AML/CFT Assessment Questionnaire Guide

The Ministry of Economy has requested that all Designated Non-Financial Businesses and Professions (DNFBPs) complete a Self ML/TF Risk Assessment Data Collection Questionnaire on Suspicious Activity Reports (SARs), Suspicious Transaction Reports (STRs), and Transaction Monitoring. This questionnaire is crucial for enhancing the AML/CFT framework in the country and ensuring compliance with regulations.

Accurate and complete responses will help the Ministry of Economy assess the effectiveness of AML/CFT measures within the DNFBP sector. We urge all DNFBPs to prioritize the completion of this questionnaire. Failure to submit the completed questionnaire by the deadline may result in regulatory action.

ProAct is a leading provider of AML/CFT compliance solutions and risk management consulting. We have extensive experience in assisting businesses in conducting AML/CFT risk assessments and developing and implementing AML/CFT programs.

ProAct is committed to assisting DNFBPs in navigating this process. Our AML Compliance team is available to provide guidance and support in completing the questionnaire. We can help you understand the requirements, interpret the questions, and ensure your responses are accurate and comprehensive.

Clarifications of some of the questions are listed below.

Section 1: General Information

1. Please select the registration authority:

What this means: This question asks you to specify the relevant authority with which your company is registered. This could be the Department of Economic Development (DED) or another governmental authority in the UAE.
How to answer: Select the appropriate registration authority from the available list or provide the name if it’s not listed.

2. Please select your establishment’s legal form, update the trade license number in the comment box, and attach your legal entity’s Trade License:

What this means: You need to indicate the legal form of your company (e.g., LLC, joint-stock company) and provide the trade license number, along with a copy of the trade license.
How to answer: Choose your company’s legal form, enter the trade license number in the provided comment box, and upload a copy of your trade license.

3. Please select your sector from the below list:

What this means: You are asked to select the sector that best represents your company’s activities (e.g., finance, legal services, real estate).
How to answer: Choose the sector that aligns with your company’s business operations from the available list.

4. Select the services you provided to your clients during the reporting period:

What this means: You need to list the services your company has provided to clients during the reporting period. If your services don’t match any of the options provided, select None of the above and attach a confirmation letter explaining this.
How to answer: Select the applicable services provided during the period. If none apply, select None of the above and attach a confirmation letter with details.

5. Does the company have a bank account in the UAE? If yes, please provide the bank name:

What this means: You are asked whether your company holds a bank account in the UAE and to provide the name of the bank if applicable.
How to answer: If you have a bank account, answer Yes and provide the name of the bank. If not, answer No.

6. Did a bank or any other financial institution decide to close an account or end an ongoing relationship with your establishment?

What this means: This asks if any bank or financial institution has closed an account or ended an ongoing relationship with your company during the reporting period.
How to answer: If an account was closed, answer Yes, and provide the bank’s name and the reason for the closure.

7. If yes, please provide the name of the bank or financial institution:

What this means: You are asked to specify the name of the bank or financial institution that closed the account or ended the relationship.
How to answer: Provide the name of the institution involved.

8. If yes, please provide the rationale for the account closure or ending the relationship:

What this means: This asks for the reason the bank or financial institution closed the account or ended the relationship.
How to answer: Provide the rationale or reason given for the closure or relationship termination.

9. If yes, please attach the account closure letter or email:

What this means: You are asked to upload a letter or email from the bank or financial institution confirming the account closure or termination of the relationship.
How to answer: Attach the letter or email received from the bank regarding the closure or termination.

10. Did a bank or financial institution refuse to open a new account or enter into a new relationship with your establishment?

What this means: This asks whether any bank or financial institution has refused to open an account or establish a new relationship with your company during the reporting period.
How to answer: If a bank or financial institution refused, answer Yes. If not, answer No.

11. If yes, please provide the name of the bank or financial institution:

What this means: You are asked to specify the name of the bank or financial institution that refused to open an account or establish a new relationship.
How to answer: Provide the name of the institution that refused to establish a relationship.

12. If yes, please provide the rationale for refusing to open an account or establish a relationship with your establishment:

What this means: This asks for the reason the bank or financial institution refused to open an account or establish a relationship.
How to answer: Provide the rationale or reason given for the refusal.

