The UAE has significantly strengthened its Anti-Money Laundering and Counter-Terrorism Financing framework over the past three years. Designated Non-Financial Businesses and Professions (DNFBPs) — including accountants, auditors, real estate agents, and corporate service providers — face strict obligations and heavy penalties for non-compliance.
Following its placement on the FATF Grey List in 2022, the UAE moved decisively to strengthen its AML/CFT framework. The country was removed from the Grey List in February 2024 — a testament to the pace of reform. But the compliance obligations on businesses remain stringent, and enforcement by the Ministry of Economy and relevant supervisory authorities has increased substantially.WHO ARE DNFBPS?
Designated Non-Financial Businesses and Professions (DNFBPs) under UAE law include:
- Accountants and auditors
- Legal professionals (lawyers, notaries)
- Real estate agents and brokers
- Dealers in precious metals and stones
- Corporate service providers (company formation agents, nominee directors)
If your business falls within these categories, you are subject to AML obligations under Federal Decree-Law No. 20 of 2018 and its implementing regulations.
THE CORE AML OBLIGATIONS
1. Customer Due Diligence (CDD): You must verify the identity of your clients, understand the nature of the business relationship, and identify the Ultimate Beneficial Owner (UBO). Enhanced Due Diligence applies to high-risk clients, politically exposed persons (PEPs), and transactions above certain thresholds.
2. Risk Assessment: Every covered business must maintain a documented enterprise-wide risk assessment identifying the ML/TF risks specific to their client base, products, and geographies. This must be reviewed regularly and updated when the risk profile changes.
3. Policies, Procedures and Controls: You need written AML policies covering CDD, ongoing monitoring, suspicious transaction identification, record-keeping, and staff training. A Compliance Officer must be appointed (for larger firms, this is typically a senior person who is fit and proper).
4. goAML Registration: DNFBPs must register on the goAML platform operated by the UAE Financial Intelligence Unit (FIU). This is the mechanism through which Suspicious Transaction Reports (STRs) and Suspicious Activity Reports (SARs) are filed.
5. Ongoing Monitoring: Customer relationships must be monitored continuously. Transaction patterns that are inconsistent with the stated purpose of the relationship must trigger a review.
6. Record Keeping: All CDD records, transaction records, and STRs must be retained for at least 5 years.
THE CONSEQUENCES OF NON-COMPLIANCE
The Ministry of Economy conducts risk-based inspections of DNFBPs. Penalties range from warnings and fines up to AED 50 million for serious violations. In cases involving facilitation of money laundering, criminal liability extends to directors and senior managers personally.
WHAT TO DO IF YOU ARE NOT YET COMPLIANT
Start with your risk assessment — this forms the foundation of everything else. Then build or review your CDD procedures, ensure goAML registration is complete, train your staff, and appoint or confirm your Compliance Officer. Document everything: the regulators want to see a functioning, embedded compliance programme, not a paper exercise.
Our compliance team can conduct an AML gap analysis, draft your policies and procedures, support your goAML registration, and provide ongoing compliance monitoring. Contact us to arrange a confidential assessment.
O
Omar Al Mansoori
Dhoaa Al Shams Team
Share this article