Frequently Asked Questions

Designated Non-Financial Businesses & Professions

Questions & Answers

1. What is a DNFBP?
   DNFBP stands for Designated Non-Financial Businesses and Professions, which include real estate agents, dealers in precious metals and stones, auditors, accountants, and law firms. These businesses are considered vulnerable to money laundering and are required to implement Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) measures​

2. Why do DNFBPs need to comply with AML/CFT regulations?
   DNFBPs must comply with AML/CFT regulations to prevent their services from being exploited by criminals for money laundering or terrorism financing. Compliance protects the business's reputation, reduces legal risks, and ensures adherence to Federal Decree-Law No. 20 of 2018 in the UAE​.

3. What does AML/CFT stand for?
   AML stands for Anti-Money Laundering, and CFT stands for Countering the Financing of Terrorism. These are measures aimed at preventing the use of financial systems for criminal activities​.

4. Which AML/CFT laws apply to DNFBPs in the UAE?
   DNFBPs in the UAE must comply with Federal Decree-Law No. 20 of 2018 on AML/CFT and related regulations, such as Cabinet Decision No. (10) of 2019, Cabinet Decision No. (74) of 2020, and Cabinet Decision No. (16) of 2021. These laws provide guidelines for identifying, reporting, and mitigating money laundering risks along with violation penalties for non compliance with the same​.

5. What are DNFBPs required to do under AML/CFT regulations?
   DNFBPs must implement Customer Due Diligence (CDD), report suspicious transactions, maintain detailed records, and develop internal AML/CFT policies. They are also required to train their staff on AML/CFT requirements​.

6. What is Customer Due Diligence (CDD)?
   Customer Due Diligence is the process of identifying and verifying a customer's identity and assessing the risks of money laundering or terrorism financing they might pose. CDD measures must be applied when establishing a business relationship or conducting a high-value transaction.

7. When is CDD required?
   DNFBPs must apply CDD when:

   • Establishing a new business relationship.

   • Carrying out occasional transactions of AED 55,000 or more.

   • Suspecting money laundering or terrorism financing.

   • Doubting the veracity of previously obtained customer data​.

8. What documents are required for CDD?
   CDD requires verifying the customer's identity using official documents such as a passport, Emirates ID, or business license. In the case of legal entities, additional documents like ownership structure and Ultimate Beneficial Owner (UBO) details must be obtained.

9. What is an Ultimate Beneficial Owner (UBO)?
   The Ultimate Beneficial Owner (UBO) is the natural person who ultimately owns or controls a customer or legal entity. Identifying the UBO is crucial for preventing money laundering by ensuring that the true owner is known.

10. What happens if a customer refuses to provide CDD information?
    If a customer refuses to provide CDD information, the DNFBP must refuse to establish the business relationship or terminate any ongoing transaction. Additionally, a Suspicious Transaction Report (STR) must be filed with the FIU​.

11. What is a Suspicious Transaction Report (STR)?
    An STR is a report filed with the Financial Intelligence Unit (FIU) when a DNFBP suspects that a transaction may be linked to money laundering or terrorism financing. Filing STRs is a key requirement for DNFBPs under AML/CFT regulations​.

12. When should an STR be filed?
    DNFBPs must file an STR if they identify suspicious activity, such as unusual or complex transactions that have no clear legal purpose, or if a customer refuses to provide necessary information during CDD.

13. What is Enhanced Due Diligence (EDD)?
    EDD involves applying stricter checks and investigations for higher-risk customers, such as Politically Exposed Persons (PEPs) or those from high-risk countries. It may involve obtaining additional information on the source of funds and monitoring transactions more closely​.

14. What are Politically Exposed Persons (PEPs)?
    PEPs are individuals who hold or have held prominent public positions, such as government officials, judges, or military leaders. DNFBPs must apply EDD when dealing with PEPs due to the higher risk of corruption or money laundering.

15. What are the penalties for DNFBPs not complying with AML/CFT regulations?
    Penalties for non-compliance can include fines ranging from AED 50,000 to AED 5,000,000, suspension of business activities, and even criminal prosecution for serious violations​.

16. How long must DNFBPs retain records under AML/CFT regulations?
    DNFBPs must retain records of customer identification, transactions, and STR filings for at least five years from the date of the transaction or the end of the business relationship​.

17. What should DNFBPs do if they cannot verify the identity of a customer?
    If the identity of a customer cannot be verified, the DNFBP must not proceed with the transaction and should consider filing an STR with the FIU​.

18. What are high-risk countries in the context of AML/CFT?
    High-risk countries are those identified by international organizations, such as the Financial Action Task Force (FATF), as having weak AML/CFT controls. DNFBPs must apply Enhanced Due Diligence (EDD) when dealing with customers from these countries.

