AML & CFT Compliance Advisory UAE | DNFBP AML Services | FinApt Group

Risk & Compliance

AML/CFT Compliance Advisory for DNFBPs in UAE

Q: What is a Suspicious Transaction Report (STR) and when must it be filed?

A Suspicious Transaction Report (STR) — also referred to as a Suspicious Activity Report (SAR) in some jurisdictions — is a mandatory report filed with the UAE Financial Intelligence Unit (FIU) via the goAML system when a regulated entity suspects that a transaction or attempted transaction may be linked to money laundering, terrorist financing, or proliferation financing. DNFBPs are required to file STRs promptly upon forming a suspicion — there is no de minimis threshold. Filing must be accompanied by proper internal documentation of the suspicion and the decision-making process.

Anti-Money Laundering · Counter-Terrorist Financing · Proliferation Financing

AML, CFT, and CPF obligations in the UAE have evolved into a comprehensive and enforcement driven regulatory regime. FinApt provides end to end AML compliance advisory tailored for Designated Non Financial Businesses and Professions, covering risk assessments, framework design, inspection readiness, and outsourced compliance leadership. leadership.

Request a Consultation View Our Services

Aligned with Federal Decree Law No. 10 of 2025 Inspection readiness aligned with Ministry of Economy expectations Specialist advisory for DNFBPs

UAE

Primary Market

Service Pillars

2025

Law Aligned

DNFBP

Specialist

Regulatory Context

A Comprehensive and Enforcement Driven AML Regime

Anti-Money Laundering (AML), Counter-Terrorist Financing (CFT), and Proliferation Financing (CPF) obligations in the UAE have evolved into a comprehensive and enforcement-driven regulatory regime that places heightened compliance expectations on Designated Non-Financial Businesses and Professions (DNFBPs), including corporate service providers, real estate brokers, dealers in precious metals and stones, auditors, and other regulated non-financial sectors.

For DNFBPs operating in an increasingly scrutinized environment, compliance must move beyond documentation to demonstrable implementation and governance effectiveness.

FinApt Group provides end-to-end AML/CFT/CPF compliance advisory tailored specifically for DNFBPs, from enterprise-wide risk assessments, policy and control framework design, and UBO compliance structuring to independent testing, regulatory inspection readiness, remediation support, and outsourced compliance officer services.

Our approach combines regulatory rigor with operational practicality, ensuring that DNFBP compliance frameworks are proportionate, defensible, inspection-ready, and sustainable under the UAE's latest AML legal framework.

Current UAE Legal Framework

Federal Decree-Law No. 10 of 2025

On Combating Money Laundering, Terrorist Financing and the Financing of Proliferation — repeals and replaces Federal Decree-Law No. 20 of 2018

Cabinet Resolution No. 134 of 2025

Executive Regulations governing risk-based AML/CFT/CPF obligations for DNFBPs and financial institutions

DNFBP Supervisory Authorities

Ministry of Economy — primary supervisor for DNFBPs, with CBUAE, SCA, DFSA and ADGM supervising financial institutions

Key Obligations

Enterprise wide risk assessment, customer due diligence and enhanced due diligence, UBO transparency, STR filing, targeted financial sanctions screening, goAML registration, and independent compliance oversight

Regulatory Applicability & Sector Coverage

Who Must Comply with UAE AML/CFT Obligations

AML/CFT/CPF obligations under the UAE framework apply across a wide range of regulated financial institutions and Designated Non-Financial Businesses and Professions (DNFBPs). These obligations are risk-based and proportionate to the nature, scale, and complexity of the activities undertaken.

Banks & Financial Institutions

Licensed banks, finance companies, exchange houses, and financial institutions regulated by the Central Bank of UAE (CBUAE).

Insurance Companies & Investment Firms

Insurance companies, takaful operators, investment management firms, and capital market participants under SCA oversight.

Real Estate Brokers & Developers

Real estate brokers, developers, and agents engaged in buying, selling, or facilitating property transactions in the UAE.

Virtual Asset Service Providers (VASPs)

Entities providing virtual asset exchange, transfer, safekeeping, and related financial services subject to UAE VASP regulations.

Dealers in Precious Metals & Stones (DPMS)

Traders, dealers, and brokers in gold, diamonds, precious metals, and gemstones subject to UAE AML obligations.

Corporate Service Providers & Auditors

Company formation agents, corporate service providers, auditors, and accounting firms designated as DNFBPs under UAE law.

For DNFBPs in particular, supervisory expectations have significantly increased, with greater emphasis on enterprise-wide risk assessments, UBO transparency, sanctions compliance, STR reporting, and demonstrable governance oversight.

