Understanding AML Laws for DNFBPs in the UAE
- DNFBPs in the UAE must follow a comprehensive AML/CFT/CPF compliance framework, including risk assessments, customer due diligence, sanctions screening, monitoring, and regulatory reporting.
- Regulatory framework is mainly built on Federal Decree Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025, supported by additional laws, guidance, and national risk assessments.
- The AML obligations apply to various professions, including accountants, auditors, lawyers, real estate brokers, dealers in precious metals and stones, trust service providers, and gaming operators.
- Effective compliance requires strong governance, risk-based controls, proper documentation, and consistent implementation to meet supervisory expectations across UAE regulatory authorities.
A Guide to AML Laws for DNFBPs in UAE
DNFBPs (Designated Non-Financial Businesses and Professions) in the UAE must follow a complete AML/CFT/CPF compliance framework, not a minimal or light requirement. In practical terms, this means businesses are expected to carry out proper risk assessments, customer due diligence, transaction monitoring, sanctions screening, escalation procedures, and regulatory reporting. All controls should be well-documented and supported by evidence.
This guide explains the AML Laws for DNFBPs in the UAE, the AML Regulations for DNFBPs, and the main AML Compliance Requirements that apply across mainland UAE, free zones, and financial free zones.
Who Does This AML Framework Guide Apply To?
This guide is created for DNFBP management teams and compliance professionals operating in the UAE. It is relevant for entities supervised by the appropriate competent authorities, including MoET and MoJ, depending on business activity.
The following professions are classified as DNFBPs in the UAE:
- Accountants and auditors
- Trust and company service providers
- Lawyers and legal consultants
- Dealers in precious metals and precious stones
- Real estate agents and brokers
- Commercial gaming operators
This guide is especially helpful for:
- MLROs and compliance officers
- Business owners and company directors
- Internal audit and risk management teams
- Operations managers involved in onboarding, reviews, and escalation processes
AML Laws Applicable to DNFBPs
Below is the list of AML laws and regulations that DNFBPs must comply with:
1. Federal AML/CFT Laws
- Federal Decree Law No. (10) of 2025 – Regarding Anti Money Laundering and Combating the Financing of Terrorism and Proliferation Financing
- Cabinet Resolution No. (134) of 2025 – Executive Regulations of Federal Decree Law No. (10) of 2025
- Federal Law No. (7) of 2014 on Combating Terrorism Offences
- Cabinet Resolution No. (74) of 2020 – Regulating Terrorist Lists and Implementation of UN Security Council Resolutions
- Cabinet Resolution No. (71) of 2024 – Regulating Violations and Administrative Penalties (for MoJ and MoE supervised entities)
- Cabinet Decision No. (109) of 2023 – Regulating Beneficial Owner Procedures
- Cabinet Resolution No. (132) of 2023 – Administrative Penalties for Violations of Beneficial Owner Procedures
2. UAE National Risk Assessment
- UAE ML/FT National Risk Assessment
3. Common Guidance for All Reporting Entities
- Guidance on Targeted Financial Sanctions for FIs, DNFBPs and VASPs (EOCN), July 2025
- Proliferation Finance Institutional Risk Assessment Guidance for FIs, DNFBPs and VASPs, December 2023
- Terrorist and Proliferation Financing Red Flags Guidance, December 2023
- Guidance on Counter Proliferation Financing for FIs, DNFBPs and VASPs, November 2022
- Joint Guidance on Combating the Use of Unlicensed Virtual Asset Service Providers in the UAE, November 2023
- Joint Guidance (Satisfactory/Unsatisfactory Practice), June 2021
- FIU Strategic Analysis Report on Terrorist Financing, May 2025
4. DNFBP Sector-Specific Guidelines
- AML/CFT Guidelines for DNFBPs – September 2025
- Implementation Guide for DNFBPs on Customer Risk Assessment (CRA) – November 2024
- Implementation Guide for DNFBPs on Customer Due Diligence (CDD) – December 2024
AML/CFT/CPF Compliance Requirements for DNFBPs
For DNFBPs, legal compliance should be converted into a practical operating framework built on five control layers:
1. Governance and Oversight
Clear roles, policy ownership, approval authority, and management reporting structures.
2. Risk Assessment Structure
Business-wide and customer-level risk methodologies aligned with UAE legal and risk guidance.
3. Preventive Controls
Customer Due Diligence (CDD), Enhanced Due Diligence (EDD), sanctions screening, and onboarding procedures supported by documentation.
4. Detective and Escalation Controls
Ongoing monitoring, alert review, internal escalation channels, and suspicious activity reporting readiness.
5. Assurance and Evidence
Recordkeeping, staff training, periodic testing, issue tracking, and proof of remediation actions.
This structured approach is the most effective way to implement AML regulations and demonstrate that controls are working properly.
Ready to schedule a consultation?
Most inspection findings trace back to execution gaps
Step-by-Step Implementation Framework for DNFBPs
Step 1: Create a Legal Obligations Matrix
Link each legal requirement to specific controls, responsible owners, and supporting evidence.
Step 2: Align Risk Assessments with NRA and SRA
Show a clear connection between identified risks and the controls implemented.
Step 3: Convert Policies into Procedures
Define workflows, approval limits, thresholds, and decision authority.
Step 4: Implement CDD, Monitoring, Screening, and Escalation Controls
Ensure controls are risk-based and applied consistently.
Step 5: Establish Reporting and Recordkeeping Discipline
Maintain standardised case files and high-quality documentation.
Step 6: Test, Remediate, and Retest
Regularly identify weaknesses, correct them, and confirm effectiveness.
Common AML Compliance Gaps for DNFBPs in UAE
- Policies exist but are not effectively executed
- Inconsistent quality of due diligence
- Generic risk scoring that does not match sector realities
- Weak escalation explanations and incomplete records
- Limited maturity in ongoing monitoring
- Absence of regular independent testing
Fixing these gaps significantly increases regulatory confidence and reduces compliance risk.
Practical DNFBP Compliance Checklist
- Do we maintain updated legal obligations register for DNFBPs?
- Are our controls linked to Federal Decree-Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025?
- Are NRA and SRA results reflected in our risk model?
- Do we apply CDD and EDD consistently with documented reasoning?
- Are screening and escalation decisions traceable and reviewable?
- Is our reporting process clearly defined and tested?
- Can we produce complete records quickly during inspections?
- Do we conduct periodic testing and close remediation actions on time?
Ready to schedule a consultation?
Most inspection findings trace back to execution gaps
FAQs: UAE AML Rules for DNFBPs
What do AML Laws for DNFBPs mean in practice?
In practical terms, AML Laws require DNFBPs to follow legal and regulatory duties aimed at preventing, identifying, escalating, and reporting risks related to Money Laundering (ML), Terrorist Financing (TF), and Proliferation Financing (PF).
How are AML Laws different from AML Regulations?
From a compliance perspective, laws create the legal obligation and enforcement authority, while regulations and official guidance explain how those legal obligations should be implemented in day-to-day operations.
Why are NRA and SRA important for DNFBPs?
The National Risk Assessment (NRA) and Sector Risk Assessment (SRA) help DNFBPs understand which risks are higher or lower in their industry and jurisdiction.
Should DNFBPs consider MoET and MoJ pathways?
Yes. DNFBPs should review their business activities and determine the relevant competent authority and supervisory pathway, including Ministry of Economy (MoET) and Ministry of Justice (MoJ) contexts where applicable.
Do mainland and free zone differences matter for compliance?
Yes. The jurisdiction in which a DNFBP operates influences supervisory expectations, reporting channels, and control requirements.
Expert Strategies, Industry Trends & Real Results
