AML Compliance for UAE Construction Companies: 2026 Risk Guide - adilzone | Corporate Consulting Services

Construction is one of the UAE’s most active and most exposed sectors. With record pipeline values across Dubai, Abu Dhabi and the northern Emirates, construction firms are now in scope for a wider set of anti-money laundering checks than most owners realise. This guide explains how AML compliance for UAE construction companies works in 2026, where the real risks sit, and what a defensible compliance programme looks like for builders, developers, and contractors operating under Federal Decree-Law No. 10 of 2025.

Quick Answer

UAE construction companies are not all classified as DNFBPs, but most carry indirect AML/CFT obligations through real estate dealings, beneficial ownership rules, sanctions screening duties on suppliers, and predicate-offence exposure to bribery and procurement fraud. Firms that buy, sell or broker real estate as part of their work fall directly under the DNFBP regime and must register on goAML, run customer due diligence, and file suspicious transaction reports. Even contractors that never touch a property title face supplier sanctions screening obligations, UBO disclosure requirements, and corporate criminal liability for laundering predicate offences. A risk-based AML programme, sized to the firm’s exposure, is the safest position under the current Federal Decree-Law No. 10 of 2025 framework.

Key Takeaways

Direct DNFBP scope: Construction firms that act as real estate brokers, agents, or developers selling units fall under the Ministry of Economy DNFBP regime and must register with goAML.
Indirect AML duties: All UAE construction companies must comply with sanctions screening, UBO disclosure, and predicate-offence prevention rules, regardless of DNFBP classification.
High-risk typologies: Cash-intensive wage payments, layered subcontractor chains, opaque supplier ownership, and equity flows from foreign investors are common red flags in construction ML cases.
Federal Decree-Law No. 10 of 2025: The replacement for Decree-Law No. 20 of 2018 raises supervisory expectations and broadens enforcement reach against beneficial owners and senior managers.
Sanctions exposure: Equipment, steel, and material supply chains touch jurisdictions on UN, OFAC, EU, and UAE Local Terrorist List, requiring documented screening.
Penalties: Administrative fines start from AED 50,000 per violation and scale up to multi-million-dirham levels for repeated or institutional failings, with possible licence suspension.
Practical first step: Run a sectoral ML/TF risk assessment, identify which obligations apply, and build a proportionate programme covering policy, training, screening, monitoring, and audit.

Are UAE Construction Companies Required to Have an AML Programme?

The short answer is: it depends on what the construction company actually does. UAE AML/CFT law splits regulated activities into Licensed Financial Institutions (LFIs), supervised by the Central Bank of the UAE (CBUAE), and Designated Non-Financial Businesses and Professions (DNFBPs), supervised by the Ministry of Economy and the relevant free zone authority. Pure-play general contractors are usually outside the explicit DNFBP perimeter, but several construction-sector activities pull a firm into scope.

When Construction Activity Triggers DNFBP Status

A construction company operates as a DNFBP, in whole or in part, when it performs any of the following activities:

Real estate brokerage or agency: Marketing, advertising, or facilitating sale or lease of completed units, including off-plan sales by a developer’s in-house sales team.
Real estate development with direct sale: Developers that sell units directly to end-buyers or investors carry the same UAE AML obligations as any property broker on those transactions.
Trading in precious metals or stones above the threshold: Some specialist contractors handling architectural metals or jewellery-grade fittings need to monitor whether transaction values cross the AED 55,000 DPMS reporting threshold.
Corporate or trustee services for project SPVs: Setting up and administering project companies for third parties triggers Corporate Service Provider obligations under Cabinet Decision No. 10 of 2019 and its updates.

If any of these apply, the firm must register on the goAML portal, designate a Compliance Officer and Money Laundering Reporting Officer (MLRO), build a documented AML/CFT policy, and submit suspicious transaction reports when red flags appear. Refer to our deeper explainer on AML policy obligations for the full DNFBP duty stack.

Indirect AML Obligations Every Builder Faces

Even a construction company that never sells a unit and never administers a trust still cannot ignore AML/CFT controls. Three obligation streams reach all UAE entities, including pure contractors:

Targeted Financial Sanctions: Cabinet Decision No. 74 of 2020 obliges every UAE-licensed entity to screen counterparties against the UN Security Council Consolidated List and the UAE Local Terrorist List, freeze assets when there is a match, and report to the Executive Office for Control and Non-Proliferation. See our guide on Targeted Financial Sanctions in the UAE.
Beneficial Ownership disclosure: Cabinet Decision No. 58 of 2020, extended in subsequent guidance, requires every commercial entity to identify and register its ultimate beneficial owners with the licensing authority and keep that record current. Construction groups with layered shareholdings need particular care here.
Predicate-offence exposure: Federal Decree-Law No. 10 of 2025 retains the doctrine that any person who knowingly handles, conceals, or transfers funds derived from a predicate offence commits money laundering. Construction sector predicate offences include bribery, fraud, embezzlement, environmental crime, and tax evasion.

