How to Conduct an AML Self-Assessment for DNFBPs

Designated Non-Financial Businesses and Professions (DNFBPs) in the UAE face the same AML obligations as financial institutions under Federal Decree-Law No. 10 of 2025 on Anti-Money Laundering, Combating Financing of Terrorism and Proliferation Financing (which replaced Federal Decree-Law No. 20 of 2018) and its implementing Cabinet Decision No. 134 of 2025. Conducting a regular self-assessment of your AML programme is essential for identifying gaps before regulators find them.

This guide provides a practical framework for DNFBPs to evaluate their compliance readiness.

Quick Answer

An AML self-assessment involves systematically reviewing your compliance programme against regulatory requirements, identifying weaknesses, and implementing corrective actions. Key areas include governance, risk assessment, CDD, transaction monitoring, reporting, and training. Adil Zone’s First Compliance platform provides built-in compliance dashboards that simplify self-assessment for DNFBPs.

Key Takeaways

  • A self-assessment must cover all eight compliance pillars: governance, risk assessment, CDD, transaction monitoring, reporting, sanctions and TFS screening, training, and record keeping.
  • Apply a genuine risk-based approach when evaluating each area — superficial policies score poorly both in self-assessment and in regulatory inspections.
  • Every DNFBP must have an appointed Compliance Officer (your Money Laundering Reporting Officer, or MLRO) with documented authority and a clear reporting line to senior management.
  • Use self-assessment findings to create a time-bound action plan — regulators expect to see evidence that gaps are identified and remediated proactively.
  • Administrative fines of up to AED 5,000,000 per violation make early identification of compliance gaps a financial as well as legal imperative.

What Are DNFBPs Under UAE Law?

DNFBPs supervised by the Ministry of Economy, CBUAE, DFSA, FSRA, and sector-specific regulators include:

  • Real estate agents and brokers
  • Dealers in precious metals and stones (DPMS)
  • Lawyers and notaries
  • Accountants and auditors
  • Corporate service providers (CSPs)
  • Trust and company service providers

All DNFBPs must implement AML/CFT programmes equivalent to those required of financial institutions.

Why Regular Self-Assessment Matters

Regulatory inspections assess not just whether you have policies, but whether they are effective. A self-assessment helps you:

  • Identify compliance gaps proactively
  • Prepare for regulatory inspections
  • Demonstrate a culture of compliance and a genuine risk-based approach
  • Reduce the risk of penalties and enforcement actions

Self-Assessment Framework

Area 1: Governance and Oversight

  • Is a qualified Compliance Officer/MLRO appointed with adequate authority?
  • Does senior management actively oversee the AML programme?
  • Are AML policies approved by the board or senior management?
  • Is there a clear reporting line from the Compliance Officer to senior management?

Area 2: Risk Assessment

  • Has a documented business risk assessment been conducted applying a risk-based approach?
  • Does it cover customer risk, product risk, geographic risk, and delivery channel risk — including exposure to known predicate offences?
  • Is the risk assessment reviewed and updated at least annually?
  • Are risk assessment findings reflected in your CDD and monitoring procedures?

Adil Zone’s compliance experts help DNFBPs develop and review risk assessments that meet regulatory expectations and reflect genuine business risks.

Area 3: Customer Due Diligence

  • Are CDD procedures documented and followed consistently?
  • Is beneficial ownership verified for all legal entity customers?
  • Is enhanced due diligence applied to high-risk customers, including PEP (Politically Exposed Person) screening?
  • Is adverse media screening conducted for higher-risk relationships?
  • Are CDD records complete, current, and accessible?

Area 4: Transaction Monitoring

  • Is there a system for monitoring transactions for unusual patterns — including structuring (smurfing), layering, and placement typologies?
  • Are monitoring parameters aligned with identified risk factors and sector-specific typologies?
  • Are alerts investigated and resolved in a timely manner?
  • Is the monitoring process documented?

First Compliance by Adil Zone provides AI-powered transaction monitoring with customisable alert parameters, automated case escalation, and comprehensive audit trails — designed specifically for DNFBP compliance needs.

Area 5: Reporting

  • Is the business registered with goAML?
  • Are STR/SAR filing procedures documented and understood by staff?
  • Have reports been filed when required?
  • Is there a process for ensuring timely filing through your designated Compliance Officer/MLRO?

Area 6: Sanctions and TFS Screening

  • Are customers screened against UN and UAE sanctions lists — including the UAE Local Terrorist List?
  • Is PEP (Politically Exposed Person) screening and adverse media screening integrated into your onboarding process?
  • Is screening conducted at onboarding and on an ongoing basis?
  • Are potential matches investigated and resolved with documented outcomes?

Area 7: Training

  • Do all relevant staff receive AML training covering sector-specific typologies?
  • Is training tailored to their specific roles?
  • Are training records maintained with dates and topics?
  • Is refresher training provided at least annually?

Area 8: Record Keeping

  • Are all CDD records retained for at least five years?
  • Are transaction records maintained as required?
  • Are records readily retrievable for regulatory inspection?

Scoring Your Self-Assessment

For each area, rate your compliance as:

  • Fully compliant: All requirements met with evidence
  • Partially compliant: Some gaps identified that need attention
  • Non-compliant: Significant gaps requiring immediate action

Document your findings and create an action plan with deadlines for addressing any gaps. Non-compliant areas must be prioritised — administrative fines of up to AED 5,000,000 per violation and criminal penalties for money laundering offences apply equally to DNFBPs.

Frequently Asked Questions

How often should DNFBPs conduct an AML self-assessment?

At least annually, or whenever there are significant regulatory changes, business changes, or following an audit finding.

Is a self-assessment the same as an independent audit?

No. A self-assessment is an internal review. An independent audit is conducted by an external party and is required separately by regulators.

What should I do if my self-assessment reveals gaps?

Document the gaps, prioritise them by risk, create an action plan with deadlines, and implement corrective measures promptly.

Can software help with self-assessment?

Yes. Platforms like First Compliance provide compliance dashboards and reporting that make it easy to identify gaps and track remediation.

What penalties apply to DNFBPs for AML non-compliance?

Administrative fines of up to AED 5,000,000 per violation. For money laundering offences, criminal penalties include imprisonment up to life and substantial fines. Tipping off a customer that an STR has been or may be filed is itself a criminal offence, carrying up to 2 years imprisonment or a fine of AED 500,000.

Related Reading

Strengthen Your DNFBP Compliance

First Compliance by Adil Zone gives DNFBPs a built-in compliance dashboard covering risk assessments, CDD workflows, PEP screening, adverse media screening, sanctions screening, STR filing, and training records — all in one affordable platform.

Adil Zone’s advisory team provides DNFBP compliance assessments, gap analysis, policy development, and ongoing compliance management tailored to your sector and supervisory authority.

Contact Adil Zone today — visit adilzone.com or reach out to our compliance team.

Related Posts

Scroll to Top