Herald

AML/CFT Compliance UAE 2026: The Complete Guide for Businesses and DNFBPs

AML/CFT compliance guide for UAE DNFBPs 2026 — goAML registration, CDD and risk assessment support by Herald

The UAE’s anti-money laundering framework has been transformed since 2022. Following the country’s successful exit from the FATF grey list in 2024, the regulatory obligations that enabled that exit remain firmly in place — and enforcement has intensified significantly in 2025 and 2026. For businesses classified as Designated Non-Financial Businesses and Professions, the risk of AML/CFT non-compliance is not theoretical. It is financial, reputational, and in some cases criminal. Herald’s AML/CFT compliance services provide end-to-end programme support for UAE businesses navigating this complex and rapidly evolving regulatory landscape.

The UAE AML/CFT framework is based on Federal Decree-Law No. 20 of 2018 on Anti-Money Laundering and Combatting the Financing of Terrorism, as amended. The Cabinet Decision No. 10 of 2019 and subsequent implementing regulations define specific obligations for different categories of regulated entity. Businesses that fall into the DNFBP category are subject to the same core obligations as financial institutions, with oversight conducted by the Ministry of Economy rather than the Central Bank of the UAE. The Ministry has significantly expanded its inspection and enforcement programme in 2026.

Who Must Comply with UAE AML/CFT Regulations?

AML/CFT obligations apply to two broad categories of entity in the UAE: Financial Institutions regulated by the Central Bank, SCA, or Insurance Authority; and Designated Non-Financial Businesses and Professions regulated by the Ministry of Economy. If your business falls into any DNFBP category, you must have a fully operational AML/CFT compliance programme regardless of size or your assessment of client risk.

  • Accounting firms, auditors, and tax advisors
  • Legal professionals, notaries, and legal consultants
  • Real estate agents, brokers, and property managers
  • Dealers in precious metals, stones, and high-value goods
  • Company formation agents and corporate service providers
  • Trust and company service providers

Core AML/CFT Obligations for UAE DNFBPs in 2026

ObligationWhat Is RequiredFrequency
goAML RegistrationRegister on UAE FIU goAML platform and maintain registrationImmediate — must be current
Compliance OfficerAppoint a qualified AML Compliance OfficerOngoing appointment
AML/CFT PolicyWritten internal policy covering all programme elementsAnnual review required
Business Risk AssessmentDocument inherent and residual ML/TF risksAnnual update required
Customer Due DiligenceKYC on all clients — identity, beneficial ownership, purposeAt onboarding; ongoing monitoring
Enhanced Due DiligenceAdditional scrutiny for high-risk clients and PEPsAt onboarding and on material change
Sanctions ScreeningScreen against UAE, UN, OFAC, and EU listsReal-time or daily screening
Suspicious Transaction ReportsFile STRs on goAML when suspicious activity identifiedWithin required timeframe of suspicion
AML Staff TrainingTraining for all relevant staff on AML obligationsAnnual minimum
Record KeepingMaintain CDD and transaction recordsMinimum 5 years

AML/CFT Penalties for Non-Compliance in UAE 2026

The UAE has dramatically increased AML/CFT penalties following FATF commitments. In 2026, the Ministry of Economy is conducting active inspection programmes of DNFBP AML/CFT compliance. The financial consequences of non-compliance are severe, and the reputational consequences can be business-ending.

  • Failure to register on goAML: AED 50,000 to AED 1,000,000
  • Failure to file a Suspicious Transaction Report: AED 100,000 to AED 1,000,000
  • Failure to conduct Customer Due Diligence: AED 50,000 to AED 500,000
  • Failure to conduct Enhanced Due Diligence on high-risk clients: AED 50,000 to AED 500,000
  • Failure to maintain an AML policy: AED 50,000 to AED 500,000
  • Tipping off — informing a client a STR has been filed: Criminal prosecution
  • Facilitating money laundering: Criminal prosecution, imprisonment, and asset freezing

The Business Risk Assessment: Your AML Programme Foundation

A Business Risk Assessment is the document that underpins your entire AML/CFT programme. It analyses the specific money laundering and terrorism financing risks your business faces based on your client profile, geographic exposure, service types, transaction volumes, and delivery channels. It must identify both inherent risks (before controls) and residual risks (after controls), and must be reviewed and updated at least annually and whenever material changes occur in your business or the regulatory environment.