13. Please provide and attach your establishment’s full ‘shareholding structure’ up to the Beneficial Owners, including beneficiaries of trusts if any:

What this means: You are asked to provide a detailed structure of your company’s ownership, including the names of shareholders, ultimate beneficial owners, and any beneficiaries of trusts.
How to answer: Attach a document or diagram that outlines the full shareholding structure, showing how the ownership leads to the beneficial owners.

14. Does your establishment have any other DNFBP (Designated Non-Financial Business or Profession) affiliates in the UAE under the MOE’s supervision? If so, a copy of the affiliate’s trade licenses should be attached:

What this means: This asks whether your company has any affiliates in the UAE that are supervised by the Ministry of Economy (MOE) as a DNFBP.
How to answer: If you have affiliates, answer Yes and attach a copy of their trade licenses. If you don’t have affiliates, answer No.

Section 2: Risk Assessment Data Collection Questionnaire

1. Does your company have a complex ownership structure?

What this means: Is your company owned by multiple parties or other companies, with layers of ownership?
How to answer: Answer Yes if ownership is complex, with multiple levels or entities involved. If ownership is simple and clear, answer No.

2. Is your establishment a member of a group of companies?

What this means: Are you part of a larger group of companies that operate together?
How to answer: Answer Yes if your company is part of a group (like a parent company with subsidiaries). Answer No if you operate independently.

3. Total number of employees in your establishment

What this means: How many people work for your company?
How to answer: Count the total number of employees and provide the exact figure.

4. What is the total number of branches for your establishment?

What this means: How many offices or locations does your company have?
How to answer: Count the total number of branches and provide the exact number.

5. Does your establishment hold any Power of Attorney (POA) or authorization arrangements with clients?

What this means: Does your company have agreements where clients give you the legal right to act on their behalf?
How to answer: If you hold such agreements, answer Yes and describe them. If you do not, answer No.

6. Does any individual within your establishment hold a Power of Attorney (POA) or authorization to act on behalf of clients?

What this means: Does anyone in your company have permission from clients to act for them?
How to answer: Answer Yes if anyone in your company has this authority. Provide details of the individuals and their level of authority.

7. Do you have any clients who are acting as trustees for a trust?

What this means: Do any of your clients manage or control a trust (a legal arrangement for holding assets)?
How to answer: Answer Yes if any of your clients are trustees. If none, answer No.

8. Provide the number of clients who are trusts or legal arrangements in your establishments.

What this means: How many of your clients are trusts or legal arrangements?
How to answer: Count the number of clients who are trusts or other legal arrangements and provide the total.

9. Provide the value of transactions for trusts or legal arrangements clients in your establishments.

What this means: What is the total value of transactions done for trust or legal arrangement clients?
How to answer: Add up the total transaction values for these clients and provide the figure.

10. What is your establishment’s total turnover (in AED) for the last reporting period for active clients? (Only for the following activities)

What this means: How much business did your company handle for active clients during the last reporting period? (The listed activities are specific to brokers, real estate agents, precious metal dealers, etc.)
How to answer: Add up the total revenue or transaction value for all active clients and provide the figure.

11. Does your establishment have foreign clients?

What this means: Do you have clients who are based outside the UAE?
How to answer: If you have clients from abroad, answer Yes. If not, answer No.

12. Provide the total number of foreign clients.

What this means: How many of your clients are from other countries?
How to answer: Count the total number of foreign clients and provide the number.

13. Do you have Natural Persons (individuals) as clients which includes residents and non-residents?

What this means: Do you serve individual clients, including people living in the UAE (residents) and those from other countries (non-residents)?
How to answer: If you have both resident and non-resident individuals as clients, answer Yes.

14. Provide the total number of resident natural persons (Individual) clients.

What this means: How many of your clients are individuals who live in the UAE?
How to answer: Count the number of resident individual clients and provide the number.

15. Provide the total number of Non-resident natural persons (Individual) clients.

What this means: How many of your clients are individuals who do not live in the UAE?
How to answer: Count the number of non-resident individual clients and provide the number.

16. Provide the total transaction values of resident natural persons (Individual) clients.

What this means: What is the total value of transactions for your resident individual clients?
How to answer: Add up the transaction values for resident individual clients and provide the figure.

17. Provide the total transaction values of Non-resident natural persons (Individual) clients.

What this means: What is the total value of transactions for your non-resident individual clients?
How to answer: Add up the transaction values for non-resident individual clients and provide the figure.

