AML Laws for DPMS in the UAE: Legal Framework, NRA Alignment, and Compliance Obligations

Table of Contents

AML Laws for DPMS in the UAE

The UAE is one of the world’s most active markets for gold, precious metals, diamonds, and gemstones. Bullion is refined, traded, and exported. Jewellery is manufactured at scale. High-value commodities cross borders continuously.

That concentration of portable, liquid value creates inherent exposure to money laundering and proliferation financing risks. Dealers in Precious Metals and Stones are therefore treated as a strategically sensitive sector under UAE AML law.

For DPMS businesses, compliance protects banking access, trading relationships, and long-term market standing. This guide covers the legal framework, supervisory structure, national risk assessments, and core obligations applicable to DPMS in the UAE Mainland and commercial free zones.

Put an AML Policy in Place That Meets UAE Standards

Custom AML policies and procedures aligned with UAE AML law and supervisory expectations for auditors and accountants.

Draft My AML Policy

Who Qualifies as DPMS?

Under the UAE AML framework, DPMS are classified as Designated Non-Financial Businesses and Professions. Any business that transacts in precious metals or stones as part of its trade falls within this category.

This includes gold and bullion traders, diamond and gemstone traders, jewellery retailers and wholesalers, precious metal refiners, importers and exporters of precious commodities, and brokers involved in high-value commodity transactions.

The defining risk characteristic is the ability to transfer significant value through small, easily transportable assets. That profile shapes every regulatory expectation placed on the sector.

The Supervisory Authority

The Ministry of Economy and Tourism supervises DPMS across the UAE Mainland and commercial free zones. Its responsibilities include conducting inspections, issuing sector guidance, overseeing goAML reporting, and applying administrative penalties for compliance failures.

Where a DPMS business is established within a financial free zone such as ADGM or DIFC, supervision may fall under the relevant free zone regulator depending on the licensed activities.

Core Federal Legislation

Federal Decree Law No. 10 of 2025 is the primary AML statute. It establishes obligations across customer due diligence, suspicious transaction reporting, record-keeping, sanctions compliance, and governance. It also strengthens enforcement powers and the administrative penalties framework.

Cabinet Resolution No. 134 of 2025 provides the executive regulations. It translates the law into operational requirements covering risk-based approach standards, CDD and EDD procedures, reporting duties, and supervisory inspection powers.

Federal Law No. 7 of 2014 criminalises terrorism financing and underpins the UAE’s counter-terrorist financing regime.

Cabinet Decision No. 74 of 2020 2020 establishes the framework for implementing UN Security Council sanctions in the UAE. DPMS must screen customers and counterparties, freeze assets where designated persons are identified, and meet defined reporting timelines.

Cabinet Resolution No. 71 of 2024 sets out the schedule of administrative penalties for supervised entities, covering failures in CDD, reporting, governance, and sanctions compliance.

Cabinet Decision No. 109 of 2023 requires companies to maintain accurate beneficial ownership records. For DPMS dealing with corporate customers or layered structures, this is a recurring compliance focus.

Cabinet Resolution No. 132 of 2023 establishes penalties for beneficial ownership transparency failures and reinforces the importance of keeping ownership records accurate and current.

Train Your Team on UAE AML Obligations

Role-based AML training for partners, staff, and MLROs with practical, regulator-ready, and audit-proof.

Schedule AML Training

AML/CFT/CPF Guidance for All Reporting Entities

Legislation defines legal obligations. Guidance documents define what meeting those obligations looks like in practice. Supervisors assess whether internal policies genuinely reflect these instruments, not merely reference them.

Guidance on Targeted Financial Sanctions for Financial Institutions, DNFBPs, and VASPs, July 2025, covers real-time screening, immediate freezing obligations, prohibitions on making assets available to designated persons, reporting timelines, and internal control standards.

Proliferation Finance Institutional Risk Assessment Guidance, December 2023, provides a methodology for identifying and managing CPF exposure, including customer risk factors, geographic vulnerabilities, product risks, and trade-based indicators. DPMS should reflect this in their Business Risk Assessment.

Terrorist and Proliferation Financing Red Flags Guidance, December 2023
outlines typologies and indicators relevant to TF and PF. For DPMS, this includes trade mispricing, unusual shipping routes, and counterparties connected to sanctioned jurisdictions.

Guidance on Counter Proliferation Financing, November 2022 clarifies governance, sanctions screening, and reporting expectations. It makes clear that CPF risk must be managed as a distinct discipline.

Joint Guidance on Combating the Use of Unlicensed Virtual Asset Providers in the UAE is relevant for DPMS engaging with digital asset settlement or crypto-linked transactions.

Joint Guidance on Satisfactory and Unsatisfactory Practices provides inspection-based benchmarks covering effective controls and common deficiencies observed across regulated firms.

FIU Strategic Analysis Reports document typologies and trends. Supervisors expect these to be reflected in risk assessments, training, and monitoring scenarios.