In other words: even a contractor with no property sales pipeline still has to screen suppliers, file UBO data, and avoid conduct that would expose senior management to laundering charges in connection with bribery, fraud, or sanctions evasion.

AML Risks Specific to UAE Construction

The Financial Action Task Force has flagged construction as a high-risk sector in successive typology reports, and UAE supervisors have echoed those findings in the National AML/CFT Strategy 2024-2027. The risk surface inside a UAE construction business sits across four main areas.

Cash-Intensive Subcontractor and Wage Payments

Site-level cash flows remain a vulnerability across the GCC. Daily and weekly wage runs, petty cash for site supplies, and informal subcontractor payments can be exploited to layer or place illicit funds. The UAE Wage Protection System (WPS) has reduced cash payroll significantly, but project-side petty cash, bonus payments, and subcontractor labour costs still need monitoring. A sound control here pairs treasury policies (mandatory bank transfer thresholds, dual approval) with periodic reconciliation against project budgets.

Foreign Investor Equity in Real Estate Projects

Off-plan real estate has historically been one of the highest-flagged ML channels in FATF and MENAFATF reports. Where a construction company also acts as developer or co-investor, the source-of-funds question on incoming equity from offshore investors becomes a board-level risk. Layered structures (BVI, Cayman, Mauritius, Seychelles), unverified UBOs, and rapid resale of units before completion are recurring red flags. Our explainer on money laundering through UAE real estate sets out the typical typologies that intersect with construction.

Procurement Fraud and Supplier Sanctions Exposure

Materials procurement (steel, cement, MEP equipment, finishing fittings) often spans multiple jurisdictions, including some on US, EU, UK, and UN restrictive measures lists. A UAE contractor that imports goods or services from a sanctioned counterparty, even via intermediaries, exposes itself to civil penalties and reputational damage. Effective controls include:

Documented onboarding due diligence on tier-1 and tier-2 suppliers
Sanctions screening at onboarding and on a continuous basis using a screening engine that covers OFAC, UNSC, EU, UK-HMT, and the UAE Local Terrorist List
Periodic re-verification of beneficial ownership for high-value vendors
Adverse media monitoring on key counterparties (corruption, bribery, fraud allegations)

Build a Defensible Vendor Screening Layer
First Compliance screens supplier names against 1,800+ sanction lists (UN, OFAC, EU, UK-HMT, FINTRAC, AUSTRAC, UAE Local Terrorist List) and 5.5 million PEP and adverse media records, with continuous re-screening. Explore First Compliance »

Predicate Offence Exposure (Bribery, Corruption, Fraud)

Construction worldwide is a top sector for bribery and corruption complaints. Permits, inspections, change orders, retention payments, and tendering all create touchpoints where corrupt payments can be solicited or made. Under Federal Decree-Law No. 10 of 2025, any UAE company knowingly handling proceeds linked to a corruption or bribery offence commits a money laundering offence in its own right. The control answer is integrated: anti-bribery and corruption (ABC) controls, gift and hospitality registers, third-party intermediary due diligence, and AML monitoring should be designed to share data, not run in silos. Our guide to predicate offences in the UAE covers the broader mapping.

Federal Decree-Law No. 10 of 2025: What Construction Firms Need to Know

Federal Decree-Law No. 10 of 2025 replaces Federal Decree-Law No. (20) of 2018 as the principal AML/CFT statute and is supported by Cabinet Decision No. 134 of 2025 on implementing regulations. For construction companies, three changes deserve attention:

Broader scope of secondary liability: Senior managers, beneficial owners, and persons exercising effective control can be held individually accountable where systemic AML failures occur.
Higher administrative penalties: Supervisors have been given larger enforcement toolkits, including escalating fines, public censure, and licence-related measures, in line with the 2024-2027 National Strategy commitments to FATF.
Tighter information-sharing: The amendments reinforce cooperation between CBUAE, Ministry of Economy, free zone authorities, the FIU, and law enforcement, including for non-financial sectors such as construction.

For a full walkthrough of the new framework, see our guide to Federal Decree-Law No. 10 of 2025.