Our AML & CFT Compliance Services

Four Integrated Pillars of AML Advisory

Our AML/CFT/CPF advisory services are structured around four integrated pillars designed to support regulated entities and DNFBPs in building sustainable, inspection-ready compliance frameworks.

AML Framework Design & Implementation

We design and implement comprehensive AML/CFT/CPF compliance frameworks covering governance structures, board oversight, policies and procedures, internal controls, escalation protocols, reporting lines, and accountability matrices aligned with UAE regulatory requirements and operational realities.

Enterprise-Wide Risk Assessment (EWRA)

We conduct structured, risk-based assessments across customer types, products and services, geographies, delivery channels, and transaction profiles. Our methodology establishes a defensible risk-rating model, documented risk appetite alignment, and proportionate mitigation strategies — particularly critical for DNFBPs under Ministry of Economy supervision.

KYC / CDD / EDD & Sanctions Control Framework

We design onboarding and ongoing due diligence frameworks incorporating:

Risk-based customer classification models
Enhanced Due Diligence (EDD) triggers
UBO identification and verification standards
Targeted Financial Sanctions (TFS) screening controls
Documentation and record-keeping standards

Independent AML Testing (AML Audit)

We independently assess the design and operating effectiveness of AML controls across governance, EWRA methodology, CDD/EDD implementation, sanctions compliance, transaction monitoring, STR reporting, and internal oversight mechanisms.

Regulatory Inspection & Remediation Advisory

We prepare organisations for supervisory inspections and Ministry of Economy reviews, assist in drafting regulatory responses, and design structured remediation programs with defined ownership, milestones, and board reporting oversight.

goAML Registration & Reporting Framework Setup

We support goAML registration, system configuration, user governance setup, workflow documentation, and internal reporting protocols to ensure regulatory reporting readiness.

STR/SAR Advisory & Escalation Protocol Design

We establish structured suspicious activity identification frameworks, internal escalation matrices, decision-making documentation standards, and defensible reporting protocols aligned with UAE FIU expectations.

Transaction Monitoring Oversight & Enhancement

We review monitoring methodologies, scenario design, threshold calibration, documentation practices, and governance oversight to enhance detection effectiveness and reduce regulatory exposure.

Compliance Officer / MLRO Outsourcing

We provide structured compliance leadership support, including program oversight, management reporting, regulatory liaison, monitoring of compliance obligations, and continuous risk assessment review.

AML Training & Awareness Programs

We design and deliver tailored, role-based AML/CFT/CPF training for boards, senior management, compliance teams, and operational staff to strengthen accountability, awareness, and compliance culture.

Supervisory Authorities

UAE AML/CFT Regulatory Oversight

Supervisory authorities actively monitor adherence and enforce administrative and financial penalties for non-compliance across financial institutions and DNFBPs.

MOE

Ministry of Economy

CBUAE

Central Bank of UAE

SCA

Securities & Commodities Authority

DFSA

Dubai Financial Services Authority

ADGM

Abu Dhabi Global Market

UAE FIU

Financial Intelligence Unit

A Structured, Risk-Based Approach

AML/CFT Compliance as a Governance Discipline

AML, CFT, and CPF compliance in the UAE is no longer documentation driven. It is a governance discipline requiring demonstrable risk assessment, independent validation, effective implementation, and continuous monitoring.

FinApt's partner-led model ensures compliance frameworks are proportionate, operationally practical, defensible under regulatory scrutiny, and aligned with evolving supervisory expectations — particularly for DNFBPs operating in a heightened enforcement environment.

Enterprise-Wide Risk Assessment

Conduct and document a structured enterprise wide risk assessment across customer types, channels, geographies, and products to establish a defensible risk baseline

Framework Design & Policy Alignment

Design governance structures, policies, and controls aligned with UAE law — proportionate to organizational scale and risk profile

Independent Testing & Validation

Independently assess design and operating effectiveness of AML controls — delivering findings defensible under regulatory review

Continuous Monitoring & Reporting

Maintain ongoing compliance through structured monitoring, goAML reporting readiness, and continuous risk assessment review

Inspection Readiness & Remediation

Prepare for Ministry of Economy inspections, draft regulatory responses, and manage structured remediation with board-level oversight

Frequently Asked Questions

AML/CFT Compliance in UAE — Common Questions

Questions commonly asked by DNFBPs and regulated entities about AML/CFT/CPF compliance obligations in the UAE.

Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) compliance refers to the set of legal obligations designed to prevent the use of financial systems for money laundering, terrorist financing, and proliferation financing. In the UAE, these obligations apply to financial institutions — including banks, insurance companies, investment firms, and securities participants — as well as Designated Non-Financial Businesses and Professions (DNFBPs) such as real estate brokers, corporate service providers, auditors, and dealers in precious metals and stones. The primary legal framework is Federal Decree-Law No. 10 of 2025 and its Executive Regulations under Cabinet Resolution No. 134 of 2025.