ML/FT National Risk Assessment

The UAE Money Laundering and Terrorist Financing National Risk Assessment is the country’s formal analysis of financial crime risk. It covers the primary predicate offences generating illicit funds, sector-level ML and TF exposure, cross-border risks, and the effectiveness of supervisory systems.

DPMS are assessed within the DNFBP segment. The NRA gives particular focus to trade-based money laundering, large-value commodity transactions, international supply chains, and cash-driven business activity.

Supervisors expect DPMS to align their Business Risk Assessment with NRA conclusions. Where that alignment cannot be demonstrated during inspection, it is treated as a governance weakness.

Proliferation Financing National Risk Assessment

The UAE’s dedicated PF NRA examines exposure to financing linked to weapons of mass destruction and sanctions evasion. It assesses national vulnerabilities, sector-level PF exposure, the effectiveness of Targeted Financial Sanctions implementation, and risks from cross-border trade in dual-use goods.

For DPMS, the relevance is direct. Global trading networks and high-value physical commodity flows can create exposure to sanctioned parties or high-risk jurisdictions without strong controls in place.

Together, the ML/FT NRA and PF NRA form the national risk baseline underpinning all AML, CFT, and CPF supervision in the UAE.

Strengthen AML Compliance Beyond goAML Registration

Implement AML software, managed KYC services, and ongoing compliance support tailored for accounting and audit firms in the UAE.

Get Compliance Ready Now!

DNFBP-Level AML/CFT/CPF Framework Applicable to DPMS

Dealers in Precious Metals and Stones operate within the wider category of Designated Non-Financial Businesses and Professions (DNFBPs). This means DPMS must comply not only with sector-specific obligations but also with the federal DNFBP compliance framework.

This framework includes:

Together, these instruments form the baseline AML/CFT/CPF compliance structure applicable to all DPMS operating in the UAE.

AML Legal Framework for DPMS in the UAE

The compliance obligations applicable to DPMS in the UAE flow directly from the country’s primary AML legislation and its executive-level implementing framework.

Federal Decree Law No. 10 of 2025 is the foundation of the UAE’s AML, CFT, and CPF regime. It strengthens enforcement structures, expands supervisory authority, reinforces the administrative penalties framework, and defines the fundamental compliance obligations that apply to all reporting entities, including DPMS.

Cabinet Resolution No. 134 of 2025 translates the law into operational requirements covering the risk-based approach, customer due diligence, enhanced due diligence, reporting duties, and supervisory oversight. It also improves coordination between competent authorities and clarifies how compliance controls are expected to work in practice.

Together, these instruments form the mandatory compliance structure governing the DPMS sector.

Under this framework, DPMS businesses must establish and maintain:

  • A formally documented Business Risk Assessment, periodically reviewed
  • Customer Due Diligence and Enhanced Due Diligence processes calibrated to actual risk exposure
  • Ongoing transaction monitoring to detect unusual or inconsistent activity
  • Procedures for submitting Suspicious Transaction Reports through goAML
  • Targeted Financial Sanctions screening controls
  • Record retention systems meeting statutory requirements
  • Defined governance arrangements including appointment of an accountable AML Compliance Officer

These obligations apply across the full range of DPMS activity, whether retail jewellery, wholesale bullion, refining, diamond trading, cross-border payments, or corporate purchases.

Federal and Sector-Specific Guidance for DPMS

Legislation sets the legal duty. Guidance documents define what discharging that duty looks like in day-to-day systems and controls.

DPMS must follow federal DNFBP guidance, including:

These publications require a genuine risk-based approach. Risk models must reflect actual business realities, including transaction patterns, geographic connections, customer profiles, ownership structures, and product-specific risks. Generic frameworks without meaningful customisation are routinely challenged during supervisory reviews.

In addition, DPMS are subject to sector-specific guidance:

Supplemental Guidance for Dealers in Precious Metals and Stones, May 2019 addresses vulnerabilities specific to the sector, including trade-based money laundering, structured transactions designed to avoid reporting thresholds, use of intermediaries to conceal identities, and beneficial ownership complexity. Firms are expected to reflect their indicators directly in their internal controls.

Ministry Circular 08/AML/2021 introduced mandatory threshold reporting for certain cash and international wire transactions via goAML. This obligation runs separately from Suspicious Transaction Reporting. Firms must manage both streams concurrently.

FIU Strategic Analysis Report, September 2025 current sector typologies including bullion use in layering schemes, trade pricing manipulation, cross-border value movement, and supply chain obscuration. Supervisors expect these typologies to be reflected in Business Risk Assessments and monitoring controls. Risk assessments that remain static despite updated typology intelligence are treated as a governance weakness.

Core AML Obligations for DPMS

Under the federal framework, DPMS businesses must establish and maintain:

A Business Risk Assessment that is formally documented, management-approved, and periodically reviewed. It must address customer profiles, geographic exposure, transaction types, delivery channels, and product-specific risks.

Customer Due Diligence covering identification and verification of customers, establishment of beneficial ownership, and documentation of the purpose and nature of each business relationship.

Enhanced Due Diligence for higher-risk relationships, including those involving high-risk jurisdictions, politically exposed persons, or complex ownership structures. Source of funds and source of wealth verification are typically required.

