A Guide to AML Laws for DNFBPs in UAE: At a Glance
DNFBPs in the UAE are subject to a full AML/CFT/CPF compliance framework, not a light-touch obligation. In practical terms, businesses must implement risk assessment, due diligence, monitoring, sanctions screening, escalation, and reporting controls that are defensible and evidence-based. This guide explains the AML Laws for DNFBPs in UAE, the AML Regulations for DNFBPs in UAE, and the core AML Compliance Requirements for DNFBPs in UAE across mainland, free zones, and financial free zones.
Who does this AML Framework Guide apply to?
This guide on AML Laws for DNFBPs in the UAE is designed for DNFBP management and compliance teams, including firms supervised through relevant competent authority pathways, including MoET and MoJ contexts, where applicable by activity. Accountants and auditors, trust and company service providers, lawyers, dealers in precious metals and stones, real estate agents, and commercial gaming operators are termed as DNFBPs in UAE.
This guide is especially useful for:
MLROs and compliance officers,
business owners and directors,
internal audit and risk teams,
operations managers involved in onboarding, review, and escalation processes.
AML Laws Applicable to DNFBPs:
Here is the list of AML Laws applicable to DNFBPs:
Federal AML/CFT Laws:
UAE National Risk Assessment:
UAE ML/FT National Risk Assessment
Common Guidance for All Reporting Entities:
Terrorist and Proliferation Financing Red Flags Guidance, December 2023
Guidance on Counter Proliferation Financing for FIs, DNFBPs and VASPs, November 2022
Joint Guidance (Satisfactory/Unsatisfactory Practice), June 2021
FIU Strategic Analysis Report on Terrorist Financing, May 2025
DNFBPs Sector-Specific Guidelines:
AML/CFT/CPF Compliance Requirements for Designated Non-Financial Businesses and Professions (DNFBPs)
For DNFBPs, legal compliance should be translated into an operating framework with five control layers.
1. Governance and oversight
Clear accountability, policy ownership, approval governance, and management information reporting.
2. Risk assessment architecture
Enterprise and customer risk methodology aligned to UAE legal and risk guidance.
3. Preventive controls
CDD, EDD, screening, and onboarding controls with documented rationale.
4. Detective and escalation controls
Monitoring, alert handling, internal escalation, and suspicious reporting readiness.
5. Assurance and evidence
Recordkeeping, training, periodic testing, issue tracking, and remediation proof.
This is the most effective way to operationalise AML Regulations for DNFBPs in UAE and demonstrate control effectiveness.
Step-by-Step Implementation Framework for DNFBPs
Step 1: Create a legal obligations matrix
Map legal references to control objectives, owners, and evidence.
Step 2: Align risk assessments to NRA and SRA direction
Show explicit linkage between risk findings and control calibration.
Step 3: Convert policy into procedures
Define workflows, thresholds, and decision authority clearly.
Step 4: Deploy CDD, monitoring, screening, and escalation controls
Ensure controls are risk-based and consistently applied.
Step 5: Build reporting and recordkeeping discipline
Standardise case files and documentation quality.
Step 6: Test, remediate, and retest
Evidence that weaknesses are identified and closed effectively.
Common Gaps in AML Compliance Requirements for DNFBPs in UAE
- policy-heavy but execution-light frameworks,
- inconsistent due diligence quality,
- generic risk scoring not linked to sector reality,
- weak escalation narratives and incomplete supporting records,
- limited ongoing monitoring maturity,
- lack of periodic independent testing.
Addressing these gaps significantly improves supervisory confidence.
Practical DNFBP Compliance Checklist
- Do we maintain an up-to-date DNFBP legal obligations register?
- Have we linked controls to Federal Decree-Law 10 of 2025 and Cabinet Resolution 134 of 2025?
- Are NRA and SRA outcomes reflected in our risk model?
- Do we apply CDD and EDD consistently and document rationale?
- Are screening and escalation decisions traceable and reviewable?
- Is our reporting pathway clearly defined and tested?
- Can we produce complete records promptly during review?
- Do we run periodic testing and close remediation actions on time?
Get in touch with us to avail GRC Services in UAE.
FAQs: UAE Cabinet Resolution No. 134 of 2025 under Federal Decree Law No. 10 of 2025
What are AML Laws for DNFBPs in UAE in practical terms?
They are legal and regulatory obligations requiring DNFBPs to prevent, detect, escalate, and report ML/TF/PF risk through a risk based control framework.
What is the difference between AML Laws for DNFBPs in UAE and AML Regulations for DNFBPs in UAE?
In practical compliance language, laws establish the legal duty and enforcement basis, while regulations and guidance define how those duties are implemented operationally.
Why are NRA and SRA important for DNFBP compliance?
NRA and SRA inform risk prioritisation and help DNFBPs justify why certain controls are enhanced, simplified, or redesigned.
Do DNFBPs need to consider MoET and MoJ pathways?
Yes. DNFBPs should map their activity profile to the relevant competent authority and supervisory pathway, including MoET and MoJ contexts where applicable.
Do mainland, free zone, and financial free zone distinctions matter?
Yes. Jurisdictional context affects supervisory expectations and control mapping. A jurisdiction matrix is essential for avoiding compliance blind spots.
