AML Compliance Requirements for Law Firms in UAE
With the increase in financial crimes, the introduction and implementation of anti-money laundering and combating the financing of terrorism (AML/CFT) regulations is increasing. In the UAE, lawyers and independent legal firms are covered under the purview of AML regulations. As the vulnerability of the lawyers, notaries, and legal service providers to financial crime, law firms, and legal professionals have been put under AML regulatory regime to identify and prevent money laundering and terrorism financing.
This article lets us navigate AML requirements for law firms operating in or from the UAE.
What AML regulations apply to Law Firms in the UAE?
The primary legislation governing AML compliance is the Federal Decree-Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations and its implementing guidelines under Cabinet Decision No. 10 of 2019. The federal AML regulations identify the regulated entities and establish a comprehensive framework for such entities to be followed to identify, report, and mitigate the money laundering and terrorist financing risks.
One of the regulated entities defined under the UAE AML regulations as Designated Non-Financial Businesses and Professions (DNFBPs) include:
Lawyers, notaries, and other independent legal professionals, when preparing, conducting, or executing financial transactions in relation to the following activities on behalf of the customers:
- Purchase and sale of real estate
- Management of customer’s funds
- Managing customer’s bank accounts, saving, or securities accounts
- Organizing contributions for the establishment, operation, or management of the company
- Creating, operating, or managing legal persons
- Selling and buying commercial entities
For the law firms licensed in UAE, other than Abu Dhabi Global Market (ADGM) and Dubai International Financial Centre (DIFC), the Ministry of Justice is the AML supervisory authority.
With reference to the Federal AML regulations, the Ministry of Justice (MoJ) has also issued Ministerial Decision No. (533) of 2019 on Anti-Money Laundering and Combating Terrorism Financing related to Lawyers, Notaries, and Legal Independent Professionals and a detailed guide to help the law firms effectively implement the AML/CFT measures and prevent financial crimes.
Accordingly, law firms must comply with Federal AML legislation and the decision and guide issued by the Ministry of Justice.
What are the AML Compliance requirements of a Law Firm in UAE?
As a regulated entity, law firms and legal professionals are responsible for identifying and reporting ML/FT-related suspicious transactions to the Financial Intelligence Unit. In this context, law firms must comply with Federal AML legislations and the decision and guide issued by the Ministry of Justice.
The following are the AML compliance obligations for a law firm in UAE:
goAML Registration
Every law firm in UAE must be registered with the Financial Intelligence Unit’s (FIU) goAML Portal.
Appointing an AML Compliance Officer
To ensure the effective implementation of the AML Compliance program, law firms must appoint a competent AML Compliance Officer. The appointment of the compliance officer must be approved by the supervisory authority, which is sought during the pre-registration stage of the goAML registration.
Conducting Enterprise-Wide Risk Assessment
The law firms must assess the overall money laundering and financing of terrorism (ML/FT) risk their firm is exposed to. The AML Enterprise-Wide Risk Assessment must be conducted based on the nature of the customers, associated geographies, nature of services offered, volume and complexities of the transactions, etc.
Establishing AML/CFT Policies, Procedures, and Controls
Based on the overall business risk assessment outcome, law firms and legal professionals must design and implement internal AML/CFT policies, procedures, and controls to manage ML/FT risks.
The internal AML/CFT framework must be aligned with applicable AML regulations and the nature and size of the business.
Client Due Diligence Measures
One of the key AML requirements for law firms in the UAE is to identify the customers and the beneficial owners and verify their identity.
The companies must adopt “Know Your Customer” (KYC) procedures to identify the customer, their activities, the purpose of the business relationship, etc.
The law firms must also conduct screening to determine whether any of the customers, their beneficial owners, or the senior management is mentioned on the Sanctions Lists. Screening must be conducted to identify the customer’s status as a Politically Exposed Person (PEP) or a relative or close associate of the PEP.
Adverse media checks must also be conducted to see whether the customer has been linked or alleged to any financial crime-related matters in the past.
