Strengthening Risk-Based AML Compliance for DNFBPs

Introduction

On August 5, 2025, the UAE Ministry of Economy and Tourism (MoET) released Circular No. 6 of 2025 to emphasise the importance of risk‑based customer due diligence measures so that DNFBPs such as real estate brokers and agents, dealers in precious metals and stones, auditors and accountants, and corporate service providers can better allocate their resources in conducting due diligence measures focusing on the risks of their customers.

This Circular is in clear alignment with the Financial Action Task Force (FATF’s) risk-based due diligence approach, which is considered the most effective way to combat money laundering (ML) and terrorist financing (TF). Rather than applying the same level of due diligence to all customers, the risk-based model allows firms to allocate their compliance resources where they are most needed: on higher-risk customers, products, and jurisdictions. This not only enhances detection and prevention of illicit activity but also avoids imposing unnecessary burdens on low-risk relationships.

To do so, DNFBPs should follow a two-stage process that entails assessing the risks of their customers and then applying risk-based due diligence measures accordingly.

The Two Stages for Risk-Based Due Diligence for DNFBPs

Stage 1: Customer Risk Assessment

The first stage of the risk-based due diligence process requires DNFBPs to conduct a structured Customer Risk Assessment by defining risk factors such as customer profile, geography, product or service, delivery channel, and other relevant elements. They need to assign risk levels using a clear scale and build a risk matrix to ensure consistent scoring throughout the process.

Based on the set parameters and categories, they must collect relevant information and assign an overall risk score to customers. The risk matrix needs to be updated regularly, and the entire process must be fully documented to ensure compliance and audit readiness through a complete audit trail of methodology, scoring, decisions, and actions taken.

Step 2: Applying Due Diligence Measures based on the Risk Assessment

Based on the assessed risks, appropriate due diligence measures will need to be implemented. A few of the measures for each of the SDD, CDD and EDD have been included here:

 

Risk rating	Due‑diligence type	Measures
Low	Simplified Due Diligence (SDD)	Applied only when low risk is evidenced and there is no suspicion of ML/TF. Identity verification is permitted after establishing the relationship, provided it is within defined thresholds. Reduced frequency of customer information updates and transaction monitoring. Acceptance of inferred purpose and nature of the relationship based on the product or service profile.
Medium	Customer Due Diligence (CDD)	Identification and verification of the customer and any authorised person during the establishment of business relations. Identification and verification of beneficial owners. Understanding of the purpose and intended nature of the business relationship or transaction. Ongoing monitoring of the relationship, with periodic refresh of customer information aligned to the assessed risk level.
High	Enhanced Due Diligence (EDD)	Obtaining additional information on customers and beneficial owners. Verification of the source of funds and, where relevant, source of wealth. Increasing the depth and frequency of monitoring. Obtaining senior management approval to onboard or continue the relationship.

Recent AML Fines in the DNFBP Sector

In the first half of 2025, the Ministry of Economy and Tourism (MoET) imposed fines of AED 42.5 million for 1,063 violations on the DNFBPs for failure to comply with AML regulations.

DNFBP Entity Type	Violations	Penalty Amount (AED)
Traders of Precious Metals & Gemstones Sector	473	20 million
Real Estate Brokerage sector	495	18.5 million
Corporate Service Providers and Auditors	95	4 million

These penalties are part of the UAE Government’s ongoing efforts to strengthen the country’s AML compliance framework. With the FATF-MENAFATF mutual evaluation onsite period scheduled for June 2026, these enforcement measures are expected to intensify for DNFBPs. The newly published Circular reinforces the importance of due diligence mechanisms, which are essential for DNFBPs to avoid penalties and other enforcement actions.

Building Stronger AML Compliance

The Circular underlines the need for DNFBPs to implement consistent, well-structured customer risk assessment and due diligence processes. An effective way to do this well is to establish a standardised compliance mechanism through AI/ML-based RegTech solutions. A comprehensive AML Compliance software helps DNFBPs to integrate multiple data sources for more accurate risk ratings, streamline due diligence procedures, and maintain full compliance with the UAE regulations.

AKW Consultants has been at the forefront of building such RegTech solutions. We have developed our very own Compliance Software targeted towards DNFBPs of different sizes so that the compliance requirements, depending upon complexities, can be managed. As the UAE Good Delivery Auditor and Ministry of Economy Approved Reviewer for gold refineries, and with extensive experience in working with DNFBPs, AKW has built a track record of delivering robust AML frameworks. We work both as an external consultant as well as an outsourced MLRO for the DNFBP sector and assist them during AML Inspections. We were also the Strategic Knowledge Partner at the DNFBP Compliance and Risk Summit in Dubai in April 2025.

As one of the UAE’s foremost authorities in AML compliance, discover how AKW Consultants’ AML/CFT/CPT compliance services can help you build and strengthen your AML frameworks in alignment with Circular No. 6 of 2025, as well as the broader UAE laws and regulations.