AML in ADGM Companies – FSRA Expectations

Introduction

The Abu Dhabi Global Market (ADGM) is one of the most advanced financial free zones in the world, operating under English common law. To protect its financial system and maintain global credibility, ADGM’s regulator — the Financial Services Regulatory Authority (FSRA) — enforces strong Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) requirements.

All ADGM-registered entities, whether financial or non-financial, must comply with FSRA AML expectations alongside UAE Federal AML laws.

It explains the mandatory AML obligations, FSRA expectations, documentation requirements, risk elements, and penalties for ADGM companies.

________________________________________

1. AML Regulatory Framework in ADGM

ADGM companies must comply with:

Federal UAE AML Laws

• Federal Decree-Law No. 20 of 2018 (AML/CFT)

• Cabinet Decision No. 10 of 2019 (Implementing Regulation)

• FIU (goAML) Reporting Requirements

ADGM / FSRA Requirements

• FSRA AML Rulebook

• FSRA Guidance on AML/CFT & Sanctions

• ADGM Companies Regulations 2020

• ADGM Sanctions Rules

These collectively form one of the highest AML standards in the region.

________________________________________

2. Who Must Comply in ADGM?

AML obligations apply to all ADGM entities, including:

Financial Institutions (FSRA-Regulated)

• Banks

• Brokerage firms

• Crypto-asset service providers (VASP)

• Fund managers

• Asset/wealth managers

• Insurance & captive entities

Non-Financial Institutions (DNFBPs)

• Law firms

• Accounting & audit firms

• Company service providers

• Real estate brokers

• Dealers in precious metals & stones

Other ADGM Companies

Even holding companies, SPVs, foundations, and family offices must maintain basic AML controls.

________________________________________

3. Core FSRA AML Expectations for ADGM Companies

3.1 Appointment of AML Roles (Mandatory)

Each entity must appoint:

• Money Laundering Reporting Officer (MLRO)

Senior, competent, resident in UAE, with decision-making authority.

• Deputy MLRO (Recommended)

To ensure continuity.

MLRO duties:

• Handle internal SAR/STR escalations

• File reports with the UAE FIU via goAML

• Approve high-risk clients

• Conduct annual AML review

• Ensure staff training

• Maintain AML policies

________________________________________

3.2 Customer Due Diligence (CDD)

Standard CDD

• Identify & verify customer identity

• Identify UBOs (Ultimate Beneficial Owners)

• Understand nature and purpose of relationship

• Verify control and ownership structure

• Conduct sanctions & PEP screening

Enhanced Due Diligence (EDD)

Required for:

• PEPs

• High-risk countries

• Crypto-asset transactions

• High-value cash flows

• Unusual or complex structures

• Correspondent banking

• High-risk sectors (precious metals, art, trusts)

EDD steps include:

• Source of funds / source of wealth

• Senior management approval

• More frequent due diligence

• Transaction pattern analysis

________________________________________

3.3 Ongoing Monitoring (Continuous)

FSRA requires:

• Real-time screening

• Ongoing KYC updates

• Transaction behaviour monitoring

• Periodic review of client risk scores

• Automated tools for medium/large companies

Monitoring must be risk-based.

________________________________________

3.4 Record Keeping (Minimum 6 Years)

ADGM entities must maintain:

• KYC documents

• Risk assessments

• CDD/EDD files

• STR/SAR filings

• Policies and procedures

• Audit and training records

Retention: 6 years after the end of the business relationship.

________________________________________

3.5 Suspicious Activity Reporting (STR/SAR)

Required when:

• Transaction has no clear economic purpose

• Activity contradicts customer profile

• Client refuses to provide documentation

• Funds involve high-risk jurisdictions

Steps:

1. Internal reporting to MLRO

2. MLRO investigation

3. Filing SAR/STR to UAE FIU via goAML

4. Documenting the case file

5. Keeping strict confidentiality

FSRA enforces a zero-tolerance for tipping-off.

