AML Compliance Checklist for UAE Businesses (2026)

Introduction

Anti-Money Laundering (AML) compliance is mandatory for Designated Non-Financial Businesses and Professions (DNFBPs) in the UAE. Under Federal Decree-Law No. 10 of 2025, regulators have intensified enforcement, with penalties ranging from AED 50,000 to AED 5,000,000 per violation.

This checklist helps businesses understand and implement AML requirements in 2026.

Who Must Comply?

DNFBPs in the UAE include:

• Real estate brokers and developers
• Dealers in precious metals and stones
• Auditors and accountants
• Lawyers and legal consultants (when handling financial transactions)
• Company and trust service providers
• Commercial gaming operators

If your business falls into any of these categories, AML compliance is not optional.

AML Compliance Checklist

1. AML Policy and Procedures

• Written AML/CFT policy tailored to your business
• Risk-based approach documented
• Policy approved by senior management
• Policy reviewed and updated at least annually

2. Compliance Officer Appointment

• Designated AML Compliance Officer (MLRO) appointed
• MLRO has appropriate qualifications and authority
• MLRO responsibilities clearly defined

3. Risk Assessment

• Enterprise-wide risk assessment completed
• Risk assessment specific to your business model
• Updated at least annually
• Documented and available for audit

4. Customer Due Diligence (CDD) and KYC

• Standard CDD procedures for all clients
• Enhanced Due Diligence for high-risk clients
• Simplified Due Diligence criteria defined (where applicable)
• Ongoing monitoring of existing client relationships
• Verification of Ultimate Beneficial Owners (UBOs)

5. goAML Registration

• Business registered on the goAML portal
• SACM credentials set up
• Procedures for filing Suspicious Transaction Reports (STRs)
• Procedures for filing Suspicious Activity Reports (SARs)

6. Sanctions Screening

• Screening against UAE local sanctions lists
• Screening against international sanctions lists (UN, OFAC)
• Ongoing screening of existing clients
• Screening documented and auditable

7. Transaction Monitoring

• System for monitoring financial transactions
• Thresholds defined for flagging unusual activity
• Procedures for escalating suspicious transactions

8. Staff Training

• AML training provided to all relevant employees
• Training records maintained
• Regular refresher training (at least annually)
• Training covers current regulations and red flags

9. Record Keeping

• All CDD records maintained for at least 5 years
• Transaction records maintained for at least 5 years
• Training records maintained
• All records accessible for audit purposes

10. Audit and Review

• Internal AML audit conducted annually
• Findings documented and acted upon
• External audit where required

Penalties for Non-Compliance

How Star One Helps

We develop tailored AML policies, implement KYC procedures, register your business on goAML, provide staff training, and conduct compliance audits.

For expert AML and KYC compliance support, contact Star One.

Frequently Asked Questions

Is goAML registration mandatory?

Yes. All DNFBPs must register on the goAML portal, regardless of whether they have suspicious activity to report.

How often should I update my risk assessment?

At least annually, or whenever there is a significant change in your business operations, client base, or regulatory requirements.

Do I need external training?

While internal training is acceptable, using qualified external trainers ensures your programme meets regulatory expectations.

Related services

• Audit Report UAE
• ESR UAE

Need help choosing the right structure?

• Book a free consultation
• Use the calculator