AML Risk-Based Approach for DNFBPs

Introduction

In today’s global regulatory environment, compliance with Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) laws is no longer optional—it is a legal and strategic necessity. For Designated Non-Financial Businesses and Professions (DNFBPs) in the UAE, implementing a Risk-Based Approach (RBA) is central to ensuring compliance with Federal Decree-Law No. 20 of 2018, Cabinet Decision No. 10 of 2019, and the guidance of the Ministry of Economy (MOE).

The RBA requires DNFBPs to assess the risks of money laundering and terrorist financing specific to their business and apply appropriate controls based on the identified risks. This approach not only meets regulatory expectations but also helps protect businesses from financial crime, reputational damage, and regulatory penalties.

________________________________________

What is a Risk-Based Approach?

The Risk-Based Approach is a methodology that requires businesses to:

1. Identify potential risks of money laundering and terrorist financing.

2. Assess the likelihood and impact of those risks.

3. Mitigate them through proportionate controls such as due diligence, monitoring, and reporting.

4. Monitor risks continuously and adjust controls as the business environment evolves.

In essence, higher risks require stronger controls, while lower risks may be managed with simplified measures.

________________________________________

Importance of the Risk-Based Approach for DNFBPs

For DNFBPs—including real estate agents, dealers in precious metals and stones, lawyers, accountants, and corporate service providers—the RBA is crucial because:

• Business models vary widely (e.g., gold trading vs. legal services), so risks are not the same for all DNFBPs.

• International compliance standards (FATF) require countries and businesses to apply risk-based AML measures.

• Regulators in the UAE expect DNFBPs to demonstrate a tailored compliance framework during inspections.

• Efficiency – it allows resources to be allocated where risks are highest, reducing unnecessary costs.

________________________________________

Key Elements of the AML Risk-Based Approach for DNFBPs

1. Risk Assessment

DNFBPs must conduct periodic Entity-Wide Risk Assessments (EWRAs) covering:

• Customer Risk: Politically Exposed Persons (PEPs), non-resident clients, or high-net-worth individuals.

• Geographic Risk: Clients from high-risk or sanctioned jurisdictions.

• Product/Service Risk: Complex financial products, high-value goods like gold and diamonds, or legal structures such as trusts.

• Delivery Channel Risk: Online, non-face-to-face transactions vs. in-person interactions.

2. Customer Due Diligence (CDD)

• Standard CDD: Applied to most clients after verifying identity and beneficial ownership.

• Enhanced Due Diligence (EDD): Applied to high-risk clients (e.g., PEPs, offshore structures, or large cash transactions).

• Simplified Due Diligence (SDD): For low-risk clients where allowed.

3. Transaction Monitoring

• Establish thresholds and red flags for monitoring.

• Apply stricter controls for high-risk transactions such as large cash dealings, trade in precious metals, or real estate purchases.

• Ensure suspicious transactions are escalated to the Money Laundering Reporting Officer (MLRO).

4. Suspicious Transaction Reporting (STRs)

• File STRs/SARs through the goAML platform.

• Ensure staff are trained to identify and escalate red flags promptly.

• Maintain confidentiality during reporting to avoid tipping-off.

5. Policies and Procedures

• Documented AML policies must embed the RBA.

• Procedures should clearly outline how risks are identified, assessed, and mitigated.

• Regular reviews ensure policies remain aligned with regulatory updates.

6. Training and Awareness

• All employees must be trained to understand the RBA and their role in mitigating risks.

• Specialized training for MLROs and compliance officers is essential.

• Maintain training logs and evidence for regulator inspections.

________________________________________

Best Practices for DNFBPs Implementing RBA

• Conduct Annual Risk Assessments and update them based on new threats or regulatory changes.

• Use risk scoring models to classify customers and transactions (e.g., low, medium, high).

• Leverage technology for transaction monitoring and automated red-flag detection.

• Document everything—risk assessments, decisions, training, and internal escalations must be properly recorded.

• Engage external advisors for independent reviews and gap assessments.

________________________________________

Challenges DNFBPs Face with RBA

• Lack of in-house compliance expertise.

• Difficulty in quantifying risks for unique client profiles.

• Over-reliance on manual monitoring instead of automated solutions.

• Misalignment between documented risk assessments and actual business practices.

________________________________________

Conclusion

For DNFBPs in the UAE, the Risk-Based Approach is not just a regulatory requirement—it is a practical framework for building a robust AML compliance program. By identifying, assessing, and mitigating risks proportionately, DNFBPs can protect themselves from regulatory penalties and reputational harm while contributing to the integrity of the UAE’s financial system.

________________________________________

About Us

Sheikh Anwar Accounting and Auditing LLC is a trusted auditing and compliance advisory firm in Dubai, UAE. We specialize in helping DNFBPs strengthen their AML compliance frameworks by providing:

• Entity-Wide Risk Assessment (EWRA) support.

• AML policy and procedure drafting.

• MLRO/Deputy MLRO outsourcing services.

• Customized AML training programs.

• Ongoing compliance monitoring and advisory.

📍 Office: Dubai Creek Tower, M 35, Dubai, UAE

🌐 Website: www.sa-auditors.com

📧 Email: info@sa-auditors.com