What is AML and why is it important in the UAE?

AML refers to laws preventing criminals from legitimizing illicit funds. It's essential in the UAE to protect financial systems and comply with global standards.

Who must comply with AML laws in the UAE?

All financial institutions and DNFBPs, including real estate brokers, auditors, and dealers in precious metals.

What are the key UAE AML regulations I should be aware of?

Federal Decree-Law No. (20) of 2018 and Cabinet Decision No. (10) of 2019 are the main AML laws.

What is the role of the Financial Intelligence Unit (FIU)?

The FIU analyzes suspicious activity reports (SARs) and forwards critical cases to relevant authorities.

What is goAML and how does it work?

goAML is the UAE’s FIU reporting platform used to submit suspicious transaction reports (STRs).

Why are real estate companies required to comply with AML?

They are considered DNFBPs due to high exposure to money laundering through property transactions.

How do I register my company with goAML?

Register via the SACM portal and complete goAML setup with business documents.

What documents are needed for goAML registration?

Trade license, Emirates ID, passport copy, authorization letter, and valid email.

What are the consequences of non-compliance?

Penalties from AED 50,000 to AED 1,000,000 depending on the violation.

How often should we update our AML policy?

Review your AML policy annually or when regulations/business processes change.

What is Customer Due Diligence (CDD)?

CDD means verifying a client’s identity and assessing their risk profile.

When is Enhanced Due Diligence (EDD) required?

For high-risk clients like PEPs or those from high-risk countries.

What documents are required for verifying clients?

ID, proof of address, trade license, and ownership info for entities.

How do we identify Ultimate Beneficial Owners (UBOs)?

By analyzing the ownership structure and requesting UBO declarations.

What is risk-based customer categorization?

Assigning risk levels (low/medium/high) based on client activity and profile.

What qualifies as a Suspicious Transaction?

Transactions inconsistent with a customer’s known profile or with no clear purpose.

What is a Suspicious Activity Report (SAR)?

A SAR reports suspicious behavior or transactions to the UAE FIU.

How do I file a SAR via goAML?

Log in to goAML, complete the SAR form, and submit it securely.

What is the deadline for submitting a report?

Submit SARs promptly upon identification of suspicious activity.

What happens after a SAR is submitted?

The FIU reviews it and may take further investigative or legal action.

What must an AML policy include?

Risk assessment, CDD, transaction monitoring, reporting, training, and audit processes.

Who should be designated as the Compliance Officer?

A senior employee with authority and AML knowledge to oversee implementation.

How often should we conduct AML training?

At least once a year and when there are regulatory or process changes.

What is an internal AML audit?

A structured review to check AML policy effectiveness and compliance gaps.

How do I create an AML risk assessment?

Identify, assess, and mitigate AML risks across clients, transactions, and processes.

What are sanctions lists and how do I screen against them?

They include names of restricted persons/entities. Screen clients against updated lists.

What is a Politically Exposed Person (PEP)?

Someone in a prominent public role, posing higher AML risk.

Do I have to report all PEP matches?

Not all, but apply EDD. Report if behavior appears suspicious.

How often should I update my screening database?

At least monthly or whenever there are updates to official sanctions/PEP lists.

Can screening be automated?

Yes. AML systems can automate name matching, reducing manual effort and false positives.

The Buyer Comes Through Another Broker: Who Handles AML?

How UAE Real Estate Firms Can Manage KYC, CDD, and Inspection Evidence in Co-Brokerage Deals

Introduction

Co-brokerage is common in UAE real estate. A buyer may come through another brokerage, an introducing agent, or a third party who already has the client relationship.

Commercially, this makes sense. The introducing party wants to protect its customer relationship, and the receiving brokerage wants to participate in the transaction without creating unnecessary friction.

But from an AML perspective, one question becomes critical:

If the buyer comes through another broker, who is responsible for AML?

The short answer is this: the receiving real estate firm cannot rely only on a verbal statement such as “KYC is done.” It must either perform its own customer due diligence or maintain enough documented evidence to support the AML checks completed through the introducing broker or third party.