Building a Risk-Based AML Programme for a Construction Company

The FATF Risk-Based Approach (RBA) is the anchor methodology in UAE AML/CFT supervision. A construction company should not buy a generic financial-services AML manual and bolt it on. The programme must reflect the firm’s actual ML/TF risk profile, scaled to its size, geographic footprint, project mix, and counterparty universe. The six-step structure below works for most mid-sized to large UAE construction groups.

Step 1: Sectoral Risk Assessment (ML/TF Typologies)

Document the firm’s exposure across the four FATF risk dimensions: customer risk, geographic risk, product or service risk, and delivery channel risk. For a contractor, customer risk includes the ownership profile of clients (private buyers, sovereign entities, joint ventures), while delivery channel risk includes whether sales or onboarding happen face-to-face, online, or through agents.

Quick reference: typical risk drivers in UAE construction

Risk dimension	Higher-risk indicators
Customer	Foreign UBOs in offshore jurisdictions, PEP-linked clients, complex SPV structures
Geographic	Counterparties in FATF grey-listed or high-risk third countries, sanctioned states
Product / service	Off-plan unit sales, pre-completion resale, large cash deposits
Delivery channel	Non-face-to-face onboarding, third-party agents, intermediated payments

Step 2: Counterparty and Supplier Due Diligence

Customer Due Diligence (CDD) is mandatory at onboarding for any client falling under the DNFBP perimeter and is a strong-practice baseline for all material counterparties. The minimum dataset includes legal name, trade licence and date of incorporation, registered address, ownership structure to UBO level, and the nature and intended purpose of the relationship. Enhanced Due Diligence (EDD) applies for higher-risk relationships, including PEPs, complex offshore structures, and counterparties from high-risk jurisdictions.

Suppliers should be onboarded under a similar framework, with the depth of checks scaled to contract value and country exposure. A practical tier model:

Tier A (annual contract value above AED 5 million or sanctioned-region exposure): Full CDD plus EDD, sanctions screening, UBO verification, adverse media check.
Tier B (mid-value, low-risk geography): Standard CDD plus sanctions screening at onboarding and annually.
Tier C (low-value, domestic): Identity verification and one-off sanctions screening.

Our practitioner walkthrough of customer due diligence in the UAE details the regulatory expectations and documentation standard.

Step 3: Beneficial Ownership Verification

Identify the natural persons that ultimately own or control 25% or more of any material counterparty (the standard UAE threshold), and document how that conclusion was reached. Construction groups with multi-tier shareholdings should also map their own UBO chain and keep the licensing authority filing current. Read more on beneficial ownership obligations in the UAE.

Step 4: Transaction and Payment Monitoring

Continuous monitoring of receipts and payments helps spot structuring, layering, and unusual third-party flows. Practical controls in a construction setting include:

Automated alerts for cash payments above AED 55,000 in any 30-day window with the same counterparty
Round-amount payments received from offshore accounts
Third-party payments where the payer is not the contracting counterparty
Payments to or from jurisdictions on the UAE high-risk list
Refunds or cancellations followed by rapid resale at higher prices

Step 5: Sanctions and PEP Screening

Sanctions screening must cover at minimum the UN Consolidated List, the UAE Local Terrorist List, and any sanctions regime the firm has commercial exposure to (typically OFAC, EU, UK-HMT). PEP screening should pick up domestic, foreign, and international-organisation PEPs, plus their close associates and family. Screening must be done at onboarding, on every change of beneficial ownership, and on a continuous basis as lists are updated. Our explainer on building an AML programme details the operational design.

Step 6: STR/SAR Filing via goAML

Where reasonable suspicion arises, the MLRO must file a Suspicious Transaction Report (STR) or Suspicious Activity Report (SAR) on the goAML portal operated by the UAE Financial Intelligence Unit. Filing must happen without tipping off the customer. For construction firms, common triggers include unexpected third-party settlement of an off-plan instalment, a buyer’s refusal to provide source of funds, and supplier invoices that materially diverge from delivered goods. The same goAML registration is also where DPMS-eligible transactions are reported.

Get an Independent Read on Your Programme
Adil Zone conducts independent AML/CFT audits across four scopes (Federal Decree-Law, DFSA-regulated, VARA-regulated, and Sourcing Supply Chain) and delivers a Remedial Action Plan. Request a free gap-analysis consultation »

Common Compliance Failures and How to Avoid Them

Across UAE inspection findings on the construction and adjacent sectors, the same patterns recur. Knowing them in advance is the cheapest way to fix them.

