Guides
May 20, 2026

What Is UAE AML/CFT Compliance and Why Does It Matter in 2026?

The UAE's financial system depends on Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) controls. If you're running a real estate agency, p
What Is UAE AML/CFT Compliance and Why Does It Matter in 2026? — Dubai, UAE

Expert-reviewed by BusinessDubai Business Setup Advisors. Written with guidance from licensed UAE company-formation consultants with 10+ years of experience, and fact-checked against official government sources before publishing. Last reviewed May 20, 2026.

The UAE's financial system depends on Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) controls. If you're running a real estate agency, precious metals business, accounting firm, law practice, or any Designated Non-Financial Business and Profession (DNFBP), this isn't optional bureaucracy. It's a core requirement with serious consequences if you get it wrong [1].

In March 2026, the Ministry of Economy (MOE) is conducting a mandatory survey of all registered DNFBPs to assess compliance levels. Non-completion can trigger license suspension, fines up to AED 5 million, and public enforcement action. This guide walks you through exactly what the survey requires, what regulations apply, and what your business needs to do right now [1].

Answer Capsule: AML/CFT compliance protects your business, prevents unwitting involvement in crimes, and ensures you meet UAE and FATF obligations.

Which Businesses Must Complete the 2026 MOE Survey?

The MOE survey targets Designated Non-Financial Businesses and Professions (DNFBPs). If your business falls into any of these categories and you're registered in the UAE, you're required to complete the survey [1].

Real Estate Agents and Brokers

Property transactions are high-value and often cross-border, making real estate a priority sector for AML oversight. Every real estate agent must verify customer identity, obtain beneficial ownership information for corporate buyers, assess the purpose of transactions, and monitor for suspicious patterns like cash payments or rapid resales at unusual prices [3].

Precious Metals and Stones Dealers

Gold, silver, diamonds, and precious gemstones are commonly used in money laundering schemes due to their portability and value. Precious metals dealers must verify the identity of every customer, particularly for large transactions. Enhanced verification is required if the customer shows signs of structuring, which is making multiple smaller purchases to avoid reporting thresholds [3].

Accountants and Accounting Practices

Accountants have access to financial information and must verify beneficial ownership of all client companies, understand the nature and purpose of relationships, maintain client documentation, and be alert for signs of illegal activities [1].

Legal professionals must assess money laundering risk in client engagements, verify beneficial ownership before accepting clients, maintain confidentiality while reporting suspicious activities, and understand when to file Suspicious Transaction Reports (STRs) without breaching attorney-client privilege [1].

Trust and Company Service Providers

If you provide corporate services like company formation or nominee director services, you're subject to AML/CFT requirements. You must verify customer identity and beneficial ownership, understand business purposes, and report any suspicion of money laundering [1].

Answer Capsule: Real estate, precious metals, accounting, law, and trust services must comply. Free zone businesses and mainland registrations both face AML obligations.

What Are the Core Regulations Governing AML/CFT in the UAE?

UAE AML/CFT compliance is built on a legal framework with significant penalties. Understanding the main regulations is essential because they define your obligations and consequences for violations [1].

Federal Decree-Law No. 20 of 2018

This foundational AML/CFT law applies to all financial institutions and DNFBPs. It establishes requirements for Customer Due Diligence, record-keeping for 5 years, STR filing, and appointment of AML compliance officers. The decree also defines money laundering broadly to include assistance, concealment, or facilitation of illegal proceeds [1].

Cabinet Decision No. 10 of 2019

This Cabinet Decision implements Decree-Law No. 20 and sets specific requirements for financial institutions and DNFBPs. It defines CDD scope, beneficial ownership verification procedures, Enhanced Due Diligence thresholds, and the 30-day timeline for STR filing [1].

Penalties for Non-Compliance

The financial and legal consequences are substantial. Penalties include:

  • AED 50,000 minimum for minor violations
  • from AED 100,000 for serious violations
  • from AED 500,000 million for grave violations
  • Criminal penalties: up to 10 years imprisonment for facilitating money laundering
  • Business license suspension or revocation for sustained non-compliance [1]

Pro Tip: Compliance isn't just about avoiding penalties. A strong AML program demonstrates that your business operates with integrity, which matters when banking relationships, international expansion, or investor confidence are at stake [2].