This blog explains how UAE real estate firms can manage co-brokerage transactions without weakening AML controls or damaging commercial relationships.

The Commercial Reality of Co-Brokerage Deals

In many real estate deals, the buyer is not introduced directly to the listing broker or receiving brokerage. Instead, another broker controls the customer relationship.

This creates a natural commercial concern:

Who owns the customer relationship?
Who is allowed to contact the buyer?
Will sharing buyer information expose the introducing broker to circumvention?
Can AML checks be completed without disrupting the deal?

These concerns are understandable. However, commercial protection should not result in weak compliance evidence.

A proper process can protect both sides: the customer relationship and the AML obligation.

Why “KYC Is Done” Is Not Enough

In practice, one brokerage may say:

“We already completed the KYC.”

That statement alone is not enough.

For AML purposes, the receiving firm should be able to explain and evidence:

who the buyer is,
whether the buyer is an individual or company,
whether UBO details were reviewed if the buyer is a company,
whether sanctions and PEP checks were performed,
whether the customer risk level was assessed,
whether source of funds or source of wealth was considered where required,
whether supporting documents can be obtained without delay.

If these points cannot be shown later, the business may struggle during inspection or internal review.

AML is not only about doing checks. It is about being able to prove what was checked, when, by whom, and on what basis.

Two Practical AML Routes

Before choosing the right route, one point must be clear:

In both cases, the receiving real estate firm must know enough about the buyer to make its own AML decision. The buyer is not hidden from compliance, and the firm should still be able to identify the buyer, review relevant CDD information, perform or verify screening, assess risk, and keep evidence for inspection.

The real difference is not whether the firm knows the buyer.

The difference is how the information reaches compliance:

directly from the buyer, or
through the introducing broker or third party.

That distinction leads to two practical AML routes.

Route 1: Direct CDD by the Receiving Firm

The first option is for the receiving firm to conduct its own customer due diligence directly with the buyer.

This may include:

collecting the buyer’s identity documents,
collecting trade license and UBO details if the buyer is a company,
performing sanctions and PEP screening,
assessing the customer’s risk level,
reviewing source of funds or source of wealth where needed,
documenting the compliance decision.

This route gives the receiving firm stronger control because it collects the information directly, performs the checks directly, and maintains the evidence in its own compliance file.

The downside is commercial sensitivity. The introducing broker may be concerned that direct contact with the buyer could affect the relationship or commission arrangement.

That is why the second route is often considered.

Route 2: CDD Supported by the Introducing Broker or Third Party

The second option is for the introducing broker or third party to provide the required CDD information and supporting evidence to the receiving firm’s compliance function.

This does not mean the receiving firm proceeds blindly.

The receiving firm should still receive enough information to:

identify the buyer,
understand the ownership structure if the buyer is a company,
perform or verify sanctions and PEP screening,
assess the customer’s risk level,
determine whether enhanced due diligence is required,
document the decision to proceed, pause, or escalate.

In this route, the introducing broker may remain the main commercial contact with the buyer, but the receiving firm’s compliance officer or MLRO should still have access to the AML evidence needed to make a defensible decision.

This approach can help protect the commercial relationship while still allowing the receiving firm to meet its AML obligations.

What a Third-Party Reliance Pack Should Include

A good third-party reliance pack may include:

buyer identity information,
KYC documents,
trade license and corporate documents if the buyer is a company,
UBO information where applicable,
sanctions screening results,
PEP screening results where applicable,
customer risk rating,
source of funds or source of wealth information where required,
confirmation that supporting documents can be provided without delay,
internal compliance approval or review notes.

This does not mean every document must be shared with every salesperson. Access can be limited to compliance or the MLRO.

The key point is that the AML evidence should exist, be reviewable, and be retrievable when needed.

How to Protect the Commercial Relationship

AML compliance does not have to destroy the commercial arrangement between brokers.

Commercial protection can be managed through:

co-brokerage agreements,
commission-sharing agreements,
confidentiality clauses,
non-circumvention clauses,
limiting customer information access to compliance only,
clearly stating that customer information is used for AML purposes only.

