Navigating Anti-Money Laundering (AML) regulations in the UAE real estate sector can be complex. This page answers the most common AML questions faced by brokers, developers, and Designated Non-Financial Businesses and Professions (DNFBPs). From goAML registration and suspicious transaction reporting to KYC requirements and sanctions screening, you'll find practical, up-to-date guidance tailored for the UAE market, whether you're operating in Dubai, Abu Dhabi, or beyond.
What is AML and why
is it important in the UAE?
Anti-Money Laundering
(AML) refers to laws and procedures designed to prevent criminals from
disguising illegally obtained funds as legitimate income. In the UAE, AML is
crucial to protect the financial system and uphold international standards. The
UAE has implemented Federal Decree-Law No. (20) of 2018 to combat money
laundering and terrorism financing.
Who must comply with
AML laws in the UAE?
All financial institutions and Designated Non-Financial Businesses and Professions (DNFBPs), including real estate brokers, auditors, and dealers in precious metals, are required to comply with AML regulations.
What are the key UAE
AML regulations I should be aware of?
Key regulations include:
- Federal Decree-Law No. (20) of 2018 on AML and Combating the Financing of Terrorism.
- Cabinet Decision No. (10) of 2019, which provides implementing regulations.
What is the role of
the Financial Intelligence Unit (FIU)?
The UAE FIU analyzes suspicious transactions and activities related to money laundering and terrorism financing, based on reports from financial institutions and DNFBPs.
What is goAML and how
does it work?
goAML is an online
platform developed by the UNODC and implemented in the UAE to facilitate the
reporting of suspicious transactions. Entities must register and use goAML to
submit Suspicious Transaction Reports (STRs) to the FIU.
Why are real estate
companies required to comply with AML?
Real estate
transactions can be exploited for money laundering. Therefore, real estate
brokers and agents are classified as DNFBPs and must adhere to AML regulations.
How do I register my company with goAML?
Registration involves two steps:
- Registering on the SACM (Service Access Control Manager) portal.
- Completing the goAML registration with required documents.
What documents are
needed for goAML registration?
Typically, the following are required:
- Trade license.
- Emirates ID and passport copies of the authorized person.
- Authorization letter.
- Company's official email address.
What are the
consequences of non-compliance?
Non-compliance can result in penalties ranging from AED 50,000 to AED 1,000,000, depending on the violation.
How often should we
update our AML policy?
AML policies should be reviewed and updated regularly, especially when there are changes in regulations or business operations. While specific intervals aren't mandated, annual reviews are considered best practice.
What is Customer Due Diligence (CDD)?
CDD involves verifying the identity of clients, understanding the nature of their activities, and assessing the risk they may pose. It's a fundamental component of AML compliance.
When is Enhanced Due Diligence (EDD) required?
EDD is necessary for high-risk clients, such as politically exposed persons (PEPs) or those from high-risk countries. It involves more rigorous verification processes
What documents are
required for verifying clients?
Typically:
- Valid identification (e.g., passport, Emirates ID).
- Proof of address.
-
For entities: trade
license, ownership structure, and details of UBOs.
How do we identify
Ultimate Beneficial Owners (UBOs)?
UBOs are individuals who ultimately own or control a company. Identifying UBOs involves examining ownership structures and obtaining declarations from clients.
What is risk-based
customer categorization?
It's the process of
classifying clients based on their risk levels (low, medium, high) to determine
the appropriate level of due diligence and monitoring.
What qualifies as a Suspicious Transaction?
Transactions that are inconsistent with a client's known profile or have no clear economic purpose may be deemed suspicious. Examples include large cash deposits or rapid movement of funds without justification.
What is a Suspicious Activity Report (SAR)?
A SAR is a report submitted to the FIU detailing any transaction or activity that raises suspicion of money laundering or related offenses.
How do I file a SAR via goAML?
After registering on goAML, log in to your account, navigate to the reporting section, fill out the SAR form with relevant details, and submit it electronically.
What is the deadline for submitting a report?
While specific deadlines can vary, it's imperative to submit SARs promptly upon identifying suspicious activity. Delays can result in penalties.
What happens after a SAR is submitted?
The FIU reviews the
report and may initiate further investigations or share the information with
relevant authorities. The reporting entity should maintain confidentiality and
await any further instructions.
What must an AML policy include?
An AML policy should outline procedures for client onboarding, risk assessment, transaction monitoring, reporting mechanisms, and staff training.
Who should be designated as the Compliance Officer?
A senior staff member
with sufficient authority and resources should be appointed to oversee AML
compliance and liaise with regulatory bodies.
How often should we conduct AML training?
Regular training is essential. While the frequency isn't strictly defined, annual training sessions are recommended, with additional sessions when regulations change.
What is an internal AML audit?
It's a review process to assess the effectiveness of AML policies and procedures, ensuring compliance and identifying areas for improvement.
How do I create an AML risk assessment?
Begin by identifying
potential risks associated with your business activities, clients, and
transactions. Evaluate the likelihood and impact of these risks and implement
controls to mitigate them
What are sanctions lists and how do I screen against them?
Sanctions lists identify individuals or entities restricted from certain activities. Screening involves checking clients against these lists to ensure compliance.
What is a Politically Exposed Person (PEP)?
A PEP is someone who holds or has held a prominent public position, which may pose higher risks due to potential involvement in corruption or bribery.
Do I have to report all PEP matches?
Not necessarily. However, enhanced due diligence is required, and any suspicious activities involving PEPs should be reported to the FIU.
How often should I update my screening database?
Regular updates are
essential. While specific intervals aren't mandated, monthly updates are
considered best