash transactions at or above AED 55,000, high-value goods, international sourcing |
| Auditors & Accountants | Ministry of Economy | Financial transactions, company structuring, tax planning, trust management |
| Lawyers & Legal Professionals | Ministry of Justice, local authority | Real estate closings, company formation, trust arrangements, client account management |
| Trust & Company Service Providers | Free zone authority, SCA | Company formation, nominee services, registered agent activities, corporate structuring |
| High-Value Goods Dealers | Ministry of Economy | Cash transactions at or above AED 55,000, luxury goods, high-value inventory |
Free zone entities in DMCC, DIFC, ADGM, and other UAE free zones are also subject to AML/CFT requirements enforced by their respective free zone authorities. DMCC, for example, has its own compliance team that conducts inspections and imposes penalties on non-compliant members. DIFC and ADGM operate under their own regulatory frameworks (DFSA and FSRA respectively) with additional requirements for financial services firms.
Want to explore the benefits?
Contact us for a consultation and discover how we can help your business.
AML Policy Design & Implementation
A well-designed AML policy is the foundation of your compliance program. We develop comprehensive AML/CFT policies tailored to your DNFBP sector, risk profile, and operational structure. Every policy we create aligns with UAE federal regulations, CBUAE guidance, FATF recommendations, and your specific supervisory authority requirements.
Business Risk Assessment (BRA)
We evaluate your customer types, geographic exposure, products and services, delivery channels, and transaction patterns to produce a comprehensive risk assessment. The BRA determines the calibration of all subsequent controls and must be updated at least annually or when material changes occur in your business.
KYC & Customer Due Diligence Procedures
We design customer onboarding procedures covering identity verification, beneficial ownership identification (25% threshold), source of funds documentation, PEP screening, and risk categorization. Procedures are calibrated across simplified, standard, and enhanced due diligence levels based on your risk assessment methodology.
Transaction Monitoring & Red Flag Detection
We establish transaction monitoring rules tailored to your sector. For real estate, this covers cash deposits, third-party payments, and rapid resales. For precious metals, it covers cash transactions near the AED 55,000 threshold, structuring patterns, and unusual purchasing behavior. Each rule includes clear escalation paths and documentation requirements.
Sanctions Screening & PEP Identification
We implement screening procedures against UAE Local Terrorist List, UN Security Council consolidated sanctions lists, and other applicable lists. Screening must occur at customer onboarding, periodically during the relationship, and when lists are updated. We establish processes for handling potential matches, false positives, and escalation to the MLRO.
Record Keeping & Documentation Standards
UAE law requires maintaining all CDD records, transaction records, and compliance documentation for a minimum of 5 years after the business relationship ends. We establish record-keeping systems that meet regulatory requirements while remaining practical for daily operations, including digital storage solutions and retrieval procedures for inspection readiness.
goAML Reporting & FIU Obligations
The goAML portal is the UAE Financial Intelligence Unit's (FIU) web-based platform for receiving and processing financial intelligence reports. All DNFBPs must register on goAML and use it to file mandatory reports. We handle the complete goAML lifecycle, from initial registration through ongoing reporting compliance.
Portal Registration & Configuration
We handle entity registration with the FIU, configure user accounts with appropriate access levels, establish the MLRO as primary reporting officer, and test the system with sample submissions to ensure operational readiness.
STR & SAR Filing
Suspicious Transaction Reports (STRs) and Suspicious Activity Reports (SARs) must be filed as soon as suspicion arises. We develop internal escalation workflows, report templates, and quality review procedures to ensure accurate, complete, and timely filings.
Currency Transaction Reports (CTRs)
Cash transactions at or above AED 55,000 (or equivalent in foreign currency) must be reported. For precious metals dealers, this threshold triggers mandatory CTR filing regardless of whether the transaction appears suspicious.
Reporting Training & Support
We train your MLRO and compliance staff on goAML portal navigation, report preparation, data entry standards, and response handling. Ongoing support is available for complex reporting scenarios and FIU information requests.
Compliance Framework Development
A compliance framework provides the structure and governance around your AML program. We develop frameworks that integrate AML/CFT requirements with your broader business operations, making compliance a practical part of daily workflows rather than an isolated administrative burden.
Ongoing Compliance Monitoring & Reviews
Setting up an AML program is only the beginning. UAE regulations require continuous monitoring and periodic reviews to ensure your compliance program remains effective. Supervisory authorities expect evidence of ongoing compliance activity at every inspection, not just a policy manual that was created and shelved.
Quarterly Compliance Health Checks
We review a sample of CDD files for completeness and accuracy, test transaction monitoring controls, verify sanctions screening is current, check record-keeping compliance, and assess training records. Each health check produces a findings report with recommended actions.
Annual Program Review & BRA Update
A comprehensive annual review covers all aspects of your AML program, including policy effectiveness, control adequacy, reporting completeness, and training outcomes. The annual Business Risk Assessment update reflects any changes in your customer base, geographic exposure, products, or the regulatory landscape.