Ministry of Economy inspectors specifically ask to see your Business Risk Assessment during inspections. An absent, outdated, or superficial BRA is one of the most common sources of AML inspection findings. Herald’s compliance team conducts comprehensive BRAs for UAE DNFBPs, linking risk assessment findings to specific control recommendations and documenting the complete risk management rationale in a format that satisfies Ministry of Economy requirements.

Customer Due Diligence: Practical Requirements for 2026

CDD — commonly called Know Your Customer or KYC — is the process of verifying the identity and assessing the risk profile of every client before engaging with them. For UAE DNFBPs in 2026, CDD requirements include identity verification using official government-issued documents, beneficial ownership identification for corporate clients (any individual owning or controlling more than 25% of the entity), documentation of the purpose and expected nature of the business relationship, screening against all required sanctions lists, and enhanced scrutiny of clients who are Politically Exposed Persons or connected to PEPs.

CDD is not a one-time exercise at client onboarding. UAE AML regulations require ongoing monitoring of client relationships — meaning you must update CDD records when material changes occur, screen clients when new sanctions designations are published, and periodically review high-risk client relationships even in the absence of specific triggers.

What Happens During a Ministry of Economy AML Inspection?

Ministry inspectors arrive with a structured checklist and specific documentation requirements. They will ask to see your goAML registration confirmation, your AML Policy (signed and dated), your Business Risk Assessment, CDD records for a sample of clients (typically 10 to 20 files), your sanctions screening evidence, your STR filing history, your staff training records, and your compliance officer appointment documentation. Gaps in any of these areas result in written findings and, in many cases, financial penalties issued on the same day as the inspection.

Herald provides pre-inspection readiness reviews for UAE businesses — a full simulation of the Ministry of Economy inspection process that identifies gaps before regulators do. For businesses that have already received an inspection notice, Herald provides emergency gap remediation with turnaround times measured in days rather than weeks.

Internal Links — Related Services

How Herald Builds and Manages Your AML/CFT Programme

Herald’s AML/CFT compliance team provides a fully managed service for UAE DNFBPs that covers every element of a compliant programme. We begin with goAML registration — ensuring your business is correctly set up on the UAE Financial Intelligence Unit platform with the right entity classification and authorised users. We then appoint a qualified Compliance Officer where needed, providing both the human expertise and the documented appointment evidence that Ministry of Economy inspectors require to see.

Beyond registration, Herald drafts your AML/CFT Policy — a comprehensive document that covers your risk appetite, client acceptance criteria, CDD procedures, EDD triggers, sanctions screening approach, STR filing process, and staff training framework. We conduct your annual Business Risk Assessment and deliver all-staff AML training through structured workshop sessions with attendance records and assessment certificates. For businesses that have received a Ministry of Economy inspection notice, Herald provides emergency compliance gap remediation with turnaround times measured in days rather than weeks. Our AML work integrates with Herald’s internal audit services for annual programme effectiveness testing, and with our forensic audit and fraud investigation teams when STR-level concerns require deeper examination.

Related Herald ServiceRelevance
AML/CFT Compliance ServicesFull AML programme implementation
Internal Audit ServicesAML compliance audit and testing
Forensic Audit ServicesFinancial crime investigation
Fraud Investigation ServicesSuspected fraud deep-dive investigation
External Audit ServicesStatutory audit with AML awareness
Business ConsultancyAML governance and programme design

Frequently Asked Questions

Is my accounting firm required to register on goAML?

Yes. Accounting firms, auditors, and tax advisors are classified as DNFBPs under UAE AML law. You must register on the goAML platform operated by the UAE Financial Intelligence Unit, file Suspicious Transaction Reports when required, conduct Customer Due Diligence on clients, and maintain a full AML/CFT compliance programme.

What happens during a Ministry of Economy AML inspection?

Inspectors review your goAML registration, AML policy, Business Risk Assessment, CDD records for a client sample, sanctions screening evidence, STR filing history, and staff training records. Gaps in any of these areas result in written findings and potential financial penalties issued during or immediately after the inspection visit.

How long does it take to build a compliant AML programme from scratch?

Herald can implement a compliant AML programme — including goAML registration, policy documentation, BRA, CDD framework, and staff training — within 4 to 6 weeks for most UAE DNFBPs. Businesses with urgent inspection timelines can be expedited. Contact Herald today for a free AML programme health check.

Is Your AML Programme Inspection-Ready?UAE regulators are actively inspecting DNFBP AML programmes in 2026. Don’t wait for an inspection notice to find your gaps. Contact Herald today at heralduae.com/contact-us/ for a free AML compliance health check.

Tags :

Uncategorized
Share This :

Lastest In News