Ongoing Monitoring to ensure transactions remain consistent with customer profiles. Unusual pricing, structured payments, and unexpected trade routes must be examined and recorded.

Sanctions Screening and Reporting against UAE sanctions lists. Suspicious Transaction Reports must be submitted through goAML, and escalation procedures must be followed without delay.

Governance, including active senior management oversight, appointment of an accountable AML Compliance Officer, and documentation demonstrating supervisory engagement.

Key Compliance Challenges in the DPMS Sector

Cash exposure is a persistent risk in certain market segments. Structured transactions can be used to stay below reporting thresholds.

Trade-based money laundering involves invoice manipulation, shipping discrepancies, complex intermediary chains, and unusual routing. Each requires detailed scrutiny.

Physical portability of gold and gemstones allows rapid cross-border value transfer outside the banking system, placing greater weight on internal controls.

Beneficial ownership complexity in corporate buyers, particularly those using layered offshore structures, requires time and documentation to resolve accurately.

International counterparty risk requires effective geographic risk assessment and robust sanctions screening for every new and existing relationship.

Firms where transaction speed consistently overrides verification face the highest regulatory exposure.

Building a Strong AML Framework

The most effective DPMS compliance programmes are integrated into business operations rather than sitting alongside them.

Characteristics of a mature framework include risk assessment methodologies tailored to the specific business model, technology-enabled monitoring integrated with accounting systems, real-time sanctions screening, independently reviewed beneficial ownership processes, training informed by current FIU typologies, regular internal audit or independent AML review cycles, and inspection readiness testing aligned with Ministry methodology.

Compliance as Commercial Infrastructure

The UAE’s regulatory framework reflects FATF standards and supports coordinated international supervision. Within that environment, AML compliance for DPMS is a commercial infrastructure. It protects banking relationships, supports cross-border trade, and maintains the credibility required to operate in international markets.

Governance quality is assessed through the strength of internal systems, consistency of controls, quality of documentation, and the ability to demonstrate inspection readiness at any point.

FAQs on AML Laws for DPMS in the UAE

AML laws for DPMS in the UAE are primarily governed by Federal Decree Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025. These laws require Dealers in Precious Metals and Stones to implement risk-based AML/CFT/CPF controls, conduct due diligence, submit STRs via goAML, comply with sanctions screening, and maintain proper governance structures.

Yes. Dealers in Precious Metals and Stones (DPMS) are classified as Designated Non-Financial Businesses and Professions (DNFBPs). This means they are subject to the full federal AML/CFT/CPF compliance framework applicable to all reporting entities in the UAE.

The Ministry of Economy and Tourism supervises DPMS operating in the UAE Mainland and commercial free zones. Where activities fall within financial free zones such as ADGM or DIFC, the relevant free zone authority may exercise supervisory oversight depending on the licence.

DPMS must align their Business Risk Assessment with the findings of the UAE Money Laundering and Terrorist Financing National Risk Assessment and the Proliferation Financing National Risk Assessment. Supervisors expect documented evidence that internal risk models reflect national-level risk conclusions.

DPMS must implement:

  • A formally documented Business Risk Assessment

  • Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)

  • Ongoing transaction monitoring

  • Sanctions screening and immediate freezing where required

  • Suspicious Transaction Reporting via goAML

  • Record-keeping systems

  • Appointment of an accountable AML Compliance Officer

  • Senior management oversight

These obligations apply across retail, wholesale, refining, and cross-border commodity activity.

goAML is the UAE Financial Intelligence Unit reporting platform. DPMS must register and submit Suspicious Transaction Reports (STRs) and mandatory threshold reports where applicable. Failure to report can result in administrative penalties.

Under UAE Targeted Financial Sanctions regulations, DPMS must conduct real-time screening against UAE sanctions lists, freeze assets of designated persons without delay, and comply with defined reporting timelines. Proliferation Financing (CPF) risk must be assessed separately within the Business Risk Assessment.

DPMS must follow federal DNFBP guidance, including AML/CFT Guidelines for DNFBPs (September 2025), Implementation Guides for Customer Risk Assessment and CDD (November 2024), and sector-specific Supplemental Guidance for Dealers in Precious Metals and Stones. FIU Strategic Analysis Reports must also inform internal risk controls.

Cabinet Resolution No. 71 of 2024 establishes administrative penalties for AML breaches, including failures in CDD, sanctions screening, governance, and reporting. Penalties may include substantial fines and regulatory enforcement actions.

Yes. A documented and management-approved Business Risk Assessment is mandatory. It must assess customer risk, geographic exposure, transaction types, delivery channels, and product-specific risks. Static or generic risk assessments are typically challenged during inspections.

AML compliance protects banking access, international trading relationships, and market credibility. Given the UAE’s role as a global hub for gold and precious commodities, strong AML governance is essential to maintain commercial stability and regulatory standing.

Strengthen AML Compliance Beyond goAML Registration

Implement AML software, managed KYC services, and ongoing compliance support tailored for accounting and audit firms in the UAE.

Get Compliance Ready Now!