Answer Capsule: Federal Decree-Law No. 20 and Cabinet Decision No. 10 establish the framework. Penalties range from AED 50,000 million plus criminal liability.

What Is Customer Due Diligence and How Do You Implement It?

Customer Due Diligence (CDD) is the foundation of AML compliance. It's the process of verifying your customer's identity, understanding the nature and purpose of the business relationship, and identifying the beneficial owner if the customer is a legal entity [1].

Basic CDD Requirements

For every customer relationship, perform these steps before the relationship begins:

  • Identify and verify customer identity using at least two forms of ID (passport and national ID card)
  • Obtain customer information: full legal name, date of birth, permanent address, occupation, and source of funds
  • Verify beneficial ownership: If the customer is a company, identify anyone with 25% or more direct or indirect ownership
  • Assess purpose and nature: Understand why the customer is engaging your services and transaction amounts
  • Document everything: Create a CDD file for each customer with copies of all documents, maintained for 5 years [1]

Common CDD Mistakes to Avoid

Common Mistake: Relying solely on customer-provided information without independent verification. You must verify through commercial registers or company documents, not just accept customer claims [3].

Common Mistake: Completing CDD once and assuming the relationship is cleared forever. Regulations require ongoing monitoring and annual updates, more frequently for high-risk customers [3].

Common Mistake: Not documenting the CDD process. Documentation is proof of compliance. Without it, you face liability if regulators investigate [3].

Answer Capsule: CDD verifies customer identity, beneficial ownership, and transaction purpose. Document all steps and update annually. Verification must be independent.

Industry News in Dubai and the UAE

What Is Enhanced Due Diligence and When Does It Apply?

Enhanced Due Diligence (EDD) is a stricter form of customer verification that applies to customers or transactions with higher money laundering risk [1].

High-Risk Customer Categories Requiring EDD

  • Politically Exposed Persons (PEPs): Government officials, military officers, judges, family members
  • Sanctioned individuals: Anyone on international sanctions lists
  • High-risk jurisdictions: FATF-identified jurisdictions with weak AML controls
  • Non-residents: Customers without UAE address, especially for high-value transactions
  • Complex structures: Companies with layered ownership
  • Cash-intensive businesses: Unexplained cash deposits [1]

EDD Procedures

For high-risk customers:

  • Require senior management approval
  • Request additional documents: bank references, proof of source of funds
  • Monitor transactions quarterly or more frequently
  • Verify source of funds
  • Reassess relationship periodically
  • Document your rationale [1]

Real Talk: Some businesses resist EDD because it slows customer on-boarding. The cost of EDD is far lower than the cost of enforcement action or being complicit in actual crime [3].

Answer Capsule: EDD applies to PEPs, sanctioned persons, high-risk jurisdictions, and complex structures. Requires senior approval, enhanced documentation, and quarterly monitoring.

What Is the goAML System and How Do You File STRs?

The goAML system is the UAE Financial Intelligence Unit's (FIU) central reporting platform. All financial institutions must register, and DNFBPs must file Suspicious Transaction Reports (STRs) through this system [1].

What Triggers an STR

An STR is required when you have reasonable suspicion that a customer, transaction, or pattern may be connected to money laundering or terrorist financing. There is no minimum amount threshold. Common red flags include:

  • Multiple smaller transactions in quick succession (structuring)
  • Cash payments inconsistent with legitimate business
  • Customer providing conflicting information about identity or source of funds
  • Transaction patterns inconsistent with customer's occupation or business
  • Requests for unusual payment methods or routing through intermediaries
  • Beneficial ownership that appears deliberately obscured or involves high-risk jurisdictions [2]

STR Filing Timeline and Process

You must file an STR within 30 days of forming the suspicion. The faster you file, the more useful the information is to authorities. In goAML, you'll provide:

  • Customer identification details
  • Description of the transaction or pattern
  • Reason for suspicion
  • Dates, amounts, and counterparties
  • Your assessment of the risk [1]

Filing is protected: You're immune from liability for good faith STR filing. You're prohibited from alerting customers of STR filing [1].