18. Do you have corporate clients (which includes domestic and international) in your client list?

What this means: Do you work with companies as clients, both domestic and international?
How to answer: If you have corporate clients, answer Yes. If not, answer No.

19. Provide the total number of domestic corporate clients.

What this means: How many of your clients are companies based in the UAE?
How to answer: Count the number of domestic corporate clients and provide the number.

20. Provide the total number of International corporate clients.

What this means: How many of your clients are companies based outside the UAE?
How to answer: Count the number of international corporate clients and provide the number.

21. Provide the total transaction values of domestic corporate clients.

What this means: What is the total value of transactions for your domestic corporate clients?
How to answer: Add up the transaction values for domestic corporate clients and provide the figure.

22. Provide the total transaction values of International corporate clients.

What this means: What is the total value of transactions for your international corporate clients?
How to answer: Add up the transaction values for international corporate clients and provide the figure.

23. Does your establishment have corporate clients that have beneficial owners who are non-residents? If yes provide the number of clients

What this means: Do any of your corporate clients have owners who do not live in the UAE?
How to answer: If you have such clients, answer Yes and provide the number of clients with non-resident beneficial owners.

24. Number of clients onboarded through face-to-face?

What this means: How many clients did you sign up through in-person meetings?
How to answer: Count the number of clients onboarded in-person and provide the number.

25. Provide the percentage of clients using face-to-face channels.

What this means: What percentage of your new clients were signed up through in-person meetings?
How to answer: Provide the percentage of clients you onboarded face-to-face.

26. Number of clients onboarded through non-face-to-face?

What this means: How many clients did you sign up remotely or through digital means (e.g., online registration)?
How to answer: Count the number of clients onboarded remotely and provide the number.

27. Provide the percentage of clients using non-face-to-face channels.

What this means: What percentage of your new clients were onboarded through online or other remote means?
How to answer: Provide the percentage of clients onboarded through non-face-to-face channels.

28. Does your establishment have Politically Exposed Persons (PEPs) as customers/clients?

What this means: Do any of your clients hold political positions or have close ties to politicians?
How to answer: If you have clients who are considered Politically Exposed Persons (PEPs), answer Yes and provide the number.

29. Does the establishment have Domestic Politically Exposed Persons as clients?

What this means: Do any of your clients who are PEPs come from the UAE?
How to answer: If you have domestic PEPs, answer Yes and provide the number of such clients.

30. Does the establishment have Foreign Politically Exposed Persons as clients?

What this means: Do any of your clients who are PEPs come from other countries?
How to answer: If you have foreign PEPs, answer Yes and provide the number of such clients.

31. Do you rely on a third party to undertake your CDD measures?

What this means: Do you hire another company or service to handle your customer due diligence (verifying client identity)?
How to answer: If you use a third party for these checks, answer Yes. Provide details.

32. Number of clients onboarded relying on third-party CDD measures

What this means: How many clients did you onboard with the help of a third-party verification service?
How to answer: Count the number of clients who used third-party CDD and provide the number.

33. How many such clients are active still?

What this means: Of the clients verified by a third party, how many are still active?
How to answer: Provide the number of currently active clients.

34. Total number of products or services provided using emerging technologies?

What this means: How many products or services does your company offer using new technologies like AI, blockchain, etc.?
How to answer: Count these products or services and provide the number.

35. Provide the total value of transactions provided through emerging technologies.

What this means: What is the total value of transactions done using these advanced technologies?
How to answer: Add up the transaction values involving emerging technologies and provide the figure.

36. Total number of products/services provided through third parties (online platforms, digital channels, etc.) in your establishment?

What this means: How many products or services does your company offer through third-party platforms like online marketplaces or digital channels?
How to answer: Count these products or services provided via third parties and give the number.

37. Number of clients serviced through face-to-face channel?

What this means: How many clients were served through in-person meetings?
How to answer: Count how many clients were served face-to-face and provide the number.

38. Provide the percentage of clients using face-to-face channels.

What this means: What percentage of your clients are served in-person, compared to other methods?
How to answer: Provide the percentage of clients served face-to-face.

39. Number of clients serviced through non-face-to-face channels?

What this means: How many clients were served remotely, through digital or online channels?
How to answer: Count how many clients were served remotely and provide the number.