Under the UAE AML framework, Designated Non-Financial Businesses and Professions (DNFBPs) include real estate brokers and developers, dealers in precious metals and stones (DPMS), corporate service providers and company formation agents, auditors and accounting firms, lawyers and legal advisors engaged in specific financial transactions, and other non-financial businesses designated by the relevant supervisory authority. DNFBPs are supervised primarily by the Ministry of Economy and are subject to risk-based AML/CFT/CPF obligations proportionate to the nature and complexity of their activities.

Federal Decree-Law No. 10 of 2025 on Combating Money Laundering, Terrorist Financing and the Financing of Proliferation is the current governing AML/CFT law in the UAE. It repeals and replaces Federal Decree-Law No. 20 of 2018 and introduces strengthened risk-based obligations for both financial institutions and DNFBPs. Its Executive Regulations are set out under Cabinet Resolution No. 134 of 2025. Key obligations include enterprise-wide risk assessments, customer due diligence, UBO transparency, targeted financial sanctions screening, and STR filing with the UAE Financial Intelligence Unit via the goAML system.

Yes. Under the UAE AML framework, DNFBPs are required to conduct and document an Enterprise-Wide Risk Assessment (EWRA) that evaluates AML/CFT/CPF risks across customer types, products and services, geographies, delivery channels, and transaction profiles. The EWRA must be risk-based, documented, and updated periodically — particularly when there are material changes in the business. Supervisory authorities, including the Ministry of Economy, assess the adequacy of the EWRA during inspections and regulatory reviews.

goAML is the UAE Financial Intelligence Unit's (FIU) reporting platform used by regulated entities to submit Suspicious Transaction Reports (STRs) and other regulatory reports. DNFBPs are required to register on the goAML platform, configure user governance, and establish internal reporting workflows to meet STR filing obligations. FinApt supports organizations through the full goAML registration process, system configuration, user governance setup, and the documentation of internal reporting protocols to ensure regulatory reporting readiness.

The UAE imposes significant administrative and financial penalties for AML/CFT non-compliance. Under Federal Decree-Law No. 10 of 2025, penalties can include substantial financial fines, suspension or withdrawal of operating licenses, public censure, and in serious cases criminal prosecution of responsible individuals. Supervisory authorities — including the Ministry of Economy, CBUAE, SCA, DFSA, and ADGM — actively monitor and enforce compliance, and have demonstrated increasing willingness to impose formal sanctions on non-compliant entities.

Customer Due Diligence (CDD) is the standard level of identity verification and risk assessment applied to customers at onboarding and on an ongoing basis — including verifying identity, understanding the nature of the business relationship, and identifying the Ultimate Beneficial Owner (UBO). Enhanced Due Diligence (EDD) is a more stringent level of scrutiny applied to higher-risk customers such as Politically Exposed Persons (PEPs), customers in high-risk jurisdictions, or those presenting elevated transaction risk profiles. EDD requires additional documentation, senior management approval, and more frequent monitoring.

A Suspicious Transaction Report (STR) is a mandatory report filed with the UAE Financial Intelligence Unit (FIU) via the goAML system when a regulated entity suspects that a transaction or attempted transaction may be linked to money laundering, terrorist financing, or proliferation financing. DNFBPs are required to file STRs promptly upon forming a suspicion — there is no de minimis threshold. Filing must be accompanied by proper internal documentation of the suspicion and the decision-making process.

Yes. DNFBPs in the UAE may engage external compliance professionals or firms to provide outsourced Compliance Officer or Money Laundering Reporting Officer (MLRO) services, subject to regulatory requirements regarding accountability and oversight. The outsourced function must include program oversight, regulatory liaison, monitoring of obligations, management reporting, and continuous risk assessment review. Outsourcing does not transfer regulatory responsibility — the entity remains accountable for compliance outcomes. FinApt provides structured outsourced compliance leadership support designed specifically for DNFBPs.

AML/CFT Compliance Advisory

Build a Compliance Framework That Is
Inspection-Ready and Defensible

FinApt's partner-led AML advisory team works exclusively with DNFBPs and regulated entities in the UAE. Contact us for a confidential assessment of your AML/CFT compliance position.

Request a Consultation Speak to a Specialist

Welcome to a world of financial possibilities with FinApt. Let’s chart your path to financial prosperity together.

TAHA SIDDIQUI

SAQIB ISLAM

SWATI PARASHAR

ABDULLAH ALHASHMI

Audit and Assurance

Accounting and Bookkeeping

Risk and Compliances

Tax Services

Financial and Transaction Advisory

Corporate Services