What is AML and why is it important in the UAE?

AML refers to laws preventing criminals from legitimizing illicit funds. It's essential in the UAE to protect financial systems and comply with global standards.

Who must comply with AML laws in the UAE?

All financial institutions and DNFBPs, including real estate brokers, auditors, and dealers in precious metals.

What are the key UAE AML regulations I should be aware of?

Federal Decree-Law No. (20) of 2018 and Cabinet Decision No. (10) of 2019 are the main AML laws.

What is the role of the Financial Intelligence Unit (FIU)?

The FIU analyzes suspicious activity reports (SARs) and forwards critical cases to relevant authorities.

What is goAML and how does it work?

goAML is the UAE’s FIU reporting platform used to submit suspicious transaction reports (STRs).

Why are real estate companies required to comply with AML?

They are considered DNFBPs due to high exposure to money laundering through property transactions.

How do I register my company with goAML?

Register via the SACM portal and complete goAML setup with business documents.

What documents are needed for goAML registration?

Trade license, Emirates ID, passport copy, authorization letter, and valid email.

What are the consequences of non-compliance?

Penalties from AED 50,000 to AED 1,000,000 depending on the violation.

How often should we update our AML policy?

Review your AML policy annually or when regulations/business processes change.

What is Customer Due Diligence (CDD)?

CDD means verifying a client’s identity and assessing their risk profile.

When is Enhanced Due Diligence (EDD) required?

For high-risk clients like PEPs or those from high-risk countries.

What documents are required for verifying clients?

ID, proof of address, trade license, and ownership info for entities.

How do we identify Ultimate Beneficial Owners (UBOs)?

By analyzing the ownership structure and requesting UBO declarations.

What is risk-based customer categorization?

Assigning risk levels (low/medium/high) based on client activity and profile.

What qualifies as a Suspicious Transaction?

Transactions inconsistent with a customer’s known profile or with no clear purpose.

What is a Suspicious Activity Report (SAR)?

A SAR reports suspicious behavior or transactions to the UAE FIU.

How do I file a SAR via goAML?

Log in to goAML, complete the SAR form, and submit it securely.

What is the deadline for submitting a report?

Submit SARs promptly upon identification of suspicious activity.

What happens after a SAR is submitted?

The FIU reviews it and may take further investigative or legal action.

What must an AML policy include?

Risk assessment, CDD, transaction monitoring, reporting, training, and audit processes.

Who should be designated as the Compliance Officer?

A senior employee with authority and AML knowledge to oversee implementation.

How often should we conduct AML training?

At least once a year and when there are regulatory or process changes.

What is an internal AML audit?

A structured review to check AML policy effectiveness and compliance gaps.

How do I create an AML risk assessment?

Identify, assess, and mitigate AML risks across clients, transactions, and processes.

What are sanctions lists and how do I screen against them?

They include names of restricted persons/entities. Screen clients against updated lists.

What is a Politically Exposed Person (PEP)?

Someone in a prominent public role, posing higher AML risk.

Do I have to report all PEP matches?

Not all, but apply EDD. Report if behavior appears suspicious.

How often should I update my screening database?

At least monthly or whenever there are updates to official sanctions/PEP lists.

Can screening be automated?

Yes. AML systems can automate name matching, reducing manual effort and false positives.

Understanding UAE AML Violations & Penalties – Part 1

Key Failures in Internal Controls & Risk Practices (Violations 1–10)

In the UAE, Cabinet Resolution No. (71) of 2024 outlines 41 specific violations that can lead to hefty fines for Designated Non-Financial Businesses and Professions (DNFBPs), including real estate companies.

At InfoAML, we believe that clarity is compliance. In this four-part series, we interpret each violation in plain language, link it to real estate scenarios, and help you avoid unnecessary penalties.

This first part covers Violations 1–10, focusing on governance, internal controls, and early-stage risk failures.

📌 Legal Notice:

This content is for general informational purposes only. While InfoAML strives to ensure accuracy, this blog does not constitute legal advice or replace formal consultation with a licensed compliance expert or lawyer in the UAE.

Violations 1–10 Explained

- Violation 1

"Failure to set policies, measures and internal controls approved by

the top management with the aim to combat committing crimes."

Fine: AED 100,000 – 200,000

Tags: governance, internal-controls

📌 If your company doesn’t have formal AML policies, or they weren’t approved and signed off by leadership, this is a violation.

Real estate example: A brokerage operates without a documented AML policy, relying on verbal guidance and outdated practices.

- Violation 2

"Internal policies and procedures are not consistent with the crime

risks and the nature and size of the facility, or failure to update

them continuously."

Fine: AED 50,000 – 100,000

Tags: governance, policy-review, risk-assessment

📌 Using a generic template not tailored to your business, or failing to update your policy with regulatory changes, violates this clause.

Tip: Update your policy at least once every 12 months.

