AML, CTF & Sanctions Compliance

Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Compliance

Money laundering and terrorist financing can destabilise communities, economic sectors, or whole national economies. Criminals and terrorist networks may be able to carry out their criminal and potentially destructive activities through undetected financial support structures.

The DFSA is committed to maintaining a supervisory regime that acts as a significant deterrent to any criminal elements, including money launderers and persons wishing to assist, in any way, acts of terrorism.

The DFSA’s supervisory regime for Anti-Money Laundering, Counter Terrorist Financing (CTF) and Sanctions Compliance applies to:

  • An Authorised Firm other than a Credit Rating agency
  • An Authorised Market Institution
  • An Auditor

Collectively referred to as Relevant Persons.

The DFSA commits to keeping its regulatory regime in line with the standards set by key international standard-setters including the Financial Action Task Force (FATF).

The AML Module of the DFSA Rulebook contains all of the DFSA requirements on Anti-Money Laundering, Counter-Terrorist Financing and relevant sanctions in one module. It has been designed to provide a single reference point for Relevant Persons. The various obligations and requirements set out in the AML Module takes into consideration that different Relevant Persons have different AML risk profiles. Therefore it is important for Relevant Persons to familiarise themselves with the AML Module and assess the extent to which the Rules apply to them.

The requirements and obligations contained in the AML Module include:

Senior Management Responsibility: The senior management of a Relevant Person is ultimately responsible for compliance with the AML Module. In carrying out their responsibilities every member of a Relevant Person’s senior management must exercise due skill, care and diligence.Anti-Money Laundering policies and procedures: Relevant Persons must establish and maintain effective Anti-Money Laundering policies, procedures, systems and controls designed to prevent opportunities for money laundering in relation to the Relevant Person and its activities.

Money Laundering Reporting Officer: Relevant Persons must nominate a person as the Money Laundering Reporting Officer (MLRO). This person must be an individual who is ordinarily resident in the United Arab Emirates.

Risk Assessments and Customer Due Diligence: Relevant Persons must conduct risk assessments of their business and customers. The findings of these assessments should be used to determine the level of Customer Due Diligence (CDD) that should be undertaken. Generally, CDD is information and documents obtained about a customer and may assist a DNFBP to mitigate any AML risks identified with undertaking business with a customer.

Suspicious Activity Reports (SAR): Where a Relevant Persons or one of its employees knows or suspects, or has reasonable grounds for knowing or suspecting that a person is engaged in or attempting money laundering, terrorist financing it must report the matter internally to its MLRO. The MLRO must investigate and where required submit an SAR to the AMLSCU, and notify the DFSA.

AML Training and Awareness: Relevant Persons must provide AML training to all relevant employees at appropriate and regular intervals. This training should be tailored to the level of exposure to AML risks and issues.

The assessment considered 29 of the 30 IOSCO Principles (one Principle pertaining to payment systems was not applicable), and concluded that the DFSA had "Fully Implemented" 27 Principles and has "Broadly Implemented" the remaining two Principles.

Reporting Requirements to the DFSA: Relevant Persons are required to submit an Annual AML return to the DFSA. This return covers how the Relevant Person has complied with its AML obligations and is due 4 months after the end of the Relevant Person’s financial year end.

Federal AML Laws and Bodies

The AML Module of the DFSA Rulebook cannot be read in isolation from relevant UAE legislation.The UAE criminal law applies in the DIFC and, therefore, persons in the DIFC must be aware of their obligations in respect of criminal law as well as these Rules contained in the AML Module of the DFSA Rulebook. Relevant UAE criminal laws include Federal Law No. 4 of 2002 regarding the Criminalisation of Money Laundering, Federal Law No. 1 of 2004 regarding Combating Terrorism Offences and the Penal Code of the United Arab Emirates. The Rules in the AML Module of the DFSA Rulebook should not be relied upon to interpret or determine the application of the criminal laws of the UAE. Any criminal investigation and resulting penalties would be performed by UAE authorities.

The legislation referred to above can be found using the below links:

AML, CTF and Sanctions Resource

The information contained in this page and the associated links are designed to assist Relevant Persons to comply with the DFSA’s AML Module. The content of this resources page is not Guidance for the purposes of Article 2 of Schedule 1 of the Regulatory Law 2004.

The material contained in this page may be updated from time to time. Users of this resources page are advised to visit this page and its attachments periodically.

The topic areas covered in this page include:

  • Applying a Risk-Based Approach
  • Suspicious Activity Reports
  • Politically Exposed Persons (under construction)
  • Customer Due Diligence (under construction)
  • Sanctions and other International Obligations (under construction)
  • AML Training and Awareness (under construction)

The DFSA is committed to maintaining this page as a useful and valuable resource to Relevant Persons. Should you have any comments, feedback on the contents of this page or suggestions for further topics, please do not hesitate to contact the DFSA via the Supervised Firm Contact Form.

Suspicious Activity Reports (SAR)

The requirement to lodge a suspicious transaction report with the Central Bank of the UAE Anti-Money Laundering and Suspicious Cases Unit (AMLSU) is contained in UAE Federal Law No. 4 of 2002 regarding criminalisation of money laundering.

The AML Module of the DFSA Rulebook also contains a requirement that Relevant Persons report suspicious activities, including transactions, to the AMLSU. A Relevant Person is also required to notify the DFSA immediately following the submission to the AMLSCU.

The details of the AMLSCU are:

Central Bank of the UAE, AMLSCU, PO Box 854, Abu Dhabi, UAE.