Answer Capsule: File STRs within 30 days of suspicion. Protected filing ensures immunity. No minimum transaction amount. Continue monitoring even after filing.

Not sure how these changes affect your business? Our advisors keep you compliant and ahead of every new UAE regulation, tax, and reporting rule.

Talk to an expert

What Are AML Compliance Officer Requirements?

Federal Decree-Law No. 20 requires entities to appoint a dedicated AML Compliance Officer. This person is responsible for overseeing the AML/CFT program, ensuring policies are followed, filing STRs, conducting risk assessments, and reporting to senior management [1].

Appointment and Duties

The AML Compliance Officer must be formally appointed through board resolution or management decision. The appointment should be documented in writing with clear role definition and reporting lines. The officer doesn't need to be full-time for small businesses. A sole proprietor can serve as their own AML Compliance Officer, or you can designate an existing employee to add AML responsibilities [1].

Core duties include overseeing the AML/CFT program, filing STRs, conducting annual risk assessments, ensuring staff training, maintaining compliance records, responding to regulatory inquiries, and reporting to senior management and the board [1].

Training and Qualifications

The AML Compliance Officer should have knowledge of AML/CFT regulations and money laundering typologies. All staff who interact with customers or handle transactions must receive AML/CFT training at least annually. Training should cover regulations, your business's AML policies, Customer Due Diligence processes, red flags, STR reporting, record-keeping requirements, and confidentiality obligations [1].

Answer Capsule: Designate AML officer formally with clear authority. Ensure annual training for all staff. Document all training records for 5 years.

How Do You Conduct a Money Laundering Risk Assessment?

Regulations require entities to assess their money laundering and terrorist financing risk. This is the foundation for a risk-based AML program that applies stronger controls where risk is higher [1].

Risk Assessment Components

A Money Laundering Risk Assessment (MLRA) considers four categories of risk:

  • Customer risk: Which customer types pose higher risk? Companies are generally higher risk than individuals. International customers are higher risk than domestic customers
  • Product risk: Which services or transactions are inherently higher-risk? Cash transactions are higher risk than electronic transfers
  • Delivery channel risk: How do you interact with customers? Face-to-face interactions reduce risk. Remote interactions increase risk
  • Geographic risk: Where are your customers located? Customers in high-risk jurisdictions pose higher risk [1]

MLRA Methodology

Step 1: Identify risk factors. Step 2: Rate as low, medium, or high. Step 3: Combine ratings for overall risk. Step 4: Design CDD/EDD controls. Step 5: Document, approve, implement, and review annually [1].

Quick Math: A real estate agency serving mostly UAE nationals would implement standard CDD for residents and EDD for international clients from high-risk jurisdictions. This is risk-based compliance [3].

Answer Capsule: MLRA assesses customer, product, channel, and geographic risk. Rate each as low, medium, or high. Design CDD/EDD based on risk. Update annually.

Doing business in Dubai, UAE

What Are Record-Keeping Requirements Under AML Regulations?

Federal Decree-Law No. 20 requires 5-year record retention for all AML-related documents. This is mandatory, and enforcement actions often cite record-keeping failures [1].

Required Records to Maintain

Your business must keep records of:

  • Customer identification documents: Copies of passports, national IDs, visas
  • CDD documentation: CDD forms showing verification performed and who reviewed it
  • Beneficial ownership documentation: Commercial register extracts, shareholder lists, beneficial owner ID documents
  • Transaction records: Dates, amounts, counterparties, and purposes
  • STRs filed: Copies of all goAML submissions
  • Correspondence and communications: Emails and notes from customer interactions
  • Risk assessments: MLRA documents and periodic updates
  • Policy documents: Your AML/CFT policies and procedures manual
  • Staff training records: Dates, topics, and attendee names
  • Board minutes: Documentation of approvals and AML program reviews [1]

Storage and Retention

Retention period: Minimum 5 years from the date of transaction or when the customer relationship ends. Storage can be physical (paper files) or electronic (digital documents with encryption). Ensure secure access, backup copies, and ability to retrieve records within 10 days if regulators request them [1].

Answer Capsule: Maintain all CDD, transactions, STRs, training, and policy records for 5 years. Electronic storage acceptable with encryption. Retrieval within 10 days required.

