AML Compliance in UAE: What Every Business Must Know in 2026

The UAE has made Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) compliance a national priority, and the consequences of non-compliance are severe. Following the UAE's successful exit from the FATF grey list in 2024, enforcement has intensified — not relaxed.

This guide focuses on what Designated Non-Financial Businesses and Professions (DNFBPs) need to do to remain compliant in 2026.

## What Is AML/CFT in the UAE?

AML (Anti-Money Laundering) and CFT (Counter Financing of Terrorism) regulations require businesses to: - Know their customers (KYC/CDD — Customer Due Diligence) - Monitor transactions for suspicious activity - Report suspicious transactions to the UAE Financial Intelligence Unit (FIU) via the goAML portal - Register with the relevant supervisory authority and maintain policies and records

The legal framework is governed by Federal Decree-Law No. 20 of 2018 on AML/CFT, and its implementing regulations.

## Who Must Comply? (DNFBPs)

The following categories are classified as DNFBPs and are subject to full AML/CFT obligations in the UAE:

- Auditors and Accountants (including external auditors, tax advisors, and management consultants) - Legal Professionals (lawyers, notaries) - Real Estate Agents and Brokers - Dealers in Precious Metals and Stones (DPMS) - Corporate Service Providers (company formation agents, registered agents) - Trust and Company Service Providers

If your business falls in any of these categories, AML compliance is not optional.

## Step 1: Register with the Ministry of Economy

All UAE-based DNFBPs must register with the UAE Ministry of Economy's AML Portal at [aml.economy.gov.ae](https://aml.economy.gov.ae).

Registration requires: - Valid UAE trade licence - Emirates ID of the authorised signatory - Business activity details confirming DNFBP status - AML Compliance Officer designation

Failure to register is subject to administrative penalties starting at AED 50,000.

## Step 2: Register on the goAML Portal

The goAML portal ([goaml.uae.gov.ae](https://goaml.uae.gov.ae)) is operated by the UAE Financial Intelligence Unit (FIU) under the Central Bank. All DNFBPs must register and use this portal to submit:

- Suspicious Transaction Reports (STRs) - Suspicious Activity Reports (SARs)

Reports must be filed promptly once a suspicion arises — there is no specific time limit, but delay without justification is penalised.

## Step 3: Appoint an AML Compliance Officer

Every DNFBP must designate a Compliance Officer (CO) responsible for: - Overseeing AML/CFT policies and procedures - Reviewing suspicious activity and making reporting decisions - Training staff on AML obligations - Liaising with the Ministry of Economy and FIU

The CO should be at a sufficiently senior level to exercise independent judgment. For small businesses, the owner or a senior manager may fulfil this role.

## Step 4: Conduct Customer Due Diligence (CDD)

Before establishing a business relationship or executing a significant transaction, you must verify your customer's identity. CDD involves:

Standard CDD (for all customers): - Full legal name, date of birth, nationality - Passport or Emirates ID copy - Proof of address - Source of funds declaration for significant transactions

Enhanced CDD (for high-risk customers): Required when the customer is a Politically Exposed Person (PEP), operates in a high-risk jurisdiction, or the transaction is unusual or complex: - Senior management approval before proceeding - Additional source of wealth evidence - Ongoing monitoring at increased frequency

Simplified CDD may apply for low-risk customers with established relationships and publicly available information.

## Step 5: Implement Risk-Based Policies and Procedures

You must have written AML/CFT policies covering: - Customer acceptance and onboarding - Transaction monitoring and red flags - Internal escalation and reporting procedures - Record-keeping (minimum 5 years for customer records and transaction data) - Staff training programme (documented annually)

These policies must be risk-based — meaning you assess the AML risk level of your client base and activities, and calibrate your controls accordingly.

## Key Penalties for Non-Compliance

The UAE has significantly increased AML penalties:

| Violation | Penalty | |---|---| | Failure to register with MoE | AED 50,000 – 5,000,000 | | Failure to file STR when required | Up to AED 5,000,000 | | Failure to conduct CDD | AED 50,000 – 1,000,000 | | Record-keeping violations | AED 50,000 – 500,000 | | Tipping off a suspect | Criminal prosecution |

## Sanctions Screening

In addition to AML compliance, UAE businesses must screen customers and transactions against: - UN Security Council Sanctions Lists - UAE Local Terrorist Designation List - OFAC (US Treasury) sanctions where relevant

The UAE Cabinet Decision No. 74 of 2020 requires all businesses to implement sanctions screening procedures. Free screening tools are available via the Central Bank's portal.

## How an AML Compliance Consultant Can Help

For businesses new to formal AML compliance, an experienced AML consultant provides: - Gap analysis against UAE regulatory requirements - Policies and procedures documentation - Registration support (MoE AML Portal and goAML) - Staff training - Ongoing compliance monitoring

ISZ Global lists verified AML compliance consultants across the UAE who are registered with the Ministry of Economy and experienced with DNFBP obligations. Browse our directory to find the right compliance partner.

*Reference: UAE Federal Decree-Law No. 20 of 2018 on AML/CFT | UAE Ministry of Economy AML Portal: [aml.economy.gov.ae](https://aml.economy.gov.ae) | FATF Mutual Evaluation Report UAE 2023.*