Gap Analysis & Remediation
When gaps are identified (whether through our reviews, regulatory changes, or supervisory feedback), we develop prioritized remediation plans with clear timelines, responsible parties, and verification procedures. We track remediation progress and verify closure of each identified gap.
Inspection Preparation & Support
We conduct mock inspections simulating supervisory authority processes, organize compliance documentation into inspection-ready evidence packs, brief staff on common questions and proper responses, and provide on-site support during actual inspections when needed.
Penalties & Enforcement in the UAE
UAE enforcement of AML/CFT regulations has intensified significantly since 2020. Understanding the penalty framework helps businesses appreciate the financial and operational risks of non-compliance:
| Violation Type | Penalty Range | Additional Consequences |
|---|---|---|
| Failure to implement AML program | AED 50,000 to AED 5,000,000 | Mandatory remediation, potential license suspension |
| Failure to file STRs | Criminal: imprisonment up to 10 years | Criminal fines, personal liability for MLRO and management |
| Tipping off (alerting customer about STR) | Criminal: imprisonment up to 3 years | Criminal fines, personal liability |
| Inadequate CDD procedures | AED 50,000 to AED 1,000,000 | Mandatory remediation within specified timeframe |
| Failure to maintain records | AED 50,000 to AED 500,000 | Mandatory system improvements |
| Repeat violations | Doubled penalties (up to AED 5,000,000) | License revocation, criminal referral |
| Failure to register on goAML | AED 50,000 to AED 500,000 | Mandatory registration, enhanced scrutiny |
In recent enforcement actions, the UAE Executive Office for AML/CFT and the FIU have targeted DNFBPs across all sectors. Real estate agents and precious metals dealers have been a particular focus, with several high-profile penalty cases in Dubai. Penalties are assessed per violation, meaning a single inspection can result in multiple penalties for different compliance deficiencies. The cost of building and maintaining a proper AML program is consistently a fraction of the potential penalty exposure.
AML Compliance Cost Guide
Compliance investment varies based on your DNFBP category, business size, number of staff, and current compliance maturity. The following provides indicative cost ranges:
Initial Program Setup
AED 15,000 to 45,000
- Business Risk Assessment
- AML policy and procedures manual
- goAML registration and setup
- CDD templates and forms
- Initial staff training
Annual Compliance Support
AED 12,000 to 30,000/year
- Quarterly compliance reviews
- Annual BRA update
- Annual refresher training
- Regulatory update tracking
- Compliance advisory
Full-Service Management
AED 30,000 to 60,000/year
- Outsourced MLRO services
- Continuous monitoring
- All goAML reporting
- Inspection preparation
- Priority compliance support
Note: All costs mentioned are approximate and indicative only. They are subject to change without notice. Actual costs may vary based on specific requirements, regulatory changes, and market conditions. Please contact us for current pricing.
AML Compliance in Practice
The following anonymized scenarios illustrate how we have helped DNFBPs across different sectors achieve and maintain compliance:
Real Estate Brokerage: Full AML Program
Situation: A Dubai-based real estate brokerage with 15 agents needed a complete AML program before their trade license renewal. They had no existing compliance documentation, no goAML registration, and no staff training records.
Approach: We conducted a full BRA, designed sector-specific AML policies covering property transactions and off-plan sales, registered the firm on goAML, created CDD templates for buyer and seller onboarding, and delivered two days of staff training.
Outcome: Complete AML program operational within 5 weeks. The brokerage passed their subsequent RERA compliance review with no findings. Ongoing quarterly monitoring keeps the program current.
Precious Metals Dealer: Urgent Gap Remediation
Situation: A gold and diamond dealer in DMCC received notice of an upcoming Ministry of Economy inspection in 3 weeks. Their existing AML policies were outdated, CDD files were incomplete, and no CTRs had been filed for cash transactions above the threshold.
Approach: We ran an accelerated gap analysis, updated all AML policies to current standards, remediated 40+ CDD files, filed back-dated CTRs for qualifying transactions, conducted an intensive staff training session, and prepared a comprehensive inspection evidence pack.
Outcome: The dealer passed the inspection with minor observations (no penalties). The remediation was completed in 18 days. We now provide ongoing quarterly monitoring and annual program reviews.
TCSP: goAML Reporting Workflow
Situation: A corporate services provider handling company formations and registered agent services needed to establish goAML reporting capabilities for the first time. They had an AML policy but no reporting infrastructure, no designated MLRO, and staff unfamiliar with STR obligations.
Approach: We registered the firm on goAML, appointed and trained an internal MLRO, designed reporting workflows covering company formation red flags (shell companies, nominee structures, PEP involvement), created internal escalation procedures, and delivered targeted training to all client-facing staff.
Outcome: goAML fully operational within 2 weeks. The TCSP has since filed multiple STRs correctly and on time. Their free zone authority commended their compliance improvements during the next scheduled review.