The UAE’s anti-money laundering framework has been transformed since 2022. Following the country’s successful exit from the FATF grey list in 2024, the regulatory obligations that enabled that exit remain firmly in place — and enforcement has intensified significantly in 2025 and 2026. For businesses classified as Designated Non-Financial Businesses and Professions, the risk of AML/CFT non-compliance is not theoretical. It is financial, reputational, and in some cases criminal. Herald’s AML/CFT compliance services provide end-to-end programme support for UAE businesses navigating this complex and rapidly evolving regulatory landscape.
The UAE AML/CFT framework is based on Federal Decree-Law No. 20 of 2018 on Anti-Money Laundering and Combatting the Financing of Terrorism, as amended. The Cabinet Decision No. 10 of 2019 and subsequent implementing regulations define specific obligations for different categories of regulated entity. Businesses that fall into the DNFBP category are subject to the same core obligations as financial institutions, with oversight conducted by the Ministry of Economy rather than the Central Bank of the UAE. The Ministry has significantly expanded its inspection and enforcement programme in 2026.
Who Must Comply with UAE AML/CFT Regulations?
AML/CFT obligations apply to two broad categories of entity in the UAE: Financial Institutions regulated by the Central Bank, SCA, or Insurance Authority; and Designated Non-Financial Businesses and Professions regulated by the Ministry of Economy. If your business falls into any DNFBP category, you must have a fully operational AML/CFT compliance programme regardless of size or your assessment of client risk.
- Accounting firms, auditors, and tax advisors
- Legal professionals, notaries, and legal consultants
- Real estate agents, brokers, and property managers
- Dealers in precious metals, stones, and high-value goods
- Company formation agents and corporate service providers
- Trust and company service providers
Core AML/CFT Obligations for UAE DNFBPs in 2026
| Obligation | What Is Required | Frequency |
| goAML Registration | Register on UAE FIU goAML platform and maintain registration | Immediate — must be current |
| Compliance Officer | Appoint a qualified AML Compliance Officer | Ongoing appointment |
| AML/CFT Policy | Written internal policy covering all programme elements | Annual review required |
| Business Risk Assessment | Document inherent and residual ML/TF risks | Annual update required |
| Customer Due Diligence | KYC on all clients — identity, beneficial ownership, purpose | At onboarding; ongoing monitoring |
| Enhanced Due Diligence | Additional scrutiny for high-risk clients and PEPs | At onboarding and on material change |
| Sanctions Screening | Screen against UAE, UN, OFAC, and EU lists | Real-time or daily screening |
| Suspicious Transaction Reports | File STRs on goAML when suspicious activity identified | Within required timeframe of suspicion |
| AML Staff Training | Training for all relevant staff on AML obligations | Annual minimum |
| Record Keeping | Maintain CDD and transaction records | Minimum 5 years |
AML/CFT Penalties for Non-Compliance in UAE 2026
The UAE has dramatically increased AML/CFT penalties following FATF commitments. In 2026, the Ministry of Economy is conducting active inspection programmes of DNFBP AML/CFT compliance. The financial consequences of non-compliance are severe, and the reputational consequences can be business-ending.
- Failure to register on goAML: AED 50,000 to AED 1,000,000
- Failure to file a Suspicious Transaction Report: AED 100,000 to AED 1,000,000
- Failure to conduct Customer Due Diligence: AED 50,000 to AED 500,000
- Failure to conduct Enhanced Due Diligence on high-risk clients: AED 50,000 to AED 500,000
- Failure to maintain an AML policy: AED 50,000 to AED 500,000
- Tipping off — informing a client a STR has been filed: Criminal prosecution
- Facilitating money laundering: Criminal prosecution, imprisonment, and asset freezing
The Business Risk Assessment: Your AML Programme Foundation
A Business Risk Assessment is the document that underpins your entire AML/CFT programme. It analyses the specific money laundering and terrorism financing risks your business faces based on your client profile, geographic exposure, service types, transaction volumes, and delivery channels. It must identify both inherent risks (before controls) and residual risks (after controls), and must be reviewed and updated at least annually and whenever material changes occur in your business or the regulatory environment.
Ministry of Economy inspectors specifically ask to see your Business Risk Assessment during inspections. An absent, outdated, or superficial BRA is one of the most common sources of AML inspection findings. Herald’s compliance team conducts comprehensive BRAs for UAE DNFBPs, linking risk assessment findings to specific control recommendations and documenting the complete risk management rationale in a format that satisfies Ministry of Economy requirements.
