A Guide to Anti-Money Laundering AML Compliance in UAE

Anti money laundering rules in the UAE are no longer a side topic. Federal Decree-Law No. 20 of 2018 and Cabinet Decision No. 10 of 2019 make it clear that banks, finance firms and many non-financial businesses must run proper checks and report suspicious activity. 

Since 2024, the UAE has even moved off the FATF grey list after showing “substantial progress” in its system. Learn how AML compliance in the UAE works, who must register, what an internal policy should cover and where enforcement is heading in the upcoming years.

What does AML compliance in UAE cover?

The federal AML framework now reaches:

• Licensed financial institutions such as banks and exchange houses.
• Designated non-financial businesses and professions, including real estate brokers and precious metals dealers and company service providers.
• Virtual asset service providers and some non-profit organisations.

Each group must identify money-laundering risk, apply customer due diligence, keep records and report suspicious transactions to the UAE Financial Intelligence Unit using the goAML platform.

For a small real estate brokerage in Dubai, that might mean basic KYC checks and a simple risk assessment. For a regional bank with branches in several emirates, AML compliance Dubai work will stay inside a wider regional framework that covers sanctions, trade finance and cross-border payments.

Core Laws and Supervisors Behind UAE AML Law

The legal base still rests on three main pillars.

• Federal Decree-Law No. 20 of 2018: This is the main AML and CFT law. It defines money laundering and sets offences besides giving regulators power to supervise.
• Cabinet Decision No. 10 of 2019: Often called the Executive Regulations, this decision explains how institutions must apply customer due diligence, risk assessment and reporting. It also defines DNFBPs and tells them to keep up to date internal policies and controls.
• Guidelines and rulebooks: The Central Bank’s AML/CFT rulebook and detailed guidelines for financial institutions add practical expectations on KYC, monitoring and reporting. DFSA and other regulators issue similar guidance for firms in financial free zones.

Who Must Register for AML and goAML

A core step in Anti money laundering UAE registration is enrollment on the FIU’s goAML portal.

The Ministry of Economy confirms that all DNFBPs under its supervision must register on goAML. So, they can file Suspicious Transaction Reports and Suspicious Activity Reports. Deadlines in 2021 have passed but the portal still accepts late registrations.

Financial institutions supervised by the Central Bank and by free zone regulators also use goAML and must keep registration details up to date.

For example, that means a real estate brokerage, a gold dealer and an accounting firm in the mainland all need to:

• Map their activity against the DNFBP definitions.
• Complete MOE goAML registration.
• Nominate a compliance officer as the main portal contact.

Skipping registration closes the main channel for reporting suspicion, which is a direct breach of the law.

Building a Practical AML Framework

Once registration is in place, every regulated business needs a living AML framework, not only a one-off file. Cabinet Decision 10 of 2019 expects policies and controls that match the size and risk of the business and that are updated regularly.

A simple AML policy Template UAE often covers:

• Risk assessment for customers and products.
• Customer due diligence and enhanced due diligence steps.
• Screening of customers against sanctions or local terrorism lists.
• Monitoring of transactions in line with risk ratings.
• Internal reporting lines to the compliance officer and then to goAML.
• Record-keeping rules and staff training.

The Central Bank’s guidelines for financial institutions add more detail, such as using official ID validation gateways and treating missing documents as risk factors.

Teams in smaller firms can keep this light. One page per topic is often enough if it includes real examples and clear triggers. What matters is that staff know the steps, and that controls work in real cases.

Penalties, Inspections and International Signals

Regulators now back rules with real checks. The Central Bank set up a dedicated AML and CFT supervision department in 2020 and uses it to examine licensed financial institutions and enforce the framework. In 2025, media reports showed fines above AED 3.5 million and temporary bans on new customers for banks that missed AML expectations.

For DNFBPs the Ministry of Economy and local free zone authorities run inspections and issue penalties for late goAML registration, missing risk assessments and poor reporting.

On the international side, two milestones signal progress:

• In February 2024, the FATF removed the UAE from its “grey list” after noting substantial improvements in supervision and enforcement.
• In July 2025, the European Union removed the UAE from its list of high-risk third countries for money laundering.

These signals reduce friction for cross-border banking and investment, yet they also raise the bar. Foreign regulators will expect UAE firms to keep that stronger standard.

How Arnifi Helps With AML Compliance?

Many banks already have large compliance teams. However, the real strain often begins with mid-sized trading companies or new real estate brokerages that fall under DNFBP rules.

Arnifi can help teams in three ways:

• Translate the federal law and Cabinet Decision into a short, risk-based playbook that fits the business.
• Design a simple AML compliance Dubai framework that links KYC forms, screening tools and goAML reporting, without overwhelming staff.
• Review existing files and help move them to a clean, audit-ready format before a regulator visit.

The goal is to show that management understands its risks and has working controls around clients and payments.

FAQs

1. Which law sets the main AML rules in the UAE? 

Federal Decree-Law No. 20 of 2018 is the main AML law, and Cabinet Decision No. 10 of 2019 gives detailed rules for AML compliance in UAE across sectors.

2. Who must complete AML registration and goAML enrolment?

Financial institutions and DNFBPs such as real estate brokers and precious metals dealers, must register on goAML. They need to appoint a compliance officer and use the portal to file suspicious reports.

3. What are the main elements of a basic AML policy in the UAE?

A basic AML policy template UAE explains risk assessment and customer checks, sets screening and monitoring steps, defines internal reporting lines and training, and outlines how records stay on file.

4. What happens if a business ignores AML obligations?

Ignoring AML compliance in UAE risks inspections and licence limits. Regulators can halt new onboarding. Besides, it can freeze activities or pass serious cases to prosecutors.

5. Why does AML compliance still matter after the UAE left the FATF grey list?

Leaving the grey list reduces pressure, yet it also raises expectations. FATF and the EU both linked removal to strong enforcement. Firms that relax controls now risk local penalties and renewed international scrutiny.