The Law and Who It Captures
The framework is built on Federal Decree-Law No. 20 of 2018 and Cabinet Decision No. 10 of 2019. It applies not only to financial institutions but to DNFBPs — real estate agents, dealers in precious metals and stones, auditors, corporate service providers and lawyers in defined situations. Each relevant entity must register on the goAML and Automatic Reporting System for Sanctions Lists portals operated under the Executive Office for Control and Non-Proliferation.
Risk-Based Customer Due Diligence
Supervisors expect a documented enterprise-wide risk assessment that drives customer due diligence, enhanced due diligence for higher-risk relationships, and ongoing monitoring. Beneficial ownership must be identified and verified in line with Cabinet Decision No. 58 of 2020. Screening against UN and UAE Local Terrorist Lists is not a one-off control — it must run on onboarding and on every list update.
Reporting to the FIU
Suspicious Transaction Reports and Suspicious Activity Reports are filed to the Financial Intelligence Unit through goAML. The test is suspicion, not certainty, and tipping-off is an offence. Funds Freeze Reports and Partial-Name Match reports carry strict timelines. The quality of the narrative — not just the act of filing — is what the Central Bank and sectoral supervisors review.
Evidence Pack
- 01 Enterprise-wide AML/CFT risk assessment, refreshed at least annually and on material change.
- 02 goAML and AML/CTF registration evidence, compliance officer appointment and board-approved policy.
- 03 CDD/EDD files with beneficial ownership verification and screening logs.
- 04 STR/SAR register, sanctions-screening hit dispositions and staff training records.