Want to stay fully compliant without the headache? Get a free consultation and we will review your obligations for you.

Get a free consultation

How Do Free Zone Companies Handle AML/CFT Compliance?

Free zone companies must comply with UAE federal AML/CFT regulations and their specific free zone's requirements. Major free zones have implemented stricter beneficial ownership disclosure requirements than the federal minimum [1].

Major Free Zones and Their Requirements

IFZA requires certified beneficial ownership declarations. Meydan requires annual CDD certification. RAKEZ requires beneficial ownership verification. SHAMS mandates AML programs. Ajman requires government database verification. DMCC applies enhanced requirements to precious metals traders. DIFC and ADGM follow stricter AML standards [4].

Free zone companies should adopt the stricter standard between federal law and their specific free zone rules. For the MOE 2026 survey, check with your free zone licensing department whether MOE survey applies to you or whether your free zone will conduct its own assessment [1].

Answer Capsule: Free zone companies comply with federal law plus free zone-specific rules. IFZA, Meydan, RAKEZ, SHAMS, Ajman, DMCC, DIFC, and ADGM each have additional requirements.

What Is the UAE's FATF Status and Why Does It Matter?

The Financial Action Task Force (FATF) is the international standard-setting body for AML/CFT. In 2023-2024, the UAE was on the FATF "grey list" due to deficiencies in CFT compliance and beneficial ownership verification. This status affected international banking relationships, raised compliance costs, and damaged investor confidence [1].

FATF Remediation and 2026 Mutual Evaluation

In 2024, the UAE submitted remediation efforts addressing grey list concerns. The government strengthened beneficial ownership disclosure, enhanced transaction monitoring, and improved international cooperation. The 2024 FATF assessment noted six high-priority improvements. The target for full delisting is the 2026 mutual evaluation report, expected in late 2026. The MOE 2026 survey is part of the government's remediation strategy. Demonstrating that DNFBPs have implemented strong AML programs supports FATF's assessment of improved compliance [1].

Answer Capsule: UAE was on FATF grey list 2023-2024 for CFT and beneficial ownership gaps. 2026 survey supports remediation. Full delisting expected late 2026.

What Is UAE AML/CFT Compliance and Why Does It Matter in 2026? — business setup in Dubai

How Do You Build a Practical AML Compliance Program?

Here's a step-by-step framework to implement AML/CFT controls:

Phase 1: Governance (Weeks 1-2)

Appoint your AML Compliance Officer formally. Develop a basic AML/CFT Policy outlining commitment, roles, and CDD/STR frameworks. Have management approve [1].

Phase 2: Risk Assessment (Weeks 3-4)

Conduct Money Laundering Risk Assessment. Develop CDD forms or checklists. Establish STR procedure [1].

Phase 3: Systems and Training (Weeks 5-6)

Set up record-keeping system. Register with goAML. Conduct staff AML training. Document attendance [1].

Phase 4: Implementation (Ongoing)

Apply CDD procedures to all new customers. Phase in CDD for existing customers over 3-6 months. Monitor transactions for red flags. Schedule quarterly reviews. Conduct annual training [1].

Answer Capsule: Build in phases: (1) Appoint officer and develop policies, (2) Risk assessment and procedures, (3) Systems and training, (4) Implementation. Six-week build timeline.

Have questions about what this means for your company? Our team translates the rules into clear, practical next steps.

Speak to an advisor

What Should You Expect From the MOE 2026 Survey?

The Ministry of Economy will conduct an online survey through businessregistration.ae starting March 2026. Survey completion is mandatory for all registered DNFBPs. Non-completion can result in license suspension or fines [1].

Survey Content

The survey will assess your AML program status, CDD implementation, EDD procedures, risk assessment methodology, STR filing process, staff training frequency and records, record-keeping systems and retention periods, and regulatory awareness regarding FATF obligations [1].

Preparing for Survey Completion

Gather your business registration, AML Compliance Officer appointment evidence, AML/CFT Policy, MLRA document, sample CDD forms, and staff training records [1].

Pro Tip: If your AML program is still in development, complete and submit the survey as soon as possible. Demonstrating early participation in the survey initiative strengthens your position if regulators later investigate your compliance [2].

