UAE AML & KYC Compliance Programs

All UAE businesses defined as Designated Non-Financial Businesses and Professions (DNFBPs) under Federal Decree-Law No. 20 of 2018 must maintain a written AML/CFT compliance program. This includes: customer due diligence (CDD) and enhanced due diligence (EDD) procedures, sanctions screening against UN, EU, and UAE local lists, suspicious transaction reporting to the Financial Intelligence Unit (FIU) via goAML, and annual AML risk assessment. Financial institutions additionally require CBUAE licensing.

UAE AML/CFT oversight is shared: the Central Bank of the UAE (CBUAE) supervises banks and payment service providers; the Securities and Commodities Authority (SCA) covers investment firms; VARA regulates virtual asset service providers; and the Ministry of Economy (MoE) supervises DNFBPs including real estate, gold, precious metals, lawyers, and accountants. The Financial Intelligence Unit (FIU) within the MoF receives all Suspicious Transaction Reports (STRs) via the goAML system.

DFSA (Dubai Financial Services Authority) regulates financial services conducted in or from the DIFC (Dubai International Financial Centre) — including banking, insurance, capital markets, and fund management. VARA (Virtual Assets Regulatory Authority) is a Dubai-specific authority established in 2022 with mandatory jurisdiction over all virtual asset activities in Dubai (except DIFC). DFSA has its own virtual asset framework for DIFC-based crypto firms; VARA covers the rest of Dubai and all emirates except Abu Dhabi (where ADGM/FSRA applies).

Yes, for regulated entities. UAE banks, insurance companies, payment institutions, and DNFBP businesses with annual revenues above AED 1 million must designate a Compliance Officer / MLRO. For VARA-licensed VASPs, an MLRO is mandatory and must be a UAE resident. The MLRO is responsible for filing STRs on goAML, maintaining AML policies, and conducting staff training. INNOVA provides outsourced MLRO services for qualifying UAE entities.

Administrative penalties under Federal Decree-Law No. 20 of 2018 range from AED 50,000 to AED 5,000,000 per violation. Criminal sanctions for money laundering carry imprisonment of up to 10 years and fines up to AED 5,000,000. The UAE's FATF "grey list" exit in 2024 followed intensive reforms; continued FATF-compliance is a regulatory priority. The Ministry of Economy conducts annual DNFBP inspections with on-the-spot fines for missing AML policies.