For SME founders, CFOs, and compliance managers in UAE Free Zones: This comprehensive guide helps you understand and respond to AML/CFT document requests with confidence.
Key Takeaways
- UAE Free Zones are requesting AML/CFT documents as part of strengthened compliance measures under Federal Decree-Law No. (20) of 2018
- All businesses, including SMEs, may be subject to these requests regardless of size or sector
- Required documents typically include UBO registers, financial statements, and stakeholder identification
- Prompt response and proper documentation are essential for maintaining compliance and business operations
Recently, many SME founders and finance professionals in UAE Free Zones have received emails from their respective Free Zone authorities regarding Anti-Money Laundering (AML) and Combatting the Financing of Terrorism (CFT) compliance.
This blog explains why these emails are being sent, what they mean for your business, and how you can respond smoothly and confidently.
What Are AML and CFT Compliance Requirements?
Anti-Money Laundering (AML) refers to the framework of laws, regulations, and procedures implemented to prevent and detect the concealment of illegally obtained funds within the financial system. Combatting the Financing of Terrorism (CFT) refers to measures aimed at preventing the use of financial systems to fund activities or organizations involved in terrorism. Together, AML and CFT are critical components of the UAE’s financial and regulatory infrastructure.
In the UAE, AML and CFT efforts are governed primarily by Federal Decree-Law No. (20) of 2018 and its implementing regulation Cabinet Decision No. (10) of 2019
Why AML Compliance Is Critical for New Businesses
AML compliance is not just a regulatory obligation but a business-critical practice from the start. Early adoption of AML measures supports sustainable business growth and protects your company’s reputation.
Risks of non-compliance include:
- Financial penalties and regulatory sanctions
- Reputational damage affecting client relationships
- Potential license suspension or revocation
- Banking relationship difficulties
Why Are Free Zones Sending AML/CFT Emails?
As part of the UAE government’s efforts to prevent money laundering, a series of guidelines have been issued to strengthen AML/CFT compliance across all business sectors. In line with this, several Free Zone authorities have begun reaching out to the registered entities, requesting documents for review.
The Article 1 of the Cabinet Decision No. 10 of 2019 defines “Supervisory Authority” as “Federal and local authorities entrusted by legislation to supervise the Financial Institutions, the designated non-financial businesses professions, Virtual Asset Service Providers and non-profit organizations or the competent authority in charge of approving the exercise of an activity or a profession if the legislation does not specify the relevant regulatory authority”.
This implies that Free Zone authorities that issue licenses and act as regulatory bodies are included within the definition of a ‘Supervisory Authority’. Therefore, Free Zone authorities may, on a random basis, request various documents—ranging from audited financial statements to passport and visa copies of shareholders or partners.
Is This Applicable to My Business?
Even if you are a small or mid-sized company, AML/CFT compliance may still apply depending on your nature of work. The Free Zone authority reaching out to you is simply checking for basic readiness — not conducting a detailed audit.
Understanding Ultimate Beneficial Ownership (UBO) Requirements
Ultimate Beneficial Ownership (UBO) refers to the natural person(s) who ultimately owns or controls a legal entity or arrangement. UBO requirements are a major compliance point in UAE free zones.
Why UBO matters for AML/CFT:
- Provides transparency on true ownership structures
- Helps prevent money laundering through complex corporate structures
- Required for enhanced due diligence processes
Information that must be collected:
- Full name and nationality of beneficial owners
- Percentage of ownership or control
- Nature and extent of beneficial interest
- Residential address and contact information
Key AML/CFT Documentation Required by UAE Free Zones
The free zone authority, at the time of registration and issuing the license, would have already obtained the KYC. Post this, and they may ask for a few basic documents such as-
| Document Type | DMCC | JAFZA | IFZA |
| Shareholder Register | Required | Required | Required |
| UBO Register | Required | Required | Required |
| Financial Statements | 3 months or audited | 3 months or audited | 3 months or audited |
- Shareholder or partner registers- In some cases, they may even attach a format
- Beneficial owner register– Format may be attached in some cases
- Company bank statement for three months or latest audited financial statements
- Proof of address of all stakeholders
- Passport and Visa copies of all stakeholders
This is not an exhaustive list, but the documents requested are generally basic in nature.
Common AML Compliance Mistakes and How to Avoid Them
Understanding typical pitfalls helps you proactively avoid errors and maintain smooth compliance processes.
Frequent mistakes include:
- Incomplete documentation: Submitting partial or outdated documents
- Lack of ongoing monitoring: Failing to update records when ownership changes
- Misunderstanding KYC requirements: Not collecting sufficient customer information
- Poor record keeping: Inadequate documentation storage and retrieval systems
Actionable tips to avoid them:
- Maintain a compliance checklist and review it quarterly
- Set up automated reminders for document renewals
- Implement a centralized document management system
- Conduct regular staff training on AML/CFT procedures
Step-by-Step Response to AML/CFT Requests
There is no need to be concerned upon receiving such an email. Start by reviewing the contents carefully and noting the documents being requested. Confirm that the email is indeed from your respective Free Zone authority. Once done, proceed with the next steps accordingly.
Step 1: Review the Request
Carefully review the email contents and verify the sender’s authenticity. Note the specific documents requested and the deadline for submission.
Step 2: Gather Required Documents
- Respond to the Free Zone authority within the given timeline.
- If you don’t have an AML policy yet, start preparing a basic one.
Step 3: Assign a Compliance Contact
- Assign a compliance contact person, even if informally for now.
- If needed, consult professionals for guidance and documentation support.
AML/CFT Compliance Checklist for UAE Free Zone Companies
Use this checklist to ensure comprehensive compliance:
- Updated shareholder and partner registers
- Complete UBO register with current information
- Recent bank statements (3 months) or audited financials
- Valid passport and visa copies for all stakeholders
- Proof of address for all stakeholders
- Basic AML policy document
- Designated compliance contact person
- Document management system in place
As your trusted compliance advisor, BCL helps founders and CFOs streamline core activities with our one-stop solutions for accounting, VAT, corporate tax, TRC, transfer pricing, and payroll, enabling businesses to maximize the benefits of outsourcing critical functions. Our team of experts helps and guides you in obtaining all necessary registrations and certificates and filing returns to ensure compliance and stay ahead of the competition.
Frequently Asked Questions
Who is responsible for AML/CFT compliance in a UAE free zone company?
The company’s management and designated compliance officer are responsible for ensuring AML/CFT compliance. For smaller companies, this responsibility typically falls on the managing director or a designated senior employee.
What happens if my business fails to comply with AML/CFT regulations in a UAE free zone?
Non-compliance can result in financial penalties, license suspension or revocation, reputational damage, and difficulties in maintaining banking relationships. The severity depends on the nature and extent of the non-compliance.
How often should AML/CFT policies be reviewed or updated?
AML/CFT policies should be reviewed at least annually or whenever there are significant changes in regulations, business operations, or ownership structure. Regular updates ensure continued compliance with evolving requirements.
For further information, reach out to our experts at punith@bclglobiz.com
Contact Us Today!
Our AML/CFT compliance experts will contact you within 24 hours