- Violation 3

"Failure to apply internal policies, procedures, and controls to a

branch of the facility or a subsidiary company in which facility

holds a majority stake."

Fine: AED 50,000 – 100,000

Tags: group-compliance, subsidiary-governance

📌 If your company owns a second real estate branch or a sister company and doesn't apply the same AML policy there, you're in breach.

- Violation 4

"Failure to include any of the provisions listed in Article (20) of the Executive Regulation in the internal policies, procedures, and controls."

Fine: AED 50,000 – 200,000

Tags: internal-controls, policy-completeness

📌 Article 20 requires your AML policy to include things like customer due diligence, reporting procedures, compliance roles, internal audits, and training. Missing any of these? You're at risk.

- Violation 5

"Failure of the facility to take necessary measures and procedures to identify, assess, understand, document, and continuously update crime risks in its field, as well as to provide such information upon request."

Fine: AED 50,000 – 500,000

Tags: risk-assessment, documentation, audit-readiness

📌 You must identify risks tied to your business activities (e.g., property type, client base, countries of origin) and document them. Authorities can request this at any time.

- Violation 6

"Failure of the facility to consider all relevant risk factors, such as risks of customer. States, geographical regions, products and services, operations, and delivery channels of services and products before determining the overall risk level and the appropriate level of risk mitigation measures that will be applied."

Fine: AED 50,000 – 500,000

Tags: risk-factors, risk-based-approach

📌 This violation penalizes businesses that apply a one-size-fits-all approach to risk without looking at who the customer is or where the money is coming from.

Tip: Use a risk scoring matrix to meet this obligation.

- Violation 7

"Failure of the facility to undertake the actions and procedures necessary to mitigate the risks identified based on the results of the National Risk Assessment or the self-assessment process given the nature and scale of the violator’s business."

Fine: AED 50,000 – 1,000,000

Tags: risk-mitigation, national-risk-assessment

📌 If the UAE’s National Risk Assessment identifies real estate as high-risk and your firm ignores it, that’s noncompliance.

- Violation 8

"Failure of the facility to identify and assess the risks that may arise in the violator’s field of work when developing the services that the violator offers or when conducting new professional practices through its facility."

Fine: AED 50,000 – 500,000

Tags: new-products, service-expansion, risk-evaluation

📌 Launching a new service (e.g., fractional ownership) without evaluating its AML risks violates this rule.

Tip: Every new activity must trigger a documented risk check.

- Violation 9

"Failure to undertake the necessary customer due diligence measures before establishing the business relationship or performing a casual transaction in favour of the customer that is equal to or more than (AED 55,000), whether it is a sole or multiple transactions that seem connected, or upon making casual transactions in the form of telegraph transfers equal to or more than (AED 3,500) or when suspicion exists about the crime, data validity or sufficiency to identify the identity of the customer that was previously obtained."

Fine: AED 50,000 – 200,000

Tags: CDD, threshold-checks, client-verification

📌 You must verify the client’s identity before starting a relationship or handling large transactions (AED 55,000+ or AED 3,500+ telegraphic transfer).

Mistake to avoid: Letting a client pay a deposit before verifying ID.

Violation 10

"Failure of the facility to conduct risk management procedures with respect to circumstances where a customer would benefit from the business relationship before the verification process."

Fine: AED 100,000 – 500,000

Tags: risk-control, CDD-lapse, early-engagement-risk

📌 If a buyer receives benefits (e.g., offer letters or booking confirmations) before KYC is completed, you must apply strict temporary controls or halt the process.

Final Thoughts – Part 1

These first 10 violations reflect foundational weaknesses, poor policies, insufficient risk evaluation, and early-stage failures in customer due diligence.

Many real estate companies unknowingly fall into these traps. But the penalties are real, and increasingly enforced.

👉 Continue to Part 2 – Violations 11–20

Learn how missing CDD/EDD steps or failing to verify client identity can lead to hefty penalties.

Resources

Download Official PDF – Cabinet Resolution No. (71) of 2024

You might find the following related blogs helpful:

→ Understanding AML Violations & Penalties in the UAE – Part 4: Sanctions Compliance, Freezing Obligations & Internal Policy Failures (Violations 31–41)

→ Understanding AML Violations & Penalties in the UAE – Part 2: Customer Identification, EDD & Risk Follow-Up (Violations 11–20)

Looking for an all-in-one platform to manage UAE AML compliance solution?
👉 Explore our AML Compliance Solution for UAE

in Compliance Insights

Share this post

Our blogs

The Hidden Risks of Skipping AML Checks in Real Estate Deals

(And What It Could Cost You)

Follow us

Understanding UAE AML Violations & Penalties – Part 1

Violations 1–10 Explained

- Violation 1

- Violation 2

- Violation 3

- Violation 4

- Violation 5

- Violation 6

- Violation 7

- Violation 8

- Violation 9

Violation 10

Final Thoughts – Part 1

Resources

Share this post

Our blogs

Follow Us