Customer Due Diligence: Practical Requirements for 2026
CDD — commonly called Know Your Customer or KYC — is the process of verifying the identity and assessing the risk profile of every client before engaging with them. For UAE DNFBPs in 2026, CDD requirements include identity verification using official government-issued documents, beneficial ownership identification for corporate clients (any individual owning or controlling more than 25% of the entity), documentation of the purpose and expected nature of the business relationship, screening against all required sanctions lists, and enhanced scrutiny of clients who are Politically Exposed Persons or connected to PEPs.
CDD is not a one-time exercise at client onboarding. UAE AML regulations require ongoing monitoring of client relationships — meaning you must update CDD records when material changes occur, screen clients when new sanctions designations are published, and periodically review high-risk client relationships even in the absence of specific triggers.
What Happens During a Ministry of Economy AML Inspection?
Ministry inspectors arrive with a structured checklist and specific documentation requirements. They will ask to see your goAML registration confirmation, your AML Policy (signed and dated), your Business Risk Assessment, CDD records for a sample of clients (typically 10 to 20 files), your sanctions screening evidence, your STR filing history, your staff training records, and your compliance officer appointment documentation. Gaps in any of these areas result in written findings and, in many cases, financial penalties issued on the same day as the inspection.
Herald provides pre-inspection readiness reviews for UAE businesses — a full simulation of the Ministry of Economy inspection process that identifies gaps before regulators do. For businesses that have already received an inspection notice, Herald provides emergency gap remediation with turnaround times measured in days rather than weeks.
Internal Links — Related Services
How Herald Builds and Manages Your AML/CFT Programme
Herald’s AML/CFT compliance team provides a fully managed service for UAE DNFBPs that covers every element of a compliant programme. We begin with goAML registration — ensuring your business is correctly set up on the UAE Financial Intelligence Unit platform with the right entity classification and authorised users. We then appoint a qualified Compliance Officer where needed, providing both the human expertise and the documented appointment evidence that Ministry of Economy inspectors require to see.
Beyond registration, Herald drafts your AML/CFT Policy — a comprehensive document that covers your risk appetite, client acceptance criteria, CDD procedures, EDD triggers, sanctions screening approach, STR filing process, and staff training framework. We conduct your annual Business Risk Assessment and deliver all-staff AML training through structured workshop sessions with attendance records and assessment certificates. For businesses that have received a Ministry of Economy inspection notice, Herald provides emergency compliance gap remediation with turnaround times measured in days rather than weeks. Our AML work integrates with Herald’s internal audit services for annual programme effectiveness testing, and with our forensic audit and fraud investigation teams when STR-level concerns require deeper examination.
| Related Herald Service | Relevance |
| AML/CFT Compliance Services | Full AML programme implementation |
| Internal Audit Services | AML compliance audit and testing |
| Forensic Audit Services | Financial crime investigation |
| Fraud Investigation Services | Suspected fraud deep-dive investigation |
| External Audit Services | Statutory audit with AML awareness |
| Business Consultancy | AML governance and programme design |
Frequently Asked Questions
Is my accounting firm required to register on goAML?
Yes. Accounting firms, auditors, and tax advisors are classified as DNFBPs under UAE AML law. You must register on the goAML platform operated by the UAE Financial Intelligence Unit, file Suspicious Transaction Reports when required, conduct Customer Due Diligence on clients, and maintain a full AML/CFT compliance programme.
What happens during a Ministry of Economy AML inspection?
Inspectors review your goAML registration, AML policy, Business Risk Assessment, CDD records for a client sample, sanctions screening evidence, STR filing history, and staff training records. Gaps in any of these areas result in written findings and potential financial penalties issued during or immediately after the inspection visit.
How long does it take to build a compliant AML programme from scratch?
Herald can implement a compliant AML programme — including goAML registration, policy documentation, BRA, CDD framework, and staff training — within 4 to 6 weeks for most UAE DNFBPs. Businesses with urgent inspection timelines can be expedited. Contact Herald today for a free AML programme health check.
| Is Your AML Programme Inspection-Ready?UAE regulators are actively inspecting DNFBP AML programmes in 2026. Don’t wait for an inspection notice to find your gaps. Contact Herald today at heralduae.com/contact-us/ for a free AML compliance health check. |
















