22 GS

Elevating AML Compliance: Insights from the 2024 DNFBPs Thematic Review

Narasimha Das Aug 21, 2025

2024 Thematic Review offers timely and critical insights into regulatory expectations regarding Anti-Money Laundering (AML), Counter Financing of Terrorism (CFT), and Targeted Financial Sanctions (TFS) obligations.  This article provides a detailed analysis of the regulatory expectations, best practices, and areas for improvement, serving as a practical guide for Firms aiming to strengthen their AML compliance frameworks.

Business Risk Assessment (BRA): A Strategic Compliance Tool

The BRA is the cornerstone of a firm’s AML framework. Regulators expect DNFBPs to conduct a comprehensive assessment that clearly differentiates between money laundering (ML), terrorist financing (TF), and proliferation financing (PF) risks. This differentiation is not merely academic—it ensures that firms implement targeted controls for each risk type, rather than applying a one-size-fits-all approach.

A robust BRA must be supported by quantitative data and tailored to the firm’s nature, scale, and complexity. It should incorporate insights from the UAE National Risk Assessment (NRA) and relevant sectoral assessments, ensuring alignment with national priorities. Moreover, firms are expected to evaluate any new business activities, products, technologies, or client segments for additional AML/CFT risks.

Importantly, BRA outcomes should be integrated into management reporting. This enables senior leadership to make informed decisions, such as revising the firm’s risk appetite or reallocating AML resources. Staff awareness of BRA findings is also essential, as it ensures operational alignment and reinforces a culture of compliance.

Risk Appetite: Defining Boundaries for Risk Exposure

Risk appetite is a strategic expression of how much risk a firm is willing to accept. The review highlights that DNFBPs must define their risk appetite for ML, TF, and PF separately, rather than grouping them under a single umbrella. This distinction is crucial because each risk type presents unique vulnerabilities and regulatory implications.

Senior management must approve the firm’s risk appetite, and it should be documented within the BRA and underlying policies. 

SAR/STR Controls: Strengthening Detection and Reporting Mechanisms

Suspicious Activity and Transaction Reporting is a critical component of AML compliance. DNFBPs are required to establish internal policies and procedures that enable the timely identification and reporting of suspicious activities. These reports must be submitted to the UAE Financial Intelligence Unit (FIU) via the goAML portal, and firms must maintain strict confidentiality to avoid tipping off.

Effective SAR/STR controls include training employees to recognize red flags, maintaining detailed records of reports and supporting documentation, and implementing post-reporting risk mitigation measures. Firms should also have clear procedures for managing client relationships after a report is filed.

AML/CFT Training: Empowering Staff Through Knowledge

Training is the foundation of a firm’s AML culture. Regulators expect DNFBPs to implement ongoing, role-specific training programs that are tailored to the firm’s operations and updated regularly to reflect changes in regulations and emerging risks.

Training should cover internal AML procedures, red flag indicators, and the process for reporting suspicions. Firms must assess the effectiveness of their training programs and maintain detailed records of attendance, materials, and content.

2024 DNFBPs Thematic Review Summary

Regulatory Expectations

  • Comprehensive BRA covering ML, TF, PF risks
  • Integration of BRA into management decisions
  • Effective SAR/STR controls and reporting
  • Tailored AML training programs

Best Practices

  • 98.5% considered TFS, TF, PF risks in BRA
  • 95% BRA approved by senior management
  • 99% detect unusual activity
  • Annual AML training by MLRO

Areas for Improvement

  • Generic risk methodologies
  • Limited differentiation of TF/PF risks • SAR/STR reporting lacks clarity
  • Training not tailored to firm-specific risks

Recommendations

  • Conduct self-assessments
  • Address deficiencies and escalate findings
  • Update policies with regulatory changes
  • Prepare for 2025 onsite inspections

Related content

Article Fraud & Forensic Investigations
Nadeem Maniar Aug 18, 2025
Article Assurance
Armen Biberian Aug 1, 2025
Article Assurance
Saad Maniar Jul 31, 2025
Case study Internal Audit
Jul 15, 2025
Join our newsletter
Receive our insights direct to your inbox.
Sign up