Case Study: AML Risk Assessment in a Jewellery Company

Introduction

The jewellery sector is one of the most vulnerable industries to money laundering (ML) and terrorist financing (TF) due to its high-value, portable, and easily exchangeable products. In the UAE, where gold and diamond trading forms a significant part of the economy, regulators place strong emphasis on AML compliance within Designated Non-Financial Businesses and Professions (DNFBPs).

It explores how a jewellery trading company in Dubai conducted an AML Risk Assessment to identify, evaluate, and mitigate its exposure to financial crime risks — aligning with Federal Decree-Law No. 20 of 2018, Cabinet Decision No. 10 of 2019, and Cabinet Decision No. 109 of 2023 on AML/CFT regulations.

________________________________________

1. Company Background

Company Name (for illustration): Golden Spark Jewellers LLC

Business Activity: Retail and wholesale trade of gold jewellery and bullion.

Location: Dubai Multi Commodities Centre (DMCC).

Nature of Clients:

• Local walk-in customers (B2C).

• Corporate buyers from GCC and South Asia (B2B).

• Occasional exports of bullion to overseas distributors.

As a DNFBP, the company falls under the Ministry of Economy (MOE) supervision for AML compliance and is required to register on the goAML platform.

________________________________________

2. Objective of the Risk Assessment

The goal of the AML Risk Assessment was to:

• Identify inherent ML/TF risks in the business model.

• Evaluate the effectiveness of internal controls.

• Calculate residual risk across major risk categories.

• Recommend mitigation actions to strengthen compliance.

The assessment followed a Risk-Based Approach (RBA) aligned with FATF guidance and UAE National Risk Assessment (NRA) findings.

________________________________________

3. Methodology Adopted

The risk assessment was conducted in five structured phases:

Phase 1: Data Collection

• Review of client KYC records, sales invoices, and transaction logs (last 12 months).

• Analysis of payment methods (cash, bank transfer, credit card).

• Screening results against UN, OFAC, EU, and UAE local sanctions lists.

• Interviews with compliance officer and operations staff.

Phase 2: Risk Identification

Risk categories defined:

1. Customer Risk

2. Product/Service Risk

3. Geographic Risk

4. Delivery Channel Risk

5. Transaction Risk

Phase 3: Inherent Risk Scoring

Each category was rated on a scale of 1 (Low) to 5 (High) based on the likelihood and potential impact of ML/TF exposure.

Phase 4: Control Evaluation

Existing controls were reviewed for design and operational effectiveness, including:

• CDD and EDD procedures.

• Transaction monitoring and approval workflows.

• Staff training and awareness programs.

• Reporting and record-keeping mechanisms.

Phase 5: Residual Risk Calculation

Residual risk was computed using the formula:

Residual Risk = Inherent Risk × (1 – Control Effectiveness%)

A risk heat map was developed to visualize exposure levels.

________________________________________

4. Key Findings by Risk Category

A. Customer Risk – Medium to High

• The company deals with both retail and corporate clients, including foreign buyers.

• Around 15% of customers were non-residents, increasing jurisdictional exposure.

• Some corporate clients used third-party bank accounts for payments, which raises ML risk.

• No politically exposed persons (PEPs) were identified, but monitoring procedures were manual.

Mitigation:

• Introduce automated KYC and sanctions screening tools.

• Obtain source of funds for cash transactions above AED 55,000.

• Apply Enhanced Due Diligence (EDD) for high-risk customers.

________________________________________

B. Product/Service Risk – High

• The company trades in gold bullion and customized jewellery—products with high liquidity and anonymity.

• Bullion transactions are particularly prone to trade-based money laundering (TBML).

• Cash sales account for approximately 30% of total turnover.

Mitigation:

• Implement strict cash transaction thresholds and approval matrix.

• Report all qualifying transactions via DPMSR on the goAML portal.

• Introduce transaction monitoring triggers for sudden purchase spikes.

________________________________________

C. Geographic Risk – Medium

• Customers and suppliers are mainly from the UAE, India, Turkey, and Africa.

• Two counterparties from FATF greylisted countries were identified.

Mitigation:

• Apply EDD for all high-risk jurisdictions.

• Maintain updated FATF and MOE jurisdiction lists.

• Avoid dealings with sanctioned or high-risk territories (e.g., FATF blacklisted countries).

________________________________________

D. Delivery Channel Risk – Low to Medium

• Most transactions are conducted face-to-face, but some international deals occur through intermediaries or agents.

• Remote dealings increase the risk of identity fraud.

Mitigation:

• Require written authorization letters from corporate clients using agents.

• Collect verified ID and trade license copies of intermediaries.

• Avoid third-party payments without written justification.

________________________________________

E. Transaction Risk – High

• High-value purchases and frequent cash dealings increase exposure.

• Occasional bulk gold sales and re-exports to other free zones create TBML risks.

Mitigation:

• Monitor transactions exceeding defined thresholds.

• Conduct periodic reconciliation between sales, purchases, and stock movements.

• Automate alerts for unusual or split transactions.

________________________________________

5. Control Effectiveness Review

Control Area Current Status Effectiveness Remarks

CDD/EDD Procedures Partially implemented 70% Manual process

Sanctions Screening Periodic checks 60% Needs automation

Training Annual 80% Should be role-based

goAML Reporting Timely 90% Fully compliant

Record Keeping Digital archives 85% Satisfactory

________________________________________

6. Risk Heat Map Summary

Risk Category Inherent Risk (1–5) Control Effectiveness (%) Residual Risk Rating

Customer 4 70 1.2 Medium

Product/Service 5 60 2.0 High

Geography 3 80 0.6 Low

Delivery Channel 3 85 0.45 Low

Transaction 5 65 1.75 Medium-High

Overall Residual Risk Rating: Medium-High

This result prompted the company to enhance its AML framework with automation and more rigorous due diligence practices.

________________________________________

7. Recommended Improvements

1. Deploy automated AML software for CDD, screening, and transaction monitoring.

2. Update AML Policy to reflect new control measures and FATF updates.

3. Conduct semi-annual training for sales and compliance staff.

4. Perform independent AML audits annually.

5. Integrate goAML reporting logs into compliance dashboards.

6. Establish Board oversight of AML risk management.

________________________________________

8. Lessons Learned

• Risk assessment is not a one-time task — it should evolve with business operations.

• Cash transactions remain the highest vulnerability in the jewellery sector.

• Technology is a game-changer for real-time compliance monitoring.

• Regular training and governance are critical to maintaining AML culture.

________________________________________

Conclusion

This case study illustrates how a jewellery business in Dubai successfully implemented a structured AML Risk Assessment to comply with UAE laws and FATF standards.

By identifying key vulnerabilities, measuring control effectiveness, and adopting a Risk-Based Approach, the company not only enhanced its compliance posture but also built trust with regulators and financial institutions.

AML compliance in the jewellery sector requires continuous vigilance, technological integration, and management commitment to maintaining transparency in every transaction.

________________________________________

By Sheikh Anwar Accounting & Auditing LLC

AML & Compliance Experts for the Jewellery Industry in the UAE

📞 +971 4 876 9890 | ✉️ info@sa-auditors.com | 🌐 www.sa-auditors.com