Based on the customer identification details and screening results, law firms and legal professionals must identify each customer’s risk to the business and classify the customers as high, medium, or low based on the assessed ML/FT risks.
In cases where the customers are identified as high-risk, the law firms in UAE must seek additional information and adopt enhanced due diligence measures. The lawyers must take necessary actions to understand the customer’s source of wealth and funds and determine its legitimacy.
Ongoing Monitoring of transactions and business relationships
Law firms are required to maintain customer information up-to-date. The CDD information must be closely monitored to ensure that the legal professionals have complete and accurate data about their customers and beneficial owners and that any changes therein are promptly identified.
Further, ongoing monitoring of the transactions is also very important to identify any unusual or suspicious customer activities related to money laundering and terrorist financing. For high-risk customers, enhanced and more stringent monitoring measures must be applied.
Compliance with Targeted Financial Sanctions
Law firms are required to implement the Targeted Financial Sanctions (TFS) measures. Accordingly, the law firms must subscribe to the Executive Officer for Control and Non-Proliferation (EOCN) Notification System to receive regular updates about changes in the sanctions lists – United Nations Consolidated List and the UAE Local Terrorist List.
All the customers, beneficial owners, and the customer’s senior management must be screened against these sanctions list. If any confirmed match is found, the law firms must immediately terminate the business relationship (existing customer) or reject the customer (prospect customer) and submit Fund Freeze Report (FFR) on the FIU’s goAML portal. In case of a partial name match where the law firm cannot conclude the match type, the business relationship must be suspended, and a report must immediately be filed on the goAML Portal – Partial Name Match Report (PNMR).
Identifying and reporting suspicious activities or transactions
Law firms must establish adequate procedures and controls to identify any potential ML/FT risk indicator and report suspicious activities to the FIU. The suspicions related to ML/FT must be reported to the FIU by filing the Suspicious Activity Report or Suspicious Transaction Report (STR), as the case may be.
The list of red flags and the internal procedures to be followed for reporting must be well documented as part of the AML/CFT framework.
AML Training
AML training for the staff is one of the critical compliance obligations for law firms. Regular training must be provided to the staff and senior management to create awareness about AML compliance obligations and their roles and responsibilities.
AML Governance
To ensure a robust AML Compliance culture, the senior management must support and contribute towards the law firm’s AML/CFT efforts.
The Compliance Officer must furnish a periodic AML report to the senior management, updating them on the firm’s AML measures, the requirement for any additional AML resources, any AML non-compliance identified, and the action taken by the compliance officer, along with routine AML matters. Senior management must review and provide feedback to the Compliance Officer.
The law firms must implement an independent AML Audit function to periodically test the quality and adequacy of the AML/CFT measures to identify and mitigate the financial crime risks effectively.
Filing Real Estate Activity Report (REAR)
The lawyers and the legal professionals are required to file a Real Estate Activity Report (REAR) with the goAML portal to report the transaction pertaining to the buy/sale of Freehold Real Estate, which involves cash (equals to or exceeding AED 55,000) or virtual assets or funds converted from virtual assets.
AML Record Keeping
All AML-related records and documents, including CDD files and transactions with customers, must be maintained by law firms for at least five (5) years.
How can AML UAE assist Law Firms in UAE to stay AML Complaint?
AML compliance is critical for law firms operating in the UAE to safeguard their practice from being exploited by financial criminals and avoid non-compliance penalties.
To understand the AML regulatory landscape and effectively meet the compliance obligations, reach out to AML experts – like AML UAE, your partner in making AML journey a smooth experience.
AML UAE is a leading AML consultancy service provider in UAE, assisting DNFBPs, including law firms, to identify overall ML/FT risks and implement best AML practices to prevent money laundering and terrorism financing crimes.
Make significant progress in your fight against financial crimes,
With the best consulting support from AML UAE.
Our recent blogs
side bar form
Share via :
About the Author
Jyoti Maheshwari
CAMS, ACA
Jyoti has over 7 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.