No documented sectoral risk assessment: The firm has policies but cannot evidence how risks were identified or rated. Fix: produce a board-approved risk assessment, refreshed annually.
Untrained staff: Front-line sales agents, project commercial leads, and procurement officers cannot recognise red flags. Fix: deliver role-based AML training and keep attendance and assessment records.
Manual sanctions screening: Using free public lists in spreadsheets cannot keep pace with daily updates. Fix: deploy an automated screening tool covering all relevant lists.
UBO data stale: Beneficial ownership entries on the licensing portal have not been refreshed after share transfers. Fix: link UBO refresh to internal corporate-secretarial workflow.
No independent audit: Compliance is signed off by the same team that runs it. Fix: commission an annual independent AML/CFT audit, sized to the firm’s risk profile.

Our broader AML compliance checklist for UAE businesses applies to construction firms with minor sectoral adjustments.

Penalties and Enforcement

UAE supervisors have moved decisively into a higher-tempo enforcement posture since 2022 and continue under the Federal Decree-Law No. 10 of 2025 framework. For construction-sector entities, exposure runs across:

Administrative fines: From AED 50,000 per violation, scaling to multi-million-dirham levels for repeat or institutional failures.
Trade licence suspension or non-renewal: For sustained non-compliance, with cascading effects on visas and bank facilities.
Criminal liability for natural persons: Including senior management and beneficial owners where complicity in laundering or sanctions breach is established.
Asset freezing: Under targeted financial sanctions regulations.
Reputational and bid-eligibility consequences: Public censure can disqualify firms from government and quasi-government tenders.

For an overview of the regulatory landscape and the bodies that enforce it, the Central Bank of the UAE and the Financial Action Task Force publish current guidance and enforcement updates.

Train the People Who Touch the Risk
Compliance 360 by Adil Zone offers 32 specialised AML/CFT courses, including modules tailored for senior management, MLROs, procurement leads, and sales teams in real estate and construction settings. View Compliance 360 training catalogue »

Frequently Asked Questions

Are construction companies classified as DNFBPs in the UAE?

Not by default. Construction firms become DNFBPs when they perform real estate brokerage or agency, sell developed units directly to buyers, trade in precious metals and stones above AED 55,000, or provide corporate or trustee services. A pure general contractor without these activities is outside the explicit DNFBP perimeter but still has indirect AML/CFT obligations through sanctions, UBO, and predicate-offence rules.

What law governs AML compliance for UAE construction companies in 2026?

Federal Decree-Law No. 10 of 2025, which replaces Federal Decree-Law No. (20) of 2018, is the principal statute. It is supported by Cabinet Decision No. 134 of 2025 (implementing regulations), Cabinet Decision No. 74 of 2020 (targeted financial sanctions), and Cabinet Decision No. 58 of 2020 (beneficial ownership), among other instruments.

Do construction companies need to register on goAML?

Yes, where the firm performs DNFBP activities such as real estate sale, brokerage, agency, or DPMS trading. goAML registration is mandatory before any STR or DPMS report can be filed. Pure contractors that do not perform DNFBP activity are not required to register but should monitor their activities, since adding a sales arm or precious-metals procurement above the threshold can change the position.

What are the biggest AML red flags in UAE construction?

Cash-intensive site payments without supporting documentation, third-party settlement of off-plan instalments, suppliers based in sanctioned or high-risk jurisdictions, opaque ownership of major counterparties, and sudden changes to project beneficial owners. These mirror the risks captured in our overview of AML red flags for UAE real estate.

How often should a construction firm refresh its AML risk assessment?

At minimum once a year, plus on any material event: launching a new project type, entering a new jurisdiction, onboarding a major new investor or supplier, or after a regulatory change such as Federal Decree-Law No. 10 of 2025 and Cabinet Decision No. 134 of 2025.

Who should serve as the MLRO in a construction company?

The MLRO should be a senior employee with sufficient seniority, independence, and access to the board. In a small or mid-sized firm, the role is often held by the Compliance Officer, the CFO, or a senior legal counsel. Larger groups appoint a dedicated MLRO. Outsourcing the MLRO function to a regulated service provider is permitted in some scenarios, subject to documented oversight by the board.

What is the cost of building an AML programme for a construction company?

Cost varies with the firm’s size, project mix, and current state. A baseline programme for a mid-sized contractor typically covers a documented risk assessment, AML/CFT policy, MLRO appointment, screening tool licence, training, and an annual independent audit. The right comparison is not against the cost of doing nothing, but against potential administrative fines, licence risk, and bid-eligibility consequences if controls fail.

Can a construction firm outsource its AML compliance?

Yes, in part. Policy drafting, training, screening technology, and independent audit can all be sourced from a qualified compliance service provider. Ultimate accountability for the programme remains with the firm’s board and senior management, even where day-to-day operation is outsourced.