FATF’s Risk-Based Approach and UAE Compliance

Introduction

Combating financial crimes such as money laundering and terrorist financing requires more than strict regulations—it requires smart risk management. To address this challenge, the Financial Action Task Force (FATF) introduced the Risk-Based Approach (RBA) as a core principle in its global Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) framework.

The Risk-Based Approach allows countries, regulators, and businesses to identify, assess, and mitigate financial crime risks proportionately. The United Arab Emirates (UAE) has adopted this approach across its financial and non-financial sectors to strengthen its compliance framework and align with international standards.

________________________________________

Understanding FATF’s Risk-Based Approach

The Risk-Based Approach (RBA) is one of the most important concepts introduced by the Financial Action Task Force.

Instead of applying identical compliance measures to all customers and transactions, the RBA requires businesses to:

• Identify potential money laundering and terrorist financing risks

• Assess the level of risk associated with customers, transactions, and jurisdictions

• Apply enhanced controls for high-risk areas

• Apply simplified controls for lower-risk activities

This approach ensures that compliance efforts are focused where the risks are highest.

________________________________________

Key Elements of the Risk-Based Approach

The Risk-Based Approach typically involves three major stages:

1. Risk Identification

Businesses must identify potential sources of financial crime risks within their operations.

This may include risks related to:

• customers

• countries or jurisdictions

• products and services

• transaction patterns

For example, cross-border cash transactions or dealings with high-risk jurisdictions may present higher risks.

________________________________________

2. Risk Assessment

After identifying potential risks, businesses must assess and categorize them based on their level of severity.

Risk levels generally fall into three categories:

• Low Risk

• Medium Risk

• High Risk

High-risk customers such as Politically Exposed Persons (PEPs) or customers from sanctioned jurisdictions require additional monitoring.

________________________________________

3. Risk Mitigation

Once risks are assessed, organizations must implement appropriate control measures.

These may include:

• Customer Due Diligence (CDD)

• Enhanced Due Diligence (EDD)

• ongoing transaction monitoring

• suspicious activity reporting

This ensures that high-risk activities are subject to stronger oversight.

________________________________________

UAE’s Adoption of the Risk-Based Approach

The UAE has fully incorporated the Risk-Based Approach into its AML regulatory framework.

The country’s AML framework is primarily governed by Federal Decree Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations, which requires businesses to adopt risk-based compliance programs.

Under this framework, companies must:

• conduct enterprise-wide risk assessments

• implement customer risk profiling

• apply enhanced due diligence for high-risk customers

• maintain proper records and monitoring systems

________________________________________

Supervisory Authorities Implementing the Risk-Based Approach

Several regulators in the UAE supervise the implementation of the Risk-Based Approach.

Financial Sector Regulators

Financial institutions are supervised by:

• Central Bank of the UAE

• Securities and Commodities Authority

• Dubai Financial Services Authority

• Financial Services Regulatory Authority

These authorities conduct inspections and ensure that financial institutions implement adequate AML risk controls.

________________________________________

DNFBP Supervisory Authorities

Designated Non-Financial Businesses and Professions (DNFBPs) are also required to implement the Risk-Based Approach.

Key supervisory authorities include:

• UAE Ministry of Economy

• Dubai Land Department

• Free Zone Authorities such as DMCC and DAFZA

These regulators monitor compliance in sectors such as:

• precious metals and jewellery trading

• real estate brokerage

• auditing and accounting firms

• company service providers

________________________________________

Importance for Gold and Precious Metals Businesses

The UAE is one of the world's largest hubs for gold and precious metals trading, which makes this sector particularly sensitive from an AML perspective.

Authorities require businesses in this sector to implement strong risk-based compliance measures, including:

• identifying high-risk customers

• verifying source of funds and source of wealth

• maintaining detailed transaction records

• reporting suspicious activities through the UAE Financial Intelligence Unit goAML platform

These measures help ensure transparency and prevent illicit financial flows.

________________________________________

Benefits of the Risk-Based Approach

The Risk-Based Approach provides several advantages for businesses and regulators.

Efficient Use of Compliance Resources

Companies can focus their compliance efforts on higher-risk areas rather than applying unnecessary controls to low-risk activities.

Stronger Financial Crime Prevention

By targeting high-risk activities, authorities can detect suspicious transactions more effectively.

Improved Regulatory Compliance

Organizations implementing a proper risk-based compliance framework are better prepared for regulatory inspections.

________________________________________

Challenges Businesses Must Address

While the Risk-Based Approach provides flexibility, it also requires companies to develop strong internal compliance systems.

Businesses must ensure that they:

• conduct regular AML risk assessments

• update risk profiles periodically

• train employees on AML compliance

• maintain proper documentation and audit trails

Failure to implement effective risk-based controls can lead to regulatory penalties.

________________________________________

Conclusion

The Risk-Based Approach introduced by the Financial Action Task Force has become a cornerstone of modern AML compliance frameworks.

The UAE has adopted this approach through comprehensive legislation, regulatory supervision, and industry-wide compliance initiatives. By focusing on identifying and managing financial crime risks, the UAE continues to strengthen its position as a secure and trusted global business hub.

Businesses operating in the UAE must ensure that their AML frameworks align with the Risk-Based Approach to maintain compliance and support the country’s efforts to combat financial crime.

________________________________________

About Us

Sheikh Anwar Accounting and Auditing LLC is a Dubai-based professional firm specializing in:

• AML Compliance & Audits

• AML Risk Assessments

• AML Policy Development

• goAML Registration & Reporting

• UAE Corporate Tax Advisory

• VAT Compliance & Filing

• Financial Audit & Accounting Services

📍 Office Address:

Dubai Creek Tower, M-35, Dubai, United Arab Emirates

📞 Phone: +971 4 417 7402

📧 Email: info@sa-auditors.com

🌐 Website: www.sa-auditors.com