Answer Capsule: MOE survey covers AML program status, CDD, EDD, risk assessment, STRs, training, and records. Non-completion may result in license suspension.

What Are Recent Enforcement Actions and What Can You Learn?

Actual enforcement actions over the past 12 months provide practical lessons about what regulators are scrutinizing [1].

Real Estate CDD Procedures (AED 250,000 Fine)

A Dubai real estate agency was fined for inadequate CDD. The agency had customer ID documents but failed to verify beneficial ownership for corporate purchasers [2].

Transaction Monitoring Failure (AED 1.2 Million Fine)

A precious metals dealer failed to detect structuring patterns. A customer made 12 purchases in 8 weeks, each just below AED 10,000. The dealer had no transaction monitoring system [2].

Beneficial Ownership Concealment (AED 250,000)

Multiple accounting firms failed to disclose their own beneficial ownership to the business registration authority [2].

Common Mistake: Assuming enforcement actions only affect large institutions. Recent cases involve small to mid-size DNFBPs [2].

Answer Capsule: Recent enforcement cases address CDD failures, transaction monitoring gaps, and STR non-filing. Common themes: document procedures, verify ownership, monitor transactions formally.

Frequently Asked Questions About AML/CFT Compliance

Do all businesses need to comply with AML/CFT, or just DNFBPs?

All registered businesses in the UAE are technically subject to AML/CFT regulations. However, the MOE 2026 survey specifically targets DNFBPs. Other businesses are encouraged to implement AML programs but are not directly surveyed [1].

Is the MOE 2026 survey mandatory or optional?

The survey is mandatory for all registered DNFBPs. Non-completion can result in business license suspension, fines, or enforcement actions. The MOE has indicated that survey completion by Q2 2026 is a regulatory obligation [1].

What if my business hasn't implemented AML compliance yet?

You can still complete the survey honestly, indicating areas where you're developing systems. Submitting a survey showing good faith compliance efforts is far better than not submitting at all [1].

How much does it cost and can I outsource the AML Compliance Officer?

Basic AML controls cost from AED 5,000 internally. External consultants cost from AED 20,000 Compliance software ranges from AED 5,000+ annually. You must designate an internal AML Compliance Officer; you cannot outsource this appointment [1].

How frequently must I update Customer Due Diligence on existing customers?

At minimum, annually. For high-risk customers, more frequently (quarterly, semi-annually). When you notice changes in transaction patterns or unusual requests, update CDD promptly [1].

What happens if I file an STR and the customer finds out?

You're prohibited from disclosing STR filing. If a customer asks directly, you should not confirm or deny. Tipping off is illegal, even if you believe the STR was incorrect [1].

What is a Politically Exposed Person (PEP)?

A PEP is a person who holds or has held a prominent public position, including heads of state, government ministers, military officers, judges, and their close family members. For high-value transactions, PEP screening is prudent. When you identify a PEP customer, Enhanced Due Diligence applies [1].

Can beneficial ownership be held by another company or trust?

Yes. If a company owns 25%+ of your customer's company, that company is a beneficial owner. You then need to verify the beneficial ownership of the owning company, continuing up the chain until you reach natural persons [1].

How long do I need to keep CDD documentation?

Minimum 5 years from the end of the customer relationship. Failure to maintain records is a compliance violation [1].

If I suspect money laundering but don't file an STR, can I be held liable?

Yes. Failure to file an STR when you have reasonable suspicion is a compliance violation. Good faith STR filing is protected from liability, even if the suspicion later proves unfounded [1].

What if a customer refuses to provide documents needed for CDD?

You cannot proceed with the customer relationship without completing CDD. Declining to do business is the correct response [1].

Are free zone companies exempt from AML compliance?

No. Free zone companies must comply with UAE federal AML regulations plus their specific free zone requirements [1].

What is the difference between CDD and EDD?

Customer Due Diligence (CDD) is the standard verification process applied to all customers. Enhanced Due Diligence (EDD) is a stricter process applied to high-risk customers, requiring senior management approval, additional documentation, and more frequent monitoring [1].

Can I implement a spreadsheet-based system for CDD records?

