DFSA AML Rulebook DIFC
United Arab Emirates
2019
Payments
AML/CFT
Overview
Key Obligations
- Adopt a risk-based AML/CFT program proportionate to business size and activities
- Conduct Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) for high-risk clients/PEPs
- Identify and verify beneficial ownership
- Report Suspicious Transaction Reports (STRs) to the UAE FIU via goAML
- Maintain records of transactions and CDD data for at least 5 years
- Appoint a Money Laundering Reporting Officer (MLRO)
- Conduct regular staff training and independent audits of AML controls
- Screen clients and transactions against sanctions lists
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
Transaction Monitoring
Monitor transactions in real-time and analyse past behaviour to identify suspicious activities and ensure regulatory compliance across the user journey.
AML Screening
Screen users against Politically Exposed Persons (PEP), watchlists, sanctions lists, adverse media, and more through one-time screening and advanced monitoring.
MENA API Marketplace
A comprehensive API marketplace for the Middle East and North Africa, offering localized verification and compliance solutions.
Related Regulations
FAQ
Who enforces AML in DIFC?
The Dubai Financial Services Authority (DFSA).
Does it apply to non-financial businesses?
Yes. DNFBPs licensed in DIFC such as law firms, accountants, and corporate service providers must comply.
Are STRs mandatory?
Yes. All regulated entities must file suspicious activity/transaction reports via goAML.
What penalties exist for non-compliance?
Regulatory sanctions, heavy fines, license restrictions, or criminal liability.