AML Laws for DNFBPs in the UAE – Complete Compliance Guide

Table of Contents

DNFBP AML Framework in UAE: Quick Summary

Designated Non-Financial Businesses and Professions (DNFBPs) in the UAE are required to follow a full Anti-Money Laundering, Counter-Terrorist Financing, and Counter-Proliferation Financing (AML/CFT/CPF) compliance framework. This is not a light or optional obligation.

In practice, businesses must establish risk assessments, due diligence processes, monitoring systems, sanctions screening, escalation mechanisms, and reporting controls that are properly documented and supported by evidence.

This guide explains:

  • AML Laws for DNFBPs in the UAE
  • AML Regulations for DNFBPs in the UAE
  • Core AML Compliance Requirements across mainland, free zones, and financial free zones

Put an AML Policy in Place That Meets UAE Standards

Custom AML policies and procedures aligned with UAE AML law and supervisory expectations for auditors and accountants.

Draft My AML Policy

Who Should Use This AML Framework Guide?

This AML guide is intended for DNFBP management teams and compliance professionals operating under relevant competent authorities such as MoET and MoJ, depending on business activity.

Entities classified as DNFBPs in the UAE include:

  • Accountants and Auditors
  • Trust and Company Service Providers
  • Lawyers and Legal Consultants
  • Dealers in Precious Metals and Stones
  • Real Estate Agents and Brokers
  • Commercial Gaming Operators

This Guide is Especially Helpful For:

  • MLROs and Compliance Officers
  • Business Owners and Directors
  • Internal Audit and Risk Teams
  • Operations Managers involved in onboarding, reviews, and escalation workflows

Key AML Laws Applicable to DNFBPs in the UAE

1. Federal AML / CFT Laws

  • Federal Decree-Law No. (10) of 2025: Regarding Anti-Money Laundering and Combating the Financing of Terrorism and Proliferation Financing
  • Cabinet Resolution No. (134) of 2025: Executive Regulations of Federal Decree-Law No. (10) of 2025
  • Federal Law No. (7) of 2014 on Combating Terrorism Offences
  • Cabinet Resolution No. (74) of 2020: Terrorist Lists and UN Security Council Implementation
  • Cabinet Resolution No. (71) of 2024: Violations and Administrative Penalties (MoJ and MoE Supervised Entities)
  • Cabinet Decision No. (109) of 2023 – Beneficial Owner Procedures
  • Cabinet Resolution No. (132) of 2023 – Administrative Penalties for Beneficial Owner Violations

2. UAE National Risk Assessment

  • UAE ML/FT National Risk Assessment (NRA)

3. Common Guidance for All Reporting Entities

  • Guidance on Targeted Financial Sanctions for FIs, DNFBPs and VASPs – July 2025
  • Proliferation Finance Institutional Risk Assessment Guidance – December 2023
  • Terrorist and Proliferation Financing Red Flags Guidance – December 2023
  • Counter Proliferation Financing Guidance – November 2022
  • Joint Guidance on Unlicensed Virtual Asset Service Providers – November 2023
  • Joint Guidance (Satisfactory / Unsatisfactory Practices) – June 2021
  • FIU Strategic Analysis Report on Terrorist Financing – May 2025

4. DNFBP Sector-Specific AML Guidelines

  • AML/CFT Guidelines for DNFBPs – September 2025
  • Implementation Guide for Customer Risk Assessment (CRA) – November 2024
  • Implementation Guide for Customer Due Diligence (CDD) – December 2024

Train Your Team on UAE AML Obligations

Role-based AML training for partners, staff, and MLROs with practical, regulator-ready, and audit-proof.

Schedule AML Training

AML / CFT / CPF Compliance Requirements for DNFBPs

For DNFBPs, compliance should be converted into a practical operating model built on five control layers.

  1. Governance and Oversight

Clear accountability, policy ownership, approval structures, and management reporting.

  1. Risk Assessment Framework

Enterprise-level and customer-level risk methodologies aligned with UAE regulatory guidance.

  1. Preventive Controls

CDD, Enhanced Due Diligence (EDD), sanctions screening, and onboarding procedures supported by documentation.

  1. Detection and Escalation Controls

Transaction monitoring, alert handling, internal escalation, and suspicious activity reporting readiness.

  1. Assurance and Evidence

Recordkeeping, staff training, periodic testing, issue tracking, and remediation proof.

This layered structure helps DNFBPs demonstrate control effectiveness and regulatory alignment.

Step-by-Step AML Implementation Framework for DNFBPs

Step 1: Build a Legal Obligations Matrix

Map each legal requirement to control objectives, responsible owners, and required evidence.

Step 2: Align Risk Assessments with NRA and SRA

Clearly show how risk findings influence control design and calibration.

Step 3: Convert Policies into Procedures

Define workflows, approval thresholds, and decision authority in operational terms.

Step 4: Deploy Core Controls

Implement risk-based CDD, monitoring systems, sanctions screening, and escalation processes.

Step 5: Strengthen Reporting and Recordkeeping

Standardise documentation quality and case file formats.

Step 6: Test, Remediate, and Retest

Continuously identify weaknesses and close them with evidence.

Common AML Compliance Gaps in DNFBPs

  • Policies exist but are not effectively implemented
  • Inconsistent quality of due diligence reviews
  • Generic risk scoring not aligned with sector realities
  • Weak escalation documentation and missing records
  • Limited maturity in ongoing monitoring
  • Absence of independent periodic testing

Closing these gaps significantly improves regulatory confidence and audit readiness.

Practical AML Compliance Checklist for DNFBPs

  • Do we maintain an updated legal obligations register?
  • Are our controls linked to Federal Decree-Law 10 of 2025 and Cabinet Resolution 134 of 2025?
  • Are NRA and SRA outcomes reflected in our risk model?
  • Do we apply CDD and EDD consistently with documented reasoning?
  • Are screening and escalation decisions traceable and reviewable?
  • Is our reporting pathway clearly defined and tested?
  • Can we produce complete records quickly during supervisory reviews?
  • Do we conduct periodic testing and close remediation actions on time?

Common FAQs on AML Laws for DNFBPs in UAE

In practical terms, AML Laws for DNFBPs are legal and regulatory obligations that require businesses to prevent, identify, escalate, and report money-laundering, terrorist-financing, and proliferation-financing (ML/TF/PF) risks through a risk-based control framework.

From a compliance perspective, AML laws create the legal obligation and enforcement authority, while regulations and official guidance explain how those legal duties should be applied in day-to-day operations.

The National Risk Assessment (NRA) and Sector Risk Assessment (SRA) help DNFBPs prioritise risks and justify control decisions. They support the rationale for why certain controls are enhanced, simplified, or redesigned based on actual risk exposure.

Yes. DNFBPs should map their business activities to the appropriate competent authority and supervisory channel, including MoET and MoJ contexts where relevant, to ensure accurate regulatory alignment.

Yes. Jurisdictional differences influence supervisory expectations and control requirements. Maintaining a jurisdiction mapping matrix helps organisations avoid compliance gaps and regulatory blind spots.

Strengthen AML Compliance Beyond goAML Registration

Implement AML software, managed KYC services, and ongoing compliance support tailored for accounting and audit firms in the UAE.

Get Compliance Ready Now!