Tel: +971 2 666 8496 | Email:

1. What is a Suspicious Activity Report (SAR)?

The Federal Law No. 4 of 2002 regarding Criminalisation of Money Laundering creates an obligation on all Financial Institutions to report suspicious transactions to the AMLSCU. The DFSA uses the term SAR to refer to such reports lodged by Financial Institutions.

The AMLSCU has made clear through various public outreach events that SARs should not be restricted to reporting of suspicious transactions.

SARs should include:

  • Any suspicious transactions
  • Any attempted suspicious transactions
  • Any suspicious activity or behaviour, including the actions of customers or potential customers

SARs should be submitted using the approved form and include the following:

  • All information that supports your SAR
  • Any additional information which would help the AMLSCU to further its investigations
  • Any additional information which could link the SAR to other SARs and other investigations if possible

Information contained in an SAR is confidential and Article 20 of the UAE Federal Law No. 4 of 2002, provides Relevant Persons with a protection from any criminal, civil or administrative liability which may result from providing the required information, provided it is submitted in good faith.

Following the SAR submission a Relevant Persons will often have on-going dialogue with the AMLSCU as the investigation continues and more information may be requested. The AMLSCU will provide the Relevant Person with a final outcome when a conclusion is reached.

The AMLSCU may instruct you on how to continue your business relationship with the subject of an SAR. If the subject of the SAR expresses a wish to move funds before you receive instructions from the AMLSCU, you should immediately contact the AMLSCU for further instructions.

Under Article 15 of the UAE Federal Law No. 4 of 2002 the failure to report an SAR to the AMLSCU by those who are aware of a suspicious activity or transaction may be a criminal offence, punishable by a fine or imprisonment or both.


Tipping Off

If a Relevant Person submits an SAR, the Relevant Person or its employees must not inform or tipoff the subject of the SAR that a report has been lodged, or that the person is being investigated. Tipping Off is an offence created by Article 16 of the UAE Federal Law No (4) of 2002 and is punishable by a fine or imprisonment or both.


Where can I find the SAR form?

Please click here for the soft copy (Word version) of the SAR Form that can be filled in and completed.

Please click here for a copy of the SAR Form as per the UAE AML Laws. The SAR Form can be located on the last page of this document - page 26.


3. Best practices when submitting an SAR?

Please click here to view a sample SAR form and how to respond to each section.

Please consider the following “Do’s and Don’ts” when submitting an SAR:


  • Do submit all supporting documentation with your SAR
  • Do submit an SAR for suspicious behaviour only i.e. no transaction is required
  • Do provide a soft copy SAR form, rather than submitting a handwritten SAR
  • Do submit an SAR within a reasonable timeframe of identified suspicious
  • Do include all relevant details in your SAR including source of funds, linked accounts, etc
  • Do report confidentially without involving unrelated people as it could alert the customer and be considered as “Tipping Off”
  • Do maintain your SARs as per the record keeping requirements
  • Do send additional SARs when further information comes to light in order to supplement the original suspicion; Please ensure that you make references to previous submissions
  • Do provide your contact details so that the AMLSCU can contact you with follow up questions
  • Do provide a clear trail of your cause for suspicions and as much detail as possible about the person(s) involved. Do notify the DFSA of any SAR you have lodged with the AMLSCU


  • Do not terminate the relationship intentionally prior or post raising the SAR unless there is a logical and/or unavoidable reason behind such action. Please wait for an official response from the AMLSCU.
  • Do not insert “refer to documents attached” under “Source of Suspicion.” A brief explanation in the space provided is required and identify the suspicion clearly and concisely. Do not forget to notify the DFSA when you have lodged an SAR with the AMLSCU.

4. Ideal SAR submission process:

*This flowchart is a simple representation of the typical process for lodging an SAR by a Relevant Person.

UN Security Council Resolutions and Sanctions and Other International Sources

The DFSA requires Relevant Persons to establish and maintain systems and controls to obtain and make appropriate use of relevant resolutions or sanctions issued by the United Nations Security Council. You may access current UN Security Council Resolutions using the following link:

Please note that DFSA will not issue any notifications in relation to the frequent amendments to the UN Consolidated List made by the United Nations Sanctions Committee. Accordingly, DNFBP need to ensure that their systems and controls are able to monitor any relevant changes.

Other International Sources

The DFSA expects Relevant Persons to obtain and take into consideration the broad range of information and tools used by competent authorities and international organisations. Relevant Persons may obtain relevant information from consolidated lists issued by international government agencies of which further details are contained below.

The DFSA encourages all Relevant Persons to regularly check and monitor these lists, where applicable, as a matter of good practice.

Foreign AML/CTF lists

The following lists published in the United Kingdom, United States of America, and by the European Union provide details of persons and entities identified by relevant authorities as being connected with illegal activity.

Consolidated list for financial sanctions in the European Union (EU)

The EU list is the consolidated list of persons, groups and entities subject to the Common Foreign and Security Policy related financial sanctions by the European Banking Federation, the European Savings Banks Group, the European Association of Co-operative Banks and the European Association of Public Banks ("the EU Credit Sector Federations") and the European Commission.

HM Treasury lists (UK)

The HM Treasury lists include those persons whose assets have been frozen in the UK on the direction of HM Treasury.

Office of Foreign Asset Controls – OFAC lists (US)

The US list consists of names that have been issued by the US authorities. They are individuals and organisations that are suspected as being connected with terrorist activities and other illegal activities.

Please note that some of the names on the US list appear also - either directly or as aliases for those names - on the HM Treasury lists or other lists.