A spreadsheet system is acceptable with adequate security, backup, and encryption. However, for businesses with 700+ customers annually, compliance software usually saves time and reduces errors [5].

What if I discover a mistake in an STR I filed?

File an amended STR through goAML explaining the correction. Proactively correcting errors demonstrates good faith [1].

Answer Capsule: Spreadsheet systems acceptable with encryption. File amendments promptly. AML officer designation mandatory. PEP screening recommended.

The Bottom Line: Compliance Protects Your Business

AML/CFT compliance is not just a regulatory obligation. It's business protection. A well-designed AML program shields your business from unwitting involvement in crime and demonstrates that you operate with integrity. The MOE 2026 survey is an opportunity to demonstrate your commitment to supporting UAE's FATF compliance efforts [1].

Start now. Appoint an AML Compliance Officer, develop basic policies, implement CDD for all new customers, and register with goAML. These steps will position your business to complete the MOE survey smoothly and demonstrate good faith compliance [1].

If you need support with AML program design, compliance documentation, or staff training, BusinessDubai.ae can connect you with AML compliance professionals. We also have guides on mainland company setup, free zone company setup, and regulatory compliance. For additional resources, explore our company audit guide and real estate business guide.

Get started with BusinessDubai

Ready to set up your business in Dubai?

From trade licence and visas to corporate banking and tax registration, our specialists handle your entire company setup end to end — with transparent, fixed fees and no surprises. Book a free, no-obligation consultation and get a clear plan and quote today.

Get started freeTalk to an expert
Trusted since 2013 · 100% foreign ownership · Fast, fixed-fee setup
Business setup consultants in Dubai ready to help you start your company
Continue Reading
What Is a RERA Audit in Dubai and Why Does It Matter in 2026? — Dubai, UAENews
Apr 17, 2026

What Is a RERA Audit in Dubai and Why Does It Matter in 2026?

A RERA audit is an independent examination of your real estate business's financial records, escrow accounts, and operat

Read guide
Who Can Become a Real Estate Broker in Dubai? — Dubai, UAEBusiness Setup
May 30, 2026

Who Can Become a Real Estate Broker in Dubai?

Since 2013, we've helped thousands of aspiring real estate professionals move through Dubai's licensing system and launc

Read guide
What Products Does Excise Tax Cover? — Dubai, UAENews
May 3, 2026

What Products Does Excise Tax Cover?

The UAE's excise tax system just changed fundamentally on January 1, 2026. If you run a food and beverage business, this

Read guide
How to Start a Money Exchange Business in Dubai: Complete 2026 Guide — Dubai, UAEBusiness Setup
May 22, 2026

How to Start a Money Exchange Business in Dubai: Complete 2026 Guide

The UAE's remittance market channels over $45 billion annually through exchange houses, making money exchange one of the

Read guide
Digital Economy VAT in the UAE: What Online Businesses Need to Know in 2026 — Dubai, UAENews
May 4, 2026

Digital Economy VAT in the UAE: What Online Businesses Need to Know in 2026

The UAE's VAT rules for digital services just got stricter. If you're running an online business, selling SaaS, operatin

Read guide
What Is Transfer Pricing and Why Does It Matter in the UAE? — Dubai, UAENews
May 19, 2026

What Is Transfer Pricing and Why Does It Matter in the UAE?

Transfer pricing is how much you charge when your company sells goods, services, or intellectual property to another com

Read guide
Your Dubai Business Journey Starts Here
Google
star iconstar iconstar iconstar iconstar icon
320+ Reviews
Building a business takes time, trust, and teamwork. Since 2013, we have been helping entrepreneurs turn their ideas into successful companies. Together, we make the process simple and help you establish a strong foundation in Dubai’s dynamic market.
Aman Shams
Business Consultant
Get in touch now
Get in touch now
Pages
HomeServicesAboutBlogsSitemapLegalsCareersContact us
Services
Business SetupMarket ResearchCorporate ServicesPost Setup ServicesFirm ConsulatncyAccounting ServicesVisa ServicesLegal Services
Business Setup
FreeZoneMainLandOffshorePackages
Support
+971 505061871info@businessdubai.ae
Business Setup in dubai
© Businesdubai.ae Powered by NasrCapital