AML Compliance for Corporate Service Providers in Dubai

Corporate Service Providers (CSPs) in Dubai are classified as DNFBPs under UAE AML law and face heightened regulatory scrutiny. CSPs assist with company formation, registered agent services, and corporate administration — activities that can be exploited by those seeking to create opaque corporate structures for illicit purposes.

This guide covers the specific AML compliance requirements for CSPs operating in Dubai under Federal Decree-Law No. 10 of 2025 on Anti-Money Laundering, Combating Financing of Terrorism and Proliferation Financing (which replaced Federal Decree-Law No. 20 of 2018) and its implementing Cabinet Decision No. 134 of 2025.

Quick Answer

CSPs must implement comprehensive AML programmes including customer due diligence, beneficial ownership verification, sanctions screening, transaction monitoring, goAML registration, and staff training. Supervision extends across mainland Dubai and free zones including DIFC (supervised by the DFSA) and ADGM (supervised by the FSRA). Adil Zone has built its compliance framework on the First Compliance platform to ensure every client engagement meets regulatory standards.

Key Takeaways

• CSPs must apply a risk-based approach to every engagement — the corporate structures they create are among the most frequently misused vehicles for layering and integration of illicit funds.
• Beneficial ownership verification is non-negotiable: tracing through all corporate layers to identify the ultimate natural person is a mandatory obligation, not a best practice.
• PEP (Politically Exposed Person) screening and adverse media screening must be conducted on all directors, shareholders, and beneficial owners at onboarding and on an ongoing basis.
• Administrative fines for CSP AML failures reach up to AED 5,000,000 per violation; senior management and Compliance Officers can face personal criminal liability.
• First Compliance by Adil Zone automates the full CDD lifecycle for CSP engagements, from initial onboarding through periodic review and remediation.

Why CSPs Face Elevated AML Risk

CSPs are considered high-risk because they:

• Create corporate structures that can be used to conceal beneficial ownership, enabling layering and integration of illicit funds
• Provide nominee director and shareholder services that obscure the true controller
• Act as registered agents for companies with limited transparency
• Manage corporate accounts and documentation
• Facilitate international corporate structuring that may traverse multiple high-risk jurisdictions

These services, while legitimate, can be misused to establish shell companies, obscure the source of funds through predicate offences, and evade sanctions.

Core Compliance Obligations

Enhanced Customer Due Diligence

Given the elevated risk, CSPs applying a risk-based approach should treat enhanced CDD as standard practice:

• Verify the identity of all directors, shareholders, and beneficial owners
• Conduct PEP (Politically Exposed Person) screening and adverse media screening on all key parties
• Understand the purpose of the corporate structure and its genuine business rationale
• Assess the business rationale for the proposed arrangement
• Obtain source of funds and source of wealth information
• Screen all parties against UAE Local Terrorist List, UN Consolidated Sanctions List, and other applicable sanctions lists

First Compliance by Adil Zone automates the entire CDD process for CSP engagements, with AI-powered risk scoring that adapts to the specific risk profile of each corporate structure.

Beneficial Ownership Verification

CSPs must identify and verify the ultimate beneficial owners of every corporate entity they form or administer. This includes:

• Tracing ownership through multiple layers — a common layering technique uses chains of nominee entities
• Verifying the identity of natural persons at the end of the ownership chain
• Documenting the ownership structure comprehensively with source documents
• Updating records promptly when ownership changes
• Filing accurate beneficial ownership information with the relevant registry under UAE law

Ongoing Monitoring

CSPs must monitor the ongoing activities of entities they administer:

• Review corporate activities for consistency with the stated business purpose
• Monitor transactions through corporate accounts for typologies such as structuring, rapid movement of funds, or hawala-style transfers
• Flag unusual changes in ownership, directors, or business activity
• Conduct periodic reviews of the entire client portfolio using a risk-based approach

Adil Zone’s compliance expertise in corporate services means we understand the specific risks CSPs face. Our team provides tailored compliance solutions that balance regulatory requirements with operational efficiency.

Record Keeping

Maintain comprehensive records including:

• All CDD and EDD documentation
• Beneficial ownership records and verification source documents
• Corporate documents and registers
• Correspondence and instructions
• Transaction records and monitoring outputs

All records must be retained for at least five years after the business relationship ends, in line with Federal Decree-Law No. 10 of 2025 and Cabinet Decision No. 134 of 2025.

Red Flags for CSPs

• Clients who resist providing beneficial ownership information or supply incomplete details
• Requests for complex structures with no clear legitimate business rationale — a classic indicator of layering
• Formation of multiple companies in a short period without clear purpose
• Clients from high-risk jurisdictions with limited corporate transparency
• Requests for nominee services to conceal identity
• Entities with no apparent business activity or economic substance
• Unusual urgency in completing company formation that discourages thorough CDD

Frequently Asked Questions

Are all CSPs in Dubai required to comply with AML laws?

Yes. All CSPs operating in Dubai, including those in DIFC (supervised by the DFSA), ADGM (supervised by the FSRA), and other free zones, must comply with UAE AML regulations under Federal Decree-Law No. 10 of 2025.

What is the role of a CSP compliance officer?

The Compliance Officer (your Money Laundering Reporting Officer, or MLRO) oversees the AML programme, ensures CDD is conducted properly, manages STR filing through goAML, and reports to senior management on compliance matters.

Can CSPs rely on CDD conducted by other parties?

In limited circumstances, CSPs may rely on third-party CDD, but they remain ultimately responsible for compliance and must be satisfied that adequate measures were taken by a regulated, reputable third party.

How should CSPs handle nominee arrangements?

Nominee arrangements require enhanced due diligence under the risk-based approach, including verification of the beneficial owner behind the nominee, understanding the purpose of the arrangement, and ongoing monitoring for changes.

What penalties apply for CSP AML failures?

Administrative fines reach up to AED 5,000,000 per violation. Criminal penalties including imprisonment up to life apply for money laundering offences. Personal liability extends to the MLRO and senior management.

Related Reading

• Beneficial Ownership UAE AML
• AML Requirements Mainland DIFC ADGM
• DNFBP AML Compliance UAE 2026

Compliance Solutions for Corporate Service Providers

Adil Zone is both a CSP and a compliance solutions provider — giving us unique insight into the compliance challenges facing corporate service providers in Dubai. Our First Compliance platform automates CDD, beneficial ownership tracking, PEP and adverse media screening, and regulatory reporting for CSP operations.

Adil Zone’s advisory and consulting team also works directly with CSPs to design bespoke AML frameworks, draft policies aligned with DFSA and FSRA expectations, and prepare for regulatory inspections.

Contact Adil Zone today — visit adilzone.com or reach out to our compliance team.