In the UAE, Cabinet Resolution No. (71) of 2024 outlines 41 specific violations that can lead to hefty fines for Designated Non-Financial Businesses and Professions (DNFBPs), including real estate companies.
At InfoAML, we believe that clarity is compliance. In this four-part series, we interpret each violation in plain language, link it to real estate scenarios, and help you avoid unnecessary penalties.
This first part covers Violations 1–10, focusing on governance, internal controls, and early-stage risk failures.
📌 **Legal Notice:**
This content is for general informational purposes only. While InfoAML strives to ensure accuracy, this blog does not constitute legal advice or replace formal consultation with a licensed compliance expert or lawyer in the UAE.
Violations 1–10 Explained
Violation 1
Failure to set policies, measures and internal controls approved by top management to combat crimes.
Fine: AED 100,000 – 200,000
Tags: governance, internal-controls
📌 If your company doesn’t have formal AML policies, or they weren’t approved and signed off by leadership, this is a violation.
Real estate example: A brokerage operates without a documented AML policy — relying on verbal guidance and outdated practices.
Violation 2
Internal policies and procedures are not consistent with risk, nature, or size of the business, or are not updated.
Fine: AED 50,000 – 100,000
Tags: governance, policy-review, risk-assessment
📌 Using a generic template not tailored to your business, or failing to update your policy with regulatory changes, violates this clause.
Tip: Update your policy at least once every 12 months.
Violation 3
Failure to apply internal controls to branches or majority-owned subsidiaries.
Fine: AED 50,000 – 100,000
Tags: group-compliance, subsidiary-governance
📌 If your company owns a second real estate branch or a sister company and doesn't apply the same AML policy there — you're in breach.
Violation 4
Failure to include provisions listed in Article (20) of the Executive Regulation in your internal policies.
Fine: AED 50,000 – 200,000
Tags: internal-controls, policy-completeness
📌 Article 20 requires your AML policy to include things like customer due diligence, reporting procedures, compliance roles, internal audits, and training. Missing any of these? You're at risk.
Violation 5
Failure to assess and document crime risks related to your business, and to provide such info when requested.
Fine: AED 50,000 – 500,000
Tags: risk-assessment, documentation, audit-readiness
📌 You must identify risks tied to your business activities (e.g., property type, client base, countries of origin) and document them. Authorities can request this at any time.
Violation 6
Failure to consider all relevant risk factors (e.g., customer, geography, services) before setting mitigation measures.
Fine: AED 50,000 – 500,000
Tags: risk-factors, risk-based-approach
📌 This violation penalizes businesses that apply a one-size-fits-all approach to risk without looking at who the customer is or where the money is coming from.
Tip: Use a risk scoring matrix to meet this obligation.
Violation 7
Failure to apply measures that mitigate risks identified in the National Risk Assessment or your own self-assessment.
Fine: AED 50,000 – 1,000,000
Tags: risk-mitigation, national-risk-assessment
📌 If the UAE’s National Risk Assessment identifies real estate as high-risk and your firm ignores it — that’s noncompliance.
Violation 8
Failure to assess risks arising when offering new services or conducting new business practices.
Fine: AED 50,000 – 500,000
Tags: new-products, service-expansion, risk-evaluation
📌 Launching a new service (e.g., fractional ownership) without evaluating its AML risks violates this rule.
Tip: Every new activity must trigger a documented risk check.
Violation 9
Failure to perform customer due diligence (CDD) before establishing a business relationship or above-threshold transactions.
Fine: AED 50,000 – 200,000
Tags: CDD, threshold-checks, client-verification
📌 You must verify the client’s identity before starting a relationship or handling large transactions (AED 55,000+ or AED 3,500+ telegraphic transfer).
Mistake to avoid: Letting a client pay a deposit before verifying ID.
Violation 10
Failure to apply risk management procedures when a customer benefits from a relationship before verification is complete.
Fine: AED 100,000 – 500,000
Tags: risk-control, CDD-lapse, early-engagement-risk
📌 If a buyer receives benefits (e.g., offer letters or booking confirmations) before KYC is completed, you must apply strict temporary controls or halt the process.
Final Thoughts – Part 1
These first 10 violations reflect foundational weaknesses — poor policies, insufficient risk evaluation, and early-stage failures in customer due diligence.
Many real estate companies unknowingly fall into these traps. But the penalties are real — and increasingly enforced.
👉 Continue to Part 2 – Violations 11–20
Learn how missing CDD/EDD steps or failing to verify client identity can lead to hefty penalties.
Resources
Tags for this blog:
internal-controls, governance, risk-assessment, CDD, policy-compliance, AML-violations-UAE, real-estate-risk