19. What internal policies should DNFBPs implement for AML/CFT compliance?
    DNFBPs must have written AML/CFT policies and procedures that cover risk assessment, CDD, record-keeping, reporting obligations, and staff training. These policies must be regularly reviewed and updated.

20. Are DNFBPs required to appoint a compliance officer?
    Yes, DNFBPs are required to appoint a compliance officer who is responsible for ensuring that the business complies with AML/CFT regulations. The compliance officer must report directly to senior management and have sufficient authority to enforce compliance measures​.

21. How are DNFBPs monitored for compliance with AML/CFT regulations?
    DNFBPs are subject to regular inspections and audits by regulatory authorities, such as the Ministry of Economy and the UAE Central Bank. These inspections evaluate the effectiveness of the DNFBP’s AML/CFT measures, policies, and record-keeping​.

22. How does a DNFBP report cash transactions under AML regulations?
    DNFBPs must report any cash transactions of AED 55,000 or more to the FIU. These reports must include details of the transaction, the parties involved, and any other relevant information​.

23. What are the key indicators of suspicious activity in DNFBP transactions?
    Some key indicators include:

    • Unexplained large transactions with no clear economic purpose.

    • Customers avoiding face-to-face interactions.

    • Frequent transactions involving high-risk jurisdictions.

    • Transactions structured to avoid reporting thresholds.

24. What are the responsibilities of DNFBPs when dealing with cross-border transactions?
    DNFBPs must ensure that cross-border transactions comply with UAE’s AML/CFT regulations and must perform Enhanced Due Diligence on foreign customers, particularly if they are from high-risk countries or involved in cross-border asset transfers​.

25. Can a DNFBP rely on third-party service providers for CDD?
    Yes, DNFBPs can rely on third-party providers, such as financial institutions, for Customer Due Diligence, but they remain responsible for ensuring that the third party complies with the AML/CFT regulations. A written agreement must be in place to clarify responsibilities.

26. What should DNFBPs do if they identify a match with a sanctions list?
    If a DNFBP identifies a customer or transaction that matches individuals or entities on sanctions lists, they must immediately freeze the assets and report the match to the Executive Office for Control and Non-Proliferation and the Financial Intelligence Unit (FIU). No transactions should proceed until further guidance from the authorities​.

27. What is the role of the FIU in relation to DNFBPs?
    The Financial Intelligence Unit (FIU) is responsible for receiving, analyzing, and investigating Suspicious Transaction Reports (STRs) submitted by DNFBPs. The FIU acts as the central authority for reporting and coordinating with law enforcement agencies when potential money laundering or terrorism financing activities are detected​.

28. What is the significance of risk-based assessments for DNFBPs?
    DNFBPs must implement a risk-based approach to AML/CFT compliance, meaning they assess the risks posed by customers, transactions, and geographic locations. Higher-risk areas may require Enhanced Due Diligence (EDD), while lower-risk situations may involve simpler due diligence measures​.

29. How can DNFBPs assess the risk of money laundering in their business operations?
    DNFBPs should assess money laundering risks by evaluating factors such as the nature of their business, the types of clients they serve, the jurisdictions in which they operate, and the products or services they offer. A Risk Assessment Matrix can help categorize customers and transactions based on their risk levels, facilitating the application of appropriate CDD or EDD.

30. What happens if a DNFBP fails to report a suspicious transaction in a timely manner?
    Failure to report suspicious transactions in a timely manner can result in significant penalties, including fines, suspension of operations, and even criminal liability for the DNFBP and its senior management. The delay could also expose the business to further scrutiny by regulators​.

31. What should a DNFBP do if it finds incomplete or suspicious customer information during onboarding?
    If customer information is found to be incomplete or suspicious during onboarding, the DNFBP must conduct further investigation. If doubts remain or the customer refuses to provide the necessary details, the DNFBP should consider filing an STR with the FIU and declining to proceed with the business relationship​.

32. How do DNFBPs monitor ongoing business relationships for suspicious activity?
    DNFBPs must conduct ongoing monitoring of their business relationships by regularly reviewing customer transactions and behaviors to detect any unusual or suspicious activity. High-risk clients should be subjected to more frequent reviews, and any red flags should trigger further investigation and, if needed, reporting to the FIU.

33. What is the process for identifying beneficial ownership in complex corporate structures?
    DNFBPs are required to trace through layers of ownership in complex corporate structures to identify the Ultimate Beneficial Owner (UBO). This may involve obtaining ownership charts, reviewing corporate documents, and verifying the identities of individuals who control 25% or more of the company’s shares or voting rights.

