How to Do goAML Registration UAE | Compliance Checklist for DNFBPs and Financial Firms

An effective AML framework in the UAE now assumes clean goAML Registration UAE as a starting point. The goAML platform, built by the UNODC and operated by the UAE Financial Intelligence Unit (FIU), is the channel for suspicious transaction and activity reports for financial institutions and DNFBPs.

goAML Registration is mandatory under the AML law and Cabinet regulations, and late or missing registration can attract significant administrative fines.

Why goAML Registration Matters for UAE AML Compliance?

Federal Decree Law No. 20 of 2018 and Cabinet Decision No. 10 of 2019 require supervised entities to report suspicions to the FIU and to keep supporting records. The FIU uses goAML so that reports, queries and responses travel in a secure electronic format instead of paper or email.

For DNFBPs and licensed financial institutions, this means that AML programs are incomplete until goAML registration, user acces,s and internal escalation procedures are in place. Inspectors now review not only policies and risk assessments but also goAML usage patterns and the quality of submitted STRs and SARs.

Who Must Register goAML in UAE?

Under the AML framework, both financial institutions and DNFBPs must register with the FIU’s systems and submit suspicious reports through goAML.

Groups typically covered include:

• Licensed financial institutions supervised by the Central Bank, such as banks, finance companies and exchange houses.
• DNFBPs are supervised by the Ministry of Economy, including real estate brokers, dealers in precious metals and stones, auditors and corporate service providers.
• Other regulated entities that offer higher-risk services and are brought into the framework by sector regulators or later Cabinet decisions.

Important Advice: Each licence should be mapped to its supervisory body so the correct profile appears in SACM and goAML.

Pre-Registration Checklist: Documents And Internal Decisions

Before touching the portal, firms save time by collecting documents and clarifying roles in advance. UAEFIU and Ministry of Economy guides describe registration as a staged process, beginning with the Service Access Control Manager (SACM) and then the goAML portal itself.

Key preparation items include:

• Trade licence and any relevant regulatory approvals for the entity.
• Passport and Emirates ID copies for authorised signatories and the MLRO or compliance officer.
• Board or ownership documents that show who can sign registrations and filings on behalf of the firm.
• Contact details and official email addresses that will be used for SACM, goAML and sanctions-list notifications.

How to do goAML Registration in UAE: Step-By-Step Process

Public registration guides show that goAML registration happens in two main stages rather than one form.

Stage 1: SACM access

• Create an account in SACM as a reporting entity under the correct supervisory body.
• Upload required documents and wait for supervisory approval and FIU activation.
• Receive a username and secret key and link these to an authenticator application to enable two-factor login.

Stage 2: goAML portal profile

• Log in using SACM credentials and complete the entity profile, including licence details, sector classification and contact persons.
• Add and approve organisation users, including the MLRO and any deputies, and assign their roles in the system.
• Test access to the message board and reporting menus so that the first live STR or SAR does not expose configuration gaps.

Feeling stuck? Hire professional help from Arnifi. We ensure the goAML Registration process is done without failure for business.

Using goAML for STRs, SARs and Other Reports

Once registration is complete, goAML becomes the primary channel for suspicious transaction and activity reports. DNFBPs and financial institutions must file when they have reasonable grounds to suspect that funds are crime-linked or connected to terrorism financing, and they must keep those reports confidential.

Internal escalation procedures should require front-line staff to send internal reports to the MLRO, who then decides whether a suspicion exists and an external STR or SAR is needed. The goAML message board keeps communication with the FIU within the portal, which both protects confidentiality and creates an audit trail.

Firms must also monitor sanctions-list updates and, where applicable, link goAML work with any automatic reporting systems for targeted financial sanctions.

Governance and Common Errors

Guidance for DNFBPs and licensed financial institutions explains that AML obligations sit within an overall governance framework, not only the compliance department.

Governance and record-keeping checkpoints:

• Assign clear responsibility to a named MLRO, with deputies and direct access to senior management.
• Maintain KYC files, monitoring outputs and STR working papers for at least five years after the relationship ends or the transaction date, as required by Cabinet Decision No. 10 of 2019.
• Run periodic reviews of goAML submissions for completeness, timeliness and narrative quality, then feed lessons back into training.
• Track enforcement trends and fine ranges, which in recent practice can reach between AED 50,000 and AED 1,000,000 for AML failures, including non-registration.

How Arnifi Supports goAML Registration and Reporting

Arnifi’s expert accounting and bookkeeping services in UAE helps DNFBPs and financial firms align goAML registration with their wider AML-CFT framework. We start with a gap review of licences, supervisory assignments, policies and existing reporting behaviour.

Our expert team then supports SACM and goAML registration, designs internal escalation routes and prepares simple checklists so staff know what to do when a suspicion arises.

After goAML goes live, Arnifi reviews sample reports, test record keeping and help management interpret new guidance or enforcement actions. 

This approach keeps goAML controls proportionate to the firm’s risk and resources and gives regulators clearer evidence that AML duties are taken seriously.

FAQs

Is goAML registration mandatory in the UAE?

Yes. Financial institutions and DNFBPs supervised under the AML law must register and use goAML to report suspicious transactions and activities.

Who supervises DNFBPs for goAML purposes?

The Ministry of Economy is the main supervisory body for DNFBPs with mainland and many commercial free-zone licences, while financial free zones have separate regulators.

Can one group licence use a shared goAML account?

Each legal entity that is a reporting entity usually needs its own registration and user structure, aligned with the relevant supervisor.

What happens if a firm misses goAML registration deadlines?

Authorities may treat this as an AML breach, with administrative fines and closer supervisory attention.

How often should goAML user access be reviewed?

Access should be checked regularly, especially when staff change roles, so only authorised personnel can view reports or submit STRs and SARs.