This helps both sides.

The introducing broker protects the relationship.

The receiving firm protects its AML position.

The compliance officer gets enough evidence to make a defensible decision.

What Compliance Should Ask Before Proceeding

Before accepting a third-party introduced buyer, compliance should ask:

Do we know who the buyer is?
Do we know whether the buyer is acting for themselves or another party?
If the buyer is a company, do we understand the ownership structure?
Have sanctions and PEP checks been completed or verified?
Is there any reason to apply enhanced due diligence?
Are source of funds or source of wealth documents required?
Can supporting documents be obtained quickly if requested?
Has the reliance decision been documented?

If the answer to these questions is unclear, the firm should not rush the transaction.

When the Firm Should Pause or Escalate

A real estate firm should pause or escalate the case if:

the introducing party refuses to provide basic CDD evidence,
the buyer identity is unclear,
UBO details are missing or inconsistent,
screening results are unavailable,
the buyer uses unusual payment methods,
source of funds cannot be explained where required,
the transaction appears unusual or suspicious.

In these cases, the matter should be reviewed by compliance or the MLRO.

If suspicion arises, the firm should follow its internal suspicious activity or suspicious transaction process and avoid tipping off any party.

Why This Matters During Inspection

During an inspection, the issue is rarely whether a co-brokerage deal existed. The issue is whether the firm can explain how AML risk was managed.

The firm may need to show:

why it relied on another party,
what evidence was reviewed,
who approved the reliance,
what screening or risk assessment was performed,
what happened if information was incomplete.

If the answer is only “the other broker told us KYC was done,” the position is weak.

If the answer is supported by documents, notes, approvals, and screening evidence, the position becomes much stronger.

The Regulatory Position: Reliance Is Possible, but Not Blind

UAE AML regulations allow regulated businesses to rely on a third party for certain Customer Due Diligence measures, but this reliance is conditional. The relying firm remains responsible for the accuracy of the CDD measures, must ensure the third party is regulated and supervised, must obtain the necessary identification information immediately, and must be able to obtain copies of required documents without delay.

For real estate firms, this point is especially important. Cabinet Resolution No. (134) of 2025 treats real estate brokers and agents as DNFBPs when they conclude transactions or settlements for customers in relation to the purchase or sale of real estate. The same regulation requires CDD, ongoing monitoring, proper record-keeping, and prohibits proceeding where CDD cannot be applied.

In practical terms, working with an introducing broker is allowed, but it should not become blind reliance. The receiving firm must still keep enough AML evidence to identify the buyer, assess risk, support the compliance decision, and defend the file during inspection.

Where InfoAML Helps

InfoAML helps real estate firms maintain structured AML evidence around customers and transactions.

In co-brokerage scenarios, InfoAML can support the compliance process by helping teams:

store customer and transaction documents in one place,
keep screening results attached to the customer file,
record internal risk notes and compliance decisions,
maintain evidence for review and inspection,
separate commercial activity from compliance review.

As digital KYC intake becomes more common, firms can also reduce manual document chasing and ensure customer information enters the compliance workflow in a more structured way from the beginning.

The objective is simple: make the transaction easier to manage today and easier to defend later.

Conclusion

Co-brokerage transactions are part of real estate business. They are commercially normal and often necessary.

But AML responsibility cannot disappear simply because the buyer came through another broker.

A receiving firm should either perform its own due diligence or maintain a documented, defensible process where CDD information reaches compliance through the introducing broker or third party. Commercial protection and AML compliance can work together, but only when the process is clear.

In real estate AML, the safest position is not “KYC is done.”

The safest position is:

KYC is evidenced, reviewed, documented, and inspection-ready.

You May Also Find These Blogs Useful

in Compliance Insights

Share this post

Our blogs

The Complete AML Compliance Checklist for UAE Businesses: Built from Real RAP and Inspection Findings

A comprehensive, inspection-ready framework based on real deficiencies identified in UAE AML reviews.

Follow us