fbpx
We are registered & approved tax agents by UAE Federal Tax Authority.
LinkedIn
Instagram
youtube
Sheikh Zayed Rd, Dubai
WhatsApp
info@jcauaeaudit.com
accountable for the countable
+971 4 343 8022
+971 50 249 8194
Enquire Now
UAE 2024 National Risk Assessment: AML Compliance Guide for DNFBPs

Understanding the Importance of the UAE 2024 National Risk Assessment: A Wake-Up Call for DNFBPs to Update AML Policies and Procedures

Many Designated Non-Financial Businesses and Professions (DNFBPs) in the UAE still rely on outdated methods to fight financial crimes. Such businesses include real estate brokers, dealers in precious metals, corporate service providers, auditors, and many others.

The UAE’s 2024 National Risk Assessment (NRA) has changed the game. It clearly outlines new sector-specific threats. For example, real estate and gold trading now carry higher risk ratings. Additionally, virtual asset service providers (VASPs), trade-based money laundering (TBML), and cybercrime have been identified as emerging threats requiring more attention from DNFBPs. To avoid falling behind, DNFBPs must update their internal risk models, policies, customer vetting systems, and onboarding forms. For this, businesses are also recommended to seek assistance from AML consultants in the UAE, such as JCA (Jitendra Chartered Accountants).

UAE 2024 NRA: What DNFBPs Need to Know

The 2024 National Risk Assessment highlights key threats across the DNFBP sector. Its purpose is to help businesses understand their risk exposure and improve their defenses. The report found:

  • Real Estate Brokers: High-risk due to large cash transactions and use of third parties.
  • Precious Metals Dealers: Medium-high risk from cash-heavy trades and cross-border transactions.
  • Corporate Services Providers: Medium risk, especially when legal persons or nominee arrangements are misused.
  • Independent Accountants: Medium-low risk, but gaps still exist in due diligence.
  • Virtual Asset Service Providers (VASPs): High-risk due to regulatory gaps and frequent use in cross-border transactions involving high-risk jurisdictions

All DNFBPs, whether high or low risk, must still apply risk-based controls.

 Required Actions for DNFBPs

  1. Update Business-Wide Risk Assessments (BWRA)

    Each DNFBP must reassess their internal risk levels using new data from the NRA. Key factors include:

  • Threats specific to their sector
  • Risks based on geographic operations
  • Delivery channels and types of services

BWRA must be documented with clear updates to scoring systems and customer categories.

  1. Update Customer Risk Assessments (CRA)

    CRA must reflect the updated BWRA. That means:

  • Adjusting how risk scores are calculated
  • Reviewing the existing customer base
  • Applying Enhanced Due Diligence (EDD) to high-risk clients

3. Change Onboarding Forms and Third-Party Agreements

Forms must now capture new risk indicators, like exposure to crypto, complex ownership, or high-risk countries. Third-party agreements must be reviewed to identify compliance deficiencies or outdated provisions.

Ensure onboarding forms and agreements also consider trade-based ML typologies and red flags related to cybercrime, as flagged by the latest NRA.

Moreover, businesses are recommended to consult AML consultants in the UAE to understand and do what is required.

 Watch Out for These Red Flags

The 2024 NRA highlights several red flags that demand extra scrutiny:

  • Customers using layered offshore structures
  • Clients linked to unlicensed virtual assets
  • Politically exposed persons from weak AML enforcement regions
  • Unusual transactions not aligned with customer profiles.
  • Payments structured to avoid reporting thresholds, often linked to trade-based money laundering.
  • Irregular crypto transfers or anonymous wallets.

 Staff Training Is a Must

All employees need to be trained on the updated NRA findings. Training must include:

  • Real-life case studies
  • Sector-specific red flag indicators
  • Updated internal procedures

Workshops and practical sessions should help staff understand how to apply new rules.

 Senior Management: More Than Just Signoffs

Leaders in DNFBPs must do more than approve changes. They must:

  • Understand the risk reports
  • Allocate resources for compliance upgrades
  • Promote a compliance-first culture internally

 Combating Misuse of Legal Structures

The NRA highlights the misuse of legal persons and nominee structures as a growing concern. DNFBPs must:

  • Perform deep checks to identify Ultimate Beneficial Owners (UBOs)
  • Ensure legal documents are complete and up to date
  • Monitor changes in ownership or control
  • Flag and report suspicious arrangements

 How to Handle Terrorism Financing Risks

Though rare, indirect links, terrorism financing can happen. DNFBPs must:

  • Add TF-specific checks to risk assessments
  • Watch for structured low-value transactions
  • Be alert to irregular crypto or third-party payments
  • Train staff to detect subtle TF risks

 Keep Your Records Ready

To show compliance, DNFBPs must maintain clean, up-to-date documentation, including:

  • BWRA and CRA files with full revision history
  • Training records and staff briefing logs
  • Updated policies and KYC forms
  • Audit and compliance reports

AML consultants in Dubai can help you compose and organize your records.

 Run a Gap Analysis

A gap analysis helps compare your current AML program against what the NRA requires. Look for:

  • Weak areas in due diligence or transaction monitoring
  • Missing controls for new risk types
  • A clear plan to fix all gaps, with senior management approval
  • Incomplete measures for trade-based ML or insufficient monitoring of cyber-enabled financial abuse

 Adjust Product and Service Risk Ratings

Some services are more likely to be misused, like:

  • High-value property sales
  • Cross-border gold trades
  • Company formation involving complex structures
  • Trade financing and supply chain services vulnerable to invoice manipulation or layering schemes

Make sure these risks are scored correctly in your internal system.

Risk Reviews Are Not One-Time Tasks

Risk assessments should be reviewed every year or sooner if there are:

  • Regulatory updates
  • Operational changes
  • Audit or inspection results
  • Cybersecurity incidents or exposure to new technologies like DeFi protocols may also warrant an immediate review

Don’t wait for problems to show up; stay ahead of the game.

Why Choose Jitendra Chartered Accountants (JCA)?

The 2024 NRA is a solemn reminder: staying compliant means staying informed and ready to act. For DNFBPs, now is the time to review everything, from how you assess customers to how your forms are designed. JCA is here to help you through this. Our experts will help you update your policies, retrain your teams, be competitive, and show regulators you’re not just meeting the minimum; you’re committed to doing it right.

Menu