Differences in AML requirements under UAE Federal Law, DIFC and ADGM Rulebooks
UAE’s battle against money laundering and other financial crimes is becoming stronger daily.
Several robust federal and free zone regulations. Effective reporting of suspicious activities. Investigations. Prosecutions. Fines and penalties.
The country has committed to implementing strategies and policies to reduce financial crimes. It also supports global efforts of FATF and other bodies for combatting money laundering and terrorism financing.
Regarding this, the UAE has introduced regulations at a Federal AML regulation, and it’s implementing guidelines, laying down the measures regulated entities must take to combat money laundering and terrorism financing. Since Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM) are financial-free zones, they have different regulations for entities operating in these areas. But still, the basis of these regulations remains the two principal Federal AML regulations of the UAE:
- Federal Decree-Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations
- Cabinet Decision No. (10) of 2019 concerning the Implementing Regulation of Decree-Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations
DIFC and ADGM apply the federal law as it is. Additionally, they have implemented AML-specific rules and guidance for the entities established in their respective free zones. A few differences exist between the AML compliance requirements as applicable to units in DIFC and ADGM vis-à-vis units operating in mainland UAE.
Let’s have a look at each of the AML provisions and highlight the differences:
Regulatory authority
Federal AML Regulations
Various Supervisory Authorities have been identified to regulate mainland UAE entities’ AML/CFT compliance.
Units operating in Mainland UAE | Supervisory Authority |
Financial Institutions (including insurance companies) | Central Bank of UAE |
Lawyers & Legal Consultants | Ministry of Justice |
Virtual Asset Service Providers (VASPs) in Dubai | Virtual Assets Regulatory Authority of Dubai |
Capital Market & VASP (other than Dubai) | Securities & Commodities Authority |
Other Designated Non-Financial Businesses and Professions (DNFBPs) | Ministry of Economy |
DIFC
The Dubai Financial Services Authority (DFSA) regulates, controls, and administers AML requirements in DIFC.
ADGM
The Financial Services Regulatory Authority (FSRA) enforces the rules and requirements of AML and CFT in ADGM.
Definition of DNFBP
Federal UAE
The definition of DNFBP in UAE includes the following:
- Brokers and real estate agents in relation to the buying and selling of real estate property for the benefit of its customers
- Dealer in precious metals or stones
- A law firm, notary firm, or other independent legal professionals
- Independent Accountants and Auditors
- Trust or Company Service Provider
DIFC
In the case of DIFC, the definition changes a bit. Besides the above, it includes:
- A real estate developer
- Insolvency firm
- A person who issues or provides services related to Non-Fungible Tokens (NFTs) or Utility Tokens.
A Registered Auditor is not a DNFBP but is subject to AML Regulations in DIFC.
ADGM
In the case of ADGM, the definition of DNFBP includes a dealer trading any saleable item where the transaction amount equals or exceeds US$ 15,000 in cash through a single transaction or series of connected transactions. Further, it also includes taxation consulting firms explicitly.
Risk-based approach & AML Enterprise-Wide Risk Assessment
Entities must assess the several risks their business is exposed to. These risks may relate to the following:
- Nature of the business
- Products and services
- Customers the entities deal with
- Delivery-channels
- Transactions
Based on the risk levels, entities must implement measures to tackle those risks. Also, you must keep reviewing the risk assessment to update it with changes at regular intervals. You must also document the findings and results for future reference.
The provisions for a risk-based approach are standard in all three – Federal AML regulations, DIFC, and ADGM, except that the DIFC units are also required to consider the tax-crime risks.
Basis the overall AML risk assessment of its business, regulated entities must develop their AML controls, procedures, policies, and systems to mitigate or manage the AML risks.
Circumstances warranting performance of Customer Due Diligence
Entities must undertake customer due diligence:
- When it enters into a business relationship with the customer
- When it carries out an occasional transaction valuing more than a defined number with a customer
- When it suspects a customer or transaction of money laundering
- When it has doubts about the validity or adequacy of information or documents provided by the customer
There are minor differences in the circumstances when CDD is to be performed under three regulations.
Federal AML regulations
As per the UAE Federal AML Law, the threshold prescribed for conducting CDD in case of the occasional transaction is equal to or exceeding AED 55,000. This transaction can be a single transaction or several interlinked transactions.
DIFC
In the case of DIFC, there is no limit on the transaction amount with the customer to carry out CDD.
Further, the entities in DIFC can delay the identity verification of customers and their beneficial owners if:
- The AML risk is low
- Carrying out verification interrupts or delays the normal course of business
But verification must be completed within 30 business days of effecting the transaction.
ADGM
In the case of ADGM, the defined number is USD 15,000.
Also, entities can delay the identity verification of customers and their beneficial owners if:
- The AML risk is low
- Carrying out verification interrupts or delays the ordinary course of business
But the entities must complete this verification within 20 business days of effecting the transaction.
Money laundering reporting officer
DIFC and ADGM entities must appoint a Compliance Officer or Money Laundering Reporting Officer who is a resident of the UAE. No such residency-related specific condition is mentioned under the UAE Federal AML Law.
Record keeping
DIFC and ADGM entities must maintain the AML/CFT-related records for a minimum of six (6) years. At the same time, the minimum data retention period prescribed under the UAE Federal AML Law is five (5) years.
AML Annual Return
Units in DIFC and ADGM are required to furnish an AML Annual Return to the respective supervisory authorities.
The entities in DIFC must submit the AML Annual Return to the DFSA by the end of September every year. It covers the reporting year from August 1 of the previous year to July 31 of the reporting year.
While the ADGM units are required to furnish an AML Annual Return to FSRA by the end of April every year, covering the AML/CFT records and data about the previous year from January 1 to December 31.
AML UAE
This blog clarifies the differences between AML requirements under the Federal AML regulations, DFSA Rulebook and the ADGM AML Rulebook. Generally, the provisions of the Federal AML regulations apply, with specific clauses of the AML and Sanctions Rulebooks issued by the regulatory authorities of the financial free zones – DIFC and ADGM. If you still have doubts, AML UAE will always help you.
AML UAE is one of the leading AML consultancy service providers in the UAE. We ensure 100% AML compliance by our clients in the UAE by offering AML support related to the following:
- Conducting AML Enterprise-Wide Risk Assessment (EWRA)
- Customizing the AML/CFT policies, procedures, and controls
- Conducting AML training for the employees
- Managing the KYC and CDD of the customers
- Assistance in setting up an AML compliance department
- Conducting AML/CFT health check
- Managing regulatory reporting on the goAML portal and with the Supervisory Authority.
Make significant progress in your fight against financial crimes,
With the best consulting support from AML UAE.
Our recent blogs
side bar form
Share via :
About the Author
Pathik Shah
FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)
Pathik is a Chartered Accountant with more than 25 years of experience in compliance management, Anti-Money Laundering, tax consultancy, risk management, accounting, system audits, IT consultancy, and digital marketing.
He has extensive knowledge of local and international Anti-Money Laundering rules and regulations. He helps companies with end-to-end AML compliance services, from understanding the AML business-specific risk to implementing the robust AML Compliance framework.