goAML Registration for Accountants and Auditors in UAE

Table of Contents

If you run an accounting firm or audit practice, goAML registration is not paperwork for the sake of paperwork. It is the access route that lets you submit STR and SAR reports to the UAE Financial Intelligence Unit when suspicion surfaces. The best time to set it up is when you are calm, not when a file lands on your desk that makes your instincts ring.

This guide is written specifically for accountants and auditors in the UAE, with a practical, do this then do that approach. It also reflects the reality that registration is a two-stage process, not one.

Who should use this goAML Registration guide

Use this guide if you are any of the following:

  1. An auditing or accounting firm (including chartered accountants, accountants, auditors).
  2. A DNFBP entity registering via the MoECT route for mainland or commercial free zone licences (financial free zones excluded).
  3. Preparing to register with an appointed Compliance Officer / MLRO and the required authorisation letter and IDs.

Supervisory authority for accountants and auditors

For many DNFBP professional firms, goAML registration with the Ministry of Economy & Tourism is used in practice for trade licences issued by mainland registrar authorities and commercial free zones, with financial free zones excluded from that supervisory arrangement.

What goAML registration enables for an audit or accounting firm

Once registered, your firm gains access and an organisation identifier that becomes your internal reference for goAML reporting and user access.

In plain terms, it means:

  1. You can submit suspicious reports electronically to the FIU through goAML.
  2. Your MLRO can run reporting properly without last-minute access chaos
  3. Your internal controls look credible to banks, auditors, and supervisors because you are report-ready

Put an AML Policy in Place That Meets UAE Standards

Custom AML policies and procedures aligned with UAE AML law and supervisory expectations for auditors and accountants.

Draft My AML Policy

Pre-requisites for goAML Registration for Accountants and Auditors

Documents you must have ready

For Ministry of Economy supervised registration, the core documents referenced in the FIU system guide are: trade licence, MLRO authorisation letter, and MLRO Emirates ID or passport.

Keep these practical constraints in mind:

  1. Single PDF attachment only, not multiple uploads
  2. Maximum size is 5MB
  3. MLRO authorisation letter should be on letterhead or carry a seal or stamp

Contact details that frequently cause delays

  1. A valid, operational UAE mobile number is essential because SMS OTPs are required, and international numbers are not supported in many cases.
  2. For SACM, the mobile format is clearly indicated as 009715xxxxxxxx.
  3. For goAML registration fields, use an official business email. The FIU guide warns against personal email domains for the MLRO email.

The two stages of goAML registration for accountants and auditors in the UAE

The FIU system registration is explicitly described as two steps:

  1. SACM and Google Authenticator registration

  2. Entity registration on goAML

Stage one: SACM pre-registration and Google Authenticator setup

What stage one is doing

SACM is the access control manager that hosts goAML access links. It uses a time-based one-time password mechanism through Google Authenticator.

Stage one: what you need on your desk

Before you start, make sure you can answer these without guessing:

  1. Your supervisory body selection
  2. Legal entity name exactly as per the licence
  3. Trade licence number
  4. MLRO name, nationality, ID type and ID number
  5. A working email and a UAE mobile number
  6. One PDF attachment with the required supporting documents

Stage one: step-by-step process

  1. Go to SACM registration using the FIU services portal route. The pre-registration guide shows navigation through the FIU portal to SACM.
  2. Choose Registration Type as Reporting Entity.
  3. Enter the Entity Name exactly as per the trade licence.
  4. Select Supervisory Body. In Ministry of Economy & Tourism supervised cases, the system guide references selecting the Ministry of Economy.
  5. Enter ID Number or Registration Number as the trade licence number.
  6. Enter the MLRO details as the registering user, including email and UAE mobile number.
  7. Attach the single PDF file and submit.
  8. Verify your email when prompted. The system guide is clear that the request does not reach the supervisor until email verification is done.
  9. Wait for approval or rejection by the supervisory body. This approval step is part of the SACM pre-registration process.
  10. If approved, use the link to obtain the secret key by entering the email OTP and SMS OTP. The system guide shows the exact get secret key flow.
  11. Note the timing. The OTP is valid for 24 hours.
  12. Set up Google Authenticator using the received username and secret key, so the app keeps generating the six-digit code required for access.

Outcome of stage one
You now have the SACM username and a working Google Authenticator code. At this point, stage one is complete, and you are ready for stage two

Stage two: goAML organisation registration for accountants and auditors

What goAML Registration stage two is doing

Stage two creates your organisation account on goAML and generates the Organisation ID once approved.

Stage two: pre-flight checklist

Before you log in, ensure you have all three ready, exactly as the system guide states:

  1. The SACM username
  2. Google Authenticator set up on your phone
  3. The same single PDF document is ready for upload

Stage two: step-by-step process

  1. Open the goAML link used for registration. The system guide specifies the goAML URL.
  2. Log in using your SACM username and the current Google Authenticator code as the password for the first-level login.
  3. Select Register New Organisation.
  4. Set Registration Type as Reporting Entity.
  5. Complete Entity Details carefully. The system guide warns that missing information can result in rejection.

  6. Complete the Entity phone and address details.

  7. Complete registration of the person’s details for the MLRO or Compliance Officer.

Practical sector tips for accountants and auditors:

  • Use the legal name and licence number exactly as per the trade licence
  • Choose the most accurate business activity available for accounting or auditing services
  • Use a compliance-controlled email and preferably a group email for notifications

Password rules are strict. The goAML registration guide specifies 5 to 10 characters, with capital alpha, alphanumeric, and special characters.