________________________________________

3.6 FSRA Requires Enterprise-Wide Risk Assessment (EWRA)

All ADGM companies (especially FSRA-regulated) must prepare an annual EWRA, covering:

• Customer risk

• Geographic risk

• Product/service risk

• Delivery channel risk

• Transaction/behavioural risk

This document is reviewed during FSRA inspections.

________________________________________

3.7 AML Policies & Procedures (Mandatory Documentation)

Every ADGM company must maintain updated:

• AML/CFT Compliance Manual

• CDD/EDD Policies

• Risk Assessment Framework

• PEP & Sanctions Handling Procedures

• Escalation and Reporting Procedures

• Training Policy & Annual Plan

• Record Retention Policy

FSRA expects these documents to be tailored—not generic templates.

________________________________________

4. Sanctions Compliance (Very Strict Requirement)

ADGM companies must comply with:

• UAE Local Terrorist List

• UN Security Council sanctions

• FSRA Sanctions Rules (mandatory screening)

Must perform:

• Batch and real-time screening

• Instant freezing of sanctioned funds

• Reporting to Executive Office within 24 hours

Non-compliance leads to heavy penalties.

________________________________________

5. FSRA Supervision and Inspections

FSRA conducts:

• Risk-based supervision

• Desk-based reviews

• On-site inspections

• Thematic reviews (e.g., crypto AML, sanctions compliance)

• Follow-up remediation assessments

Common findings include:

• Weak UBO verification

• Insufficient EDD

• Incomplete AML training logs

• Missing EWRA

• Lack of automated transaction monitoring (crypto firms)

• Weak sanctions screening controls

________________________________________

6. Penalties for Non-Compliance in ADGM

FSRA imposes some of the highest fines in the UAE.

Possible penalties:

• Fines up to USD 1 million

• Director/MLRO disqualification

• Freezing of funds

• Restriction or cancellation of licence

• Mandatory remediation plan

• Reputational damage

• Criminal penalties (under Federal Law)

Crypto-related AML breaches attract severe action.

________________________________________

7. AML for Crypto-Asset Service Providers (VASP)

ADGM is a global leader in regulating crypto businesses.

FSRA expectations include:

• Full blockchain analytics

• Wallet risk scoring

• Source of funds verification for crypto deposits

• Suspicious transaction monitoring (KYT)

• Higher EDD for private wallets

• Travel Rule compliance

These businesses are treated as high-risk, requiring enhanced systems.

________________________________________

8. AML for Non-Financial ADGM Companies (DNFBPs)

DNFBPs must:

• Register on goAML

• Conduct KYC on clients

• Maintain sanctions screening

• File STR/SAR

• Maintain AML training

• Submit annual compliance returns (if required)

Sectors like real estate, company formation, and legal services carry high ML/TF risks.

________________________________________

9. How We Help ADGM Companies Stay Fully Compliant

Sheikh Anwar Accounting & Auditing LLC provides full AML solutions for ADGM clients:

✔ MLRO Outsourcing

✔ ADGM-Compliant AML Policy & Procedures

✔ CDD/EDD Framework Setup

✔ Enterprise-Wide AML Risk Assessment (EWRA)

✔ Annual AML Internal Audit

✔ Sanctions Screening Setup

✔ goAML Registration & Reporting Support

✔ Staff AML Training & Certification (Sheikh Anwar Academy)

✔ Crypto-AML Advisory for VASPs

We ensure full alignment with FSRA expectations, UAE Federal AML laws, and FATF standards.

________________________________________

10. Contact Us

Sheikh Anwar Accounting & Auditing LLC

ADGM & DIFC AML Compliance Specialists | Approved Auditors | AML Training Academy

📍 Address:

Dubai Creek Tower, M 35, Dubai, UAE

📞 Mobile: +971 52 555 6740

📞 Office: +971 4 123 4567 (optional placeholder—change if needed)

📧 Email:

info@sa-auditors.com

sheikhanwarca@gmail.com

🌐 Website:

www.sa-auditors.com