34. How does Enhanced Due Diligence (EDD) differ from standard CDD?
    EDD involves more in-depth checks than Customer Due Diligence (CDD). While CDD focuses on verifying the identity of the customer and understanding the purpose of the relationship, EDD goes further by investigating the source of funds, the nature of the business, and conducting regular transaction monitoring for high-risk customers or transactions​.

35. Are DNFBPs required to submit regular reports to regulatory authorities?
    Yes, DNFBPs are required to submit periodic compliance reports to the relevant regulatory authorities, such as the Ministry of Economy. These reports may include information on high-risk clients, STRs filed, and updates on the DNFBP's internal compliance policies.

36. What are the obligations of DNFBPs regarding politically exposed persons (PEPs)?
    When dealing with PEPs, DNFBPs are required to apply Enhanced Due Diligence (EDD), which involves verifying the source of wealth and funds, conducting ongoing monitoring of transactions, and ensuring that the business relationship does not pose significant money laundering risks. Any suspicious activity must be reported immediately​.

37. What is meant by correspondent relationships in the context of DNFBPs?
    Correspondent relationships refer to business relationships between financial institutions where one institution provides services on behalf of another. DNFBPs engaging in such relationships must ensure that both parties adhere to strict AML/CFT guidelines and avoid dealing with shell banks or institutions in high-risk jurisdictions​.

38. What training should DNFBPs provide to staff regarding AML/CFT compliance?
    DNFBPs must provide regular AML/CFT training to all employees, especially those involved in customer onboarding and transaction processing. Training should cover identifying suspicious transactions, the proper use of CDD and EDD, how to file STRs, and understanding sanctions regulations. Training should be updated frequently to reflect changes in laws and regulations​.

39. What are the responsibilities of DNFBPs when dealing with third-party service providers?
    DNFBPs remain responsible for ensuring that any third-party service providers they work with (e.g., consultants, intermediaries) comply with AML/CFT regulations. A DNFBP must conduct due diligence on the third party and ensure that the service provider has effective AML/CFT measures in place. Written agreements outlining the responsibilities of both parties are required​.

40. How does the UAE’s AML/CFT framework regulate virtual assets (cryptocurrencies) for DNFBPs?
    DNFBPs dealing with virtual assets must apply Enhanced Due Diligence (EDD), as these assets pose higher money laundering risks due to their anonymity. Transactions involving virtual assets must be closely monitored, and DNFBPs are required to verify the source of funds, especially when dealing with Virtual Asset Service Providers (VASPs). Any suspicious activity related to virtual assets must be reported to the FIU​.

41. What should DNFBPs do if they receive funds from a high-risk country?
    If a DNFBP receives funds from a high-risk country, they must conduct Enhanced Due Diligence (EDD), investigating the source of the funds and the purpose of the transaction. Additionally, DNFBPs must check whether the country is subject to sanctions or FATF warnings. If any red flags arise, an STR should be filed​.

42. What are the penalties for failing to implement sufficient AML/CFT internal controls?
    DNFBPs that fail to implement adequate AML/CFT internal controls, such as CDD and transaction monitoring systems, face penalties that may include fines, revocation of licenses, and criminal prosecution for individuals in senior management roles. Fines can range from AED 50,000 to AED 5,000,000, depending on the severity of the non-compliance​.

43. How can DNFBPs ensure compliance with sanctions regulations?
    DNFBPs must check all clients and transactions against relevant sanctions lists, such as those issued by the UN or UAE government. If a match is found, the DNFBP must freeze the assets immediately and report the match to the FIU. Regular updates to sanctions screening systems are necessary to avoid dealing with sanctioned entities​.

44. What role do auditors play in ensuring DNFBPs’ compliance with AML/CFT regulations?
    Auditors are essential for assessing the effectiveness of a DNFBP’s AML/CFT controls. They review policies, procedures, and compliance records to ensure adherence to laws and regulations. Auditors also identify areas where the DNFBP can improve its compliance framework, and their findings are used by regulators to evaluate the business’s risk​.

45. What is trade-based money laundering (TBML), and how do DNFBPs mitigate its risks?
    Trade-Based Money Laundering (TBML) is the process of disguising illegal funds through trade transactions, often by manipulating invoices or shipping documents. DNFBPs involved in international trade must scrutinize invoices, shipment details, and financial documents for discrepancies and report any suspicious activity. Enhanced monitoring of high-value or unusual trade transactions is also essential for mitigating TBML risks.

46. What should DNFBPs do if they identify unusual transaction patterns in customer behavior?
    If a DNFBP notices unusual transaction patterns, such as frequent large transactions with no clear purpose or complex structures designed to obscure the source of funds, they must investigate the customer’s activity further. If the suspicion remains, the DNFBP must file an STR with the FIU.