Ongoing Due Diligence in AML: What to Do After Onboarding Your Customer

A Practical Guide for UAE DNFBPs to Stay Compliant Beyond the First Check

Introduction

So, you’ve onboarded the customer, done the screening, and completed the risk assessment. Job done?

Not quite.

In the UAE, AML compliance doesn’t stop after onboarding. Ongoing Customer Due Diligence (OCDD) is a legal requirement, and skipping it could land your business in trouble during inspections or audits.

Here’s what every real estate broker, gold trader, and professional service provider (DNFBP) in the UAE needs to know about staying compliant after a client signs up.

What Is Ongoing Customer Due Diligence?

OCDD refers to regularly reviewing customer information and behavior after the initial onboarding process.

It’s about ensuring that your understanding of the customer stays accurate, and that you’re not missing new red flags.

Why OCDD Matters Under UAE AML Law

Under Cabinet Resolution No. (10) of 2019, businesses must monitor their clients on an ongoing basis, especially those with medium or high-risk ratings.

Failure to do so may lead to:

  • Regulatory penalties – Including fines or license suspension
  • Missed suspicious activity – Like hidden ownership or abnormal transactions
  • Inadequate records – Which weakens your position during inspections

One-Time Customers vs. Ongoing Relationships

Not every customer needs continuous monitoring.

  • One-Time Customers
    E.g., a property buyer using a broker for a single transaction.
    Once the deal is closed and documented, the broker's AML obligations end (except for record retention). No re-screening or periodic checks are required unless the client returns.
  • Ongoing Relationships
    E.g., long-term clients with multiple transactions or developers receiving 10-year installment payments.
    These require ongoing due diligence since risk exposure continues over time.

Your AML process must reflect the nature of the business relationship.

When to Perform OCDD

Here’s when you should trigger OCDD:

  • Periodic Review (Annual or Risk-Based)
    Ensure medium/high-risk clients are reviewed at least annually, more frequently if needed.
  • New Transaction or Re-engagement
    If a one-time client comes back for another transaction, re-screening is mandatory.
  • Change in Ownership or Control
    Update CDD files if there's a new shareholder, UBO, or key management change.
  • Unusual or Suspicious Activity Detected
    Investigate and update risk assessments immediately.
  • Change in Customer Risk Profile
    If risk increases (e.g., client becomes a PEP), trigger enhanced due diligence.

What OCDD Includes (Checklist)

Here’s what an effective OCDD process looks like:

  • Review of KYC Information
    Check if ID documents, licenses, or contact details need updating.
  • Repeat Screening (Sanctions & PEP)
    Re-run the customer’s name against updated watchlists.
  • Update of Risk Assessment
    Re-evaluate client risk level based on new information or behavior.
  • Monitoring of Transactions
    Check for abnormal amounts, new countries, or suspicious payment patterns.
  • Review of Source of Funds/Wealth (if EDD applies)
    Ensure explanations still make sense and match financial activity.
  • Logging and File Retention
    Maintain clear records of all OCDD actions for audit purposes.

What Inspectors Look For

During inspections, regulators will often ask:

  • “When was the last review done on this client?”
    Be ready to show the date and outcome.
  • “Do you perform periodic re-screening?”
    You should have logs or reports to prove this.
  • “Have you updated risk scores over time?”
    Static risk scores can signal neglect.
  • “Where are the updated documents?”
    Files should be organized and easy to access.

Failure to answer these confidently could raise red flags, even if no violations occurred.

Bonus: How InfoAML Simplifies OCDD

With InfoAML, ongoing customer due diligence becomes a structured, auditable process:

  • Auto-Screening Reminders
    Get alerts when re-screening is due based on risk level or time elapsed.
  • Centralized KYC Updates
    Update documents directly in the customer profile, with time stamped history.
  • Built-in Risk Reassessment
    Recalculate risk scores after each review with just a few clicks.
  • ransaction Monitoring Log
    Monitor client transactions and flag anomalies, with notes and follow-ups.
  • Audit-Ready OCDD Records
    Generate reports that show inspectors your full OCDD trail.

With InfoAML, you don’t need spreadsheets or sticky notes, everything’s built in.

Final Thought

Ongoing Due Diligence isn’t optional, it’s a core part of AML compliance. Even if you only deal with a client once, your records must show why OCDD wasn’t required.

For active or high-risk clients, skipping OCDD is a serious gap that could cost you during audits.

Stay proactive. Stay documented. Stay ahead.

👉 Book a Free Demo

See how InfoAML makes ongoing customer due diligence easy, and inspection-ready.

Share this post
Our blogs
How to Conduct an Internal AML Audit in Your UAE Business
A Step-by-Step Guide to Strengthen Your Compliance Before the Inspectors Arrive