Case Study: AML Audits Conducted in Free Zones

1. Introduction

Free zones play a vital role in the UAE’s economic diversification strategy, offering attractive incentives such as 100% foreign ownership, simplified incorporation procedures, and tax benefits. However, these same advantages can also attract money laundering and financial crime risks, particularly through shell structures, trade-based laundering, and opaque ownership networks.

In response, UAE regulators — particularly the Ministry of Economy (MoE) and free zone authorities — have increased the frequency and depth of Anti-Money Laundering (AML) audits and inspections. These audits aim to ensure that Designated Non-Financial Businesses and Professions (DNFBPs) operating in free zones comply with Federal Decree-Law No. 20 of 2018 and Cabinet Decision No. 10 of 2019.

________________________________________

2. Background: AML Oversight in Free Zones

Every free zone entity registered in the UAE is subject to AML supervision based on its activity type. The primary regulators include:

• Ministry of Economy (MoE) – Supervises DNFBPs such as gold traders, real estate brokers, auditors, lawyers, and CSPs.

• Dubai Multi Commodities Centre (DMCC), RAKEZ, SAIF Zone, JAFZA, IFZA, and others – Serve as licensing authorities responsible for on-site audits and compliance reviews.

• UAE Financial Intelligence Unit (FIU) – Receives STRs, DPMSRs, and RETRs through the goAML platform.

AML audits in free zones are part of the UAE’s risk-based supervision program, focusing on high-risk sectors such as gold trading, real estate, accounting, and corporate structuring.

________________________________________

3. Case Study: AML Audit in a Free Zone Jewellery and Consulting Group

In 2024, a multi-entity group operating from a UAE free zone underwent an AML compliance audit by the Ministry of Economy’s Inspection Department. The group included a precious metals trading company and a company service provider (CSP) under the same management.

Audit Objective

The audit aimed to assess compliance with:

• Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)

• Suspicious Transaction Reporting (STR) via the goAML system

• Beneficial Ownership (UBO) identification and register maintenance

• Record-keeping and risk assessment frameworks

• AML training and internal governance controls

________________________________________

4. Key Audit Findings

a. Incomplete Risk Assessment

The group did not maintain a documented Enterprise-Wide Risk Assessment (EWRA). Risk categorization for customers was inconsistent — several high-value clients from high-risk jurisdictions were incorrectly classified as “low risk.”

b. Weak UBO Verification

The auditors found discrepancies between the declared shareholders and actual beneficial owners. The company relied solely on client-declared information without independent verification.

c. Non-Filing of goAML Reports

Despite handling multiple cash transactions exceeding AED 55,000, no Designated Precious Metals and Stones Reports (DPMSRs) or Suspicious Transaction Reports (STRs) were filed.

d. Outdated AML Policy

The AML/CFT manual was generic and had not been updated since 2021. It lacked reference to Cabinet Decision No. 109 of 2023 and new MoE circulars.

e. Lack of Staff Training and Awareness

Only senior management had attended AML training. Frontline staff — who dealt with clients daily — were unaware of red flags or reporting obligations.

f. Poor Record Keeping

Some KYC forms were incomplete, missing proof of address or source of funds documentation. Certain files were stored in personal drives rather than a secured compliance repository.

________________________________________

5. Regulatory Actions Taken

Following the audit, the free zone authority and MoE issued a compliance order requiring the group to:

1. Submit a Corrective Action Plan (CAP) within 30 days.

2. Update its AML/CFT policies, incorporating risk-based methodologies.

3. Conduct mandatory AML training for all employees.

4. File historical DPMSR and STR reports for previously unreported transactions.

5. Engage an external compliance consultant for an independent AML audit.

A financial penalty of AED 200,000 was also imposed for failure to file goAML reports and maintain updated policies.

________________________________________

6. Lessons Learned

1. AML Compliance Is Not Just a Policy

Having a written AML policy is insufficient. Regulators expect evidence of implementation, such as risk assessments, monitoring reports, and staff training logs.

2. Risk Assessment Is the Foundation

The EWRA is a mandatory document. Businesses must regularly assess risks across customers, jurisdictions, products, and delivery channels.

3. UBO Verification Cannot Be Skipped

Entities must trace and verify the real beneficial owner, even when ownership passes through multiple jurisdictions.

4. Staff Training Builds Compliance Culture

Compliance begins at the operational level. Regular, role-specific AML training ensures staff can identify suspicious behavior and escalate issues promptly.

5. Audit Trails Are Vital

Every transaction, review, or decision must be documented. Proper record-keeping demonstrates diligence during regulatory inspections.

6. Free Zone Entities Are Fully Accountable

Being based in a free zone does not exempt a business from AML obligations. The MoE and free zone regulators have equal enforcement authority.

________________________________________

7. Best Practices for Free Zone Businesses

1. Develop and update AML policies in line with current UAE regulations.

2. Conduct an Enterprise-Wide Risk Assessment (EWRA) at least annually.

3. Appoint a qualified MLRO responsible for goAML reporting and compliance oversight.

4. Maintain accurate UBO registers and file updates within 15 days of any change.

5. Perform ongoing monitoring for all customers and transactions.

6. Keep training records and compliance logs available for inspection.

7. Engage external AML auditors annually to review internal controls.

8. File STRs, DPMSRs, and RETRs promptly through goAML.

________________________________________

8. Broader Impact

AML audits in free zones are integral to the UAE’s strategy to strengthen financial integrity and align with FATF’s international standards.

They enhance transparency, discourage illicit activity, and ensure that the UAE remains a trusted jurisdiction for legitimate global business.

Companies that view AML audits as an opportunity to improve governance — rather than a regulatory burden — often emerge stronger, more credible, and more resilient.

________________________________________

9. Conclusion

This case study reinforces that AML audits in UAE free zones are now comprehensive, data-driven, and strictly enforced.

Non-compliance — whether due to ignorance or neglect — can lead to significant financial penalties and reputational damage.

A proactive, well-documented, and continuously improving AML framework is the best defense against regulatory risk and the key to maintaining trust in the UAE’s dynamic business ecosystem.

________________________________________

10. About Sheikh Anwar Accounting & Auditing LLC

Sheikh Anwar Accounting & Auditing LLC offers specialized AML compliance, audit, and advisory services across UAE free zones and mainland jurisdictions.

Our services include:

• AML Policy & Framework Development

• goAML Registration & Reporting Support

• MLRO Outsourcing & Advisory

• AML Health Checks & Compliance Audits

• Enterprise-Wide Risk Assessment (EWRA) Assistance

• Staff Training & Certification

📞 Phone: +971 4 876 9890

📧 Email: info@sa-auditors.com

🌐 Website: www.sa-auditors.com

🏢 Office: Sheikh Anwar Accounting & Auditing LLC, Dubai Creek Tower, Office M-35, Dubai, United Arab Emirates