  1. Upload the attachment, enter the captcha, and submit.
  2. Capture the reference number generated by the system. The system guide describes the REP reference format and confirms that an email is also received.
  3. Wait for supervisory approval or rejection notification. If rejected, fix the reason and repeat the registration steps.
  4. If approved, you will receive an email confirming the new organisation and the new Organisation ID.

Outcome of stage two
Your organisation is now registered on goAML, and you have an Org ID.

Logging in after both stages

The FIU FAQs explain the full login sequence clearly:

  1. You first enter the SACM username and the six-digit Google Authenticator code in the pop-up.
  2. Then you type the goAML username and password you created during stage two and complete the login.

Post-registration setup for accounting and audit firms

Do you need to register the MLRO as a person as well

No. The FAQs confirm the MLRO is the registering person and is registered by default once the organisation is registered. Person registration is for additional users or when changing the MLRO.

Adding additional users

If you want managers or team members to have access for drafting or internal review, the process is:

  1. New user registers on SACM to gain access
  2. Supervisor approves SACM
  3. New user sets up Google Authenticator
  4. New user registers as a person under the same Org ID
  5. MLRO approves the new user request

Train Your Team on UAE AML Obligations

Role-based AML training for partners, staff, and MLROs with practical, regulator-ready, and audit-proof.

Schedule AML Training

Common goAML Registration errors and how to fix them

Email OTP and SMS OTP issues

If OTPs expire during secret key retrieval, the FAQs advise contacting goAML support to refresh.If you need a resend because the OTP expired, the system guide states you can email goAML support from the registered email.

The login pop up keeps looping

The FAQs explain that the pop up requires the SACM username and Google Authenticator code, otherwise it will keep reappearing.

Attachment upload does not work

If users do not see the upload confirmation pop up, the FAQs recommend enabling pop ups in the browser settings.

File Size

The FAQs recommend avoiding copy and paste into the system and typing details directly, and also keeping attachment size below the limit with an English file name.

How goamlregistration.ae helps accountants and auditors with 360 support

Most firms can complete the goAML registration portal steps. The real value is completing them cleanly, avoiding rejection, and pairing registration with a compliance operating model that actually works in practice.

A typical support package for accountants and auditors includes:

  1. Confirming DNFBP coverage and the supervisory body route for your licence
  2. Drafting or tightening MLRO appointment documentation so it stands up to review
  3. Completing stage one and stage two with quality checks aligned to the FIU system requirements
  4. Setting up the internal user model and access controls for your reporting workflow
  5. Training your MLRO and senior staff on when to report, how to write defensible narratives, and how to maintain evidence trails
  6. Building your AML framework around risk assessment, policies, procedures, screening, and ongoing monitoring, so reporting becomes a natural outcome of good controls, not a panic response

FAQs on goAML Registration for Accountants and Auditors in UAE

If you are an auditing or accounting firm operating as a DNFBP in the UAE, you should expect to complete goAML registration so you can submit reports when required. The Ministry of Economy and Tourism DNFBP self-check explicitly includes auditing or accounting firms.

goAML registration happens in two stages. Stage 1 is SACM registration and Google Authenticator setup, and Stage 2 is organisation registration on the goAML portal.

Stage 1 uses SACM access controls, which rely on a time-based one-time password mechanism through Google Authenticator. Without completing this step, you cannot proceed to Stage 2.

For the Ministry of Economy and Tourism route, you typically need your trade licence, an MLRO or Compliance Officer appointment or authorisation letter, and the Emirates ID or passport of the appointed person. These must be merged into a single PDF and kept within the file-size limits stated in the system guide.

During registration, the system specifies the UAE mobile format as 009715xxxxxxxx. Using an incorrect format often causes delays during OTP steps.

A common reason is that email verification is not completed. The system guide is clear that the request does not reach the supervisory review stage until email verification is done.

After approval, you receive OTP steps to generate your secret key, and then you set up Google Authenticator. Once this is complete, you can use your SACM username and the Authenticator code to access goAML for Stage 2.

It is the step where you register your accounting or audit firm as an organisation on goAML. If the application is approved, you receive an email confirming your organisation and your Organisation ID.

Because there are two layers of login. First you pass the SACM pop-up using your SACM username and the Google Authenticator code. Then you log in to goAML using the username and password you created during Stage 2 registration.

No. The FAQs clarify that the MLRO is the registering person and is registered by default once the organisation is registered. “Person registration” is mainly used for additional users or MLRO changes.

Additional users typically complete SACM access first, then register as a person under the same Organisation ID, and the MLRO approves their access request.

One common cause is browser pop-ups being blocked. The FAQs recommend enabling pop-ups in browser settings if you cannot see the upload confirmation pop-up.

The FAQs recommend typing details directly instead of copy-pasting, using an English file name, and keeping the attachment size within the limit.

If OTP validity expires, you may need support assistance to refresh or reset the process. The FAQs refer users to goAML support for OTP refresh where required.

Strengthen AML Compliance Beyond goAML Registration

Implement AML software, managed KYC services, and ongoing compliance support tailored for accounting and audit firms in the UAE.

Get Compliance Ready Now!