What Is an AML Checklist for Day-to-Day Operations in the UAE?

Having an AML compliance programme is essential, but what does AML look like in daily practice? Many UAE business owners have policies on paper but struggle to translate them into actionable daily routines. This checklist provides a practical, day-to-day guide to help your team stay AML-compliant in their everyday work.

Customer Onboarding Checklist

Before establishing a new business relationship, your team should complete the following:

For Individual Customers

• □ Collect a valid, unexpired government-issued ID (passport or Emirates ID)
• □ Verify the ID against the original document or a certified copy
• □ Collect proof of address (utility bill, bank statement, or government-issued document dated within three months)
• □ Screen the customer’s name against UAE and international sanctions lists
• □ Screen for PEP (Politically Exposed Person) status
• □ Assess the customer’s risk level (low, medium, or high) based on your risk criteria
• □ Document the source of funds for the relationship or transaction
• □ Record the purpose of the business relationship
• □ Apply Enhanced Due Diligence if any high-risk indicators are present
• □ Obtain senior management approval for PEP relationships

For Corporate Customers

• □ Collect the trade licence and certificate of incorporation
• □ Collect the memorandum and articles of association
• □ Identify all shareholders with 25% or more ownership
• □ Identify the Ultimate Beneficial Owner(s) — the natural person(s) who ultimately own or control the entity
• □ Verify the identities of beneficial owners using the individual CDD process above
• □ Collect a board resolution or power of attorney authorising the person acting on behalf of the company
• □ Verify the identity of the authorised signatory
• □ Screen all relevant parties (company, shareholders, beneficial owners, directors) against sanctions lists
• □ Assess the risk level of the corporate customer
• □ Document the nature of the company’s business and the purpose of the relationship

Daily and Weekly Operations Checklist

Transaction Monitoring

• □ Review all transactions processed that day/week for unusual patterns
• □ Flag transactions that exceed your defined thresholds (e.g., AED 55,000 for precious metals dealers)
• □ Investigate any flagged transactions to determine if they are suspicious
• □ Document the outcome of any investigation (suspicious or explained)
• □ Escalate genuinely suspicious transactions to the compliance officer

Red Flags to Watch For Daily

• □ Customer is reluctant to provide identification documents
• □ Customer provides inconsistent or contradictory information
• □ Transaction has no apparent economic purpose
• □ Transaction is significantly larger or different from the customer’s usual pattern
• □ Customer requests unusual payment methods (large cash, multiple transfers to different accounts)
• □ Customer is overly concerned about reporting requirements
• □ Transaction involves high-risk jurisdictions without clear business justification
• □ Customer attempts to rush or pressure staff to complete a transaction quickly

Monthly Checklist

• □ Review and update the customer risk register for any changes in customer profiles
• □ Check for expired customer identification documents and request renewals
• □ Review any pending CDD files to ensure they are complete
• □ Re-screen existing customers against updated sanctions lists
• □ Review transaction monitoring alerts and ensure all have been addressed
• □ Compile a summary of any STRs filed during the month
• □ File any pending reports with the FIU through the goAML platform

Quarterly Checklist

• □ Review and update the business risk assessment if there have been significant changes
• □ Conduct a quality review of a sample of CDD files
• □ Review the effectiveness of transaction monitoring thresholds and adjust if necessary
• □ Provide AML updates or refresher training to staff if needed
• □ Report AML compliance status to senior management or the board

Annual Checklist

• □ Conduct a full update of the business risk assessment
• □ Review and update all AML policies and procedures
• □ Conduct or commission an independent audit of the AML programme
• □ Provide comprehensive AML training to all relevant staff
• □ Document all training with dates, attendees, and content
• □ Review regulatory updates and incorporate changes into your programme
• □ Ensure all records meet the five-year retention requirement
• □ Prepare and present an annual AML compliance report to senior management

Suspicious Transaction Reporting (STR) Checklist

When a suspicious transaction is identified:

• □ Do NOT tip off the customer — do not inform them that a report is being filed or an investigation is underway
• □ Escalate the matter immediately to the compliance officer
• □ The compliance officer reviews the information and determines whether an STR should be filed
• □ If filing, submit the STR through the goAML platform to the UAE Financial Intelligence Unit
• □ File the STR promptly — do not delay
• □ Document the entire process, including the reasons for filing (or not filing)
• □ Do not proceed with the transaction until the compliance officer provides guidance
• □ Maintain the STR file separately from the customer’s regular file for confidentiality

Record-Keeping Checklist

• □ All CDD records are filed securely (physical or digital)
• □ Transaction records include date, amount, parties, and nature of transaction
• □ All records are retained for a minimum of five years from the end of the relationship or transaction date
• □ Records are accessible for inspection by supervisory authorities
• □ Confidential records (STRs, internal investigations) are stored separately with restricted access

Tips for Making This Checklist Work

1. Assign responsibility: Make specific team members responsible for each checklist item.
2. Use templates: Create standard templates for CDD files, investigation memos, and monthly reports.
3. Set reminders: Use calendar reminders for monthly, quarterly, and annual tasks.
4. Document everything: If it is not documented, it did not happen. Regulatory authorities want to see evidence of compliance, not just good intentions.
5. Review and improve: After each regulatory inspection or internal review, update the checklist based on lessons learned.

Conclusion

AML compliance is not a one-time project — it is a daily operational discipline. This checklist transforms your AML policies into practical, actionable steps that your team can follow every day, every week, every month, and every year. By consistently following these routines, your UAE business can maintain robust AML compliance and be ready for any regulatory inspection.