40. Provide the percentage of clients using non-face-to-face channels.

What this means: What percentage of your clients are served remotely or online?
How to answer: Provide the percentage of clients served via non-face-to-face methods.

41. Select the payment methods you accept (Virtual Currency, Cash, Cheque, Bank Transfer, Others).

What this means: What types of payments does your company accept (e.g., cash, bank transfers, or digital currencies)?
How to answer: Select all payment methods you accept from the provided list.

42. Do you have any branches/subsidiaries, representative offices, or primary operations outside the UAE?

What this means: Does your company operate or have branches, offices, or subsidiaries in other countries?
How to answer: Answer Yes if you have operations outside the UAE. Answer No if you only operate in the UAE.

43. Do you have clients from high-risk countries?

What this means: Do you have clients from countries that are considered high-risk due to factors like political instability or money laundering concerns?
How to answer: If you have clients from high-risk countries, answer Yes. If not, answer No.

44. Provide the total number of clients from high-risk countries.

What this means: How many clients do you have from high-risk countries?
How to answer: Count the number of clients from these countries and provide the number.

45. Provide the total value of transactions from high-risk countries clients.

What this means: What is the total value of transactions with clients from high-risk countries?
How to answer: Add up the total transaction values from high-risk country clients and provide the figure.

46. Total number of transactions with beneficiary or originator domiciled in a country with weak implementation of UNSCR obligations or FATF standards or a weak export control regime (FATF).

What this means: How many transactions were involved with individuals or companies from countries that have weak anti-money laundering (AML) controls or are not following international standards (FATF)?
How to answer: Count the number of these transactions and provide the number.

47. Does your entity identify that any of your clients (entities) are owned or operated by or on behalf of DPRK/Iran or dual citizens of DPRK/Iran or DPRK/Iran entities?

What this means: Have you identified clients who are owned or controlled by North Korea (DPRK) or Iran, or have links to these countries?
How to answer: If yes, answer Yes and provide the details. If not, answer No.

48. Do you have clients / UBOs (Ultimate Beneficial Owners) of clients who are nationals of the following countries? Iran, North Korea, Myanmar.

What this means: Do any of your clients or their ultimate beneficial owners (those who benefit from the company) come from Iran, North Korea, or Myanmar?
How to answer: If yes, answer Yes and provide the details. If not, answer No.

49. If yes, total number of transactions involving nationals from Iran, North Korea, Myanmar.

What this means: How many transactions were made by clients from these countries?
How to answer: Count the transactions from these countries and provide the number.

50. If yes, total value of transactions involving nationals from Iran, North Korea, Myanmar.

What this means: What is the total value of the transactions made by clients from these countries?
How to answer: Add up the transaction values and provide the exact figure.

51. Do you have any customers that are the subject of international sanctions, such as targeted financial sanctions (TFS), UAE, OFAC, UN and EU restrictive measures?

What this means: Are any of your clients under international sanctions (e.g., UN, EU, UAE sanctions)?
How to answer: If yes, answer Yes and provide details. If no, answer No.

52. Does your business or profession perform any of the following activities? (Please select all that apply and provide more details on the selected items other than not applicable option)

What this means: Does your company provide services like managing clients’ assets, organizing company formation, or managing legal arrangements?
How to answer: Select the activities your business is involved in and provide details if applicable.

53. Does your company hold assets under management/custody on behalf of clients? If yes, please provide the maximum value of the assets during the reporting period.

What this means: Do you manage or hold assets (like money or property) for your clients? What is the highest value of assets you held during the reporting period?
How to answer: If yes, provide the maximum value of assets managed.

54. Do you have clients with the trust legal form? If yes, please select the type of trusts your clients are involved in.

What this means: Do any of your clients use trusts (legal arrangements for holding assets)? What type of trusts are they?
How to answer: Select the type of trust (e.g., family trust) and provide the number of clients involved in them.

55. Provide the total value of the transactions.

What this means: What is the total value of transactions with clients who have trusts?
How to answer: Add up the transaction values and provide the exact figure.

56. Provide the total value of the transactions if any of the products/services offered to non-customers.

What this means: If you provided services to non-customers (people or businesses who aren’t clients), what is the total value of those transactions?
How to answer: Add up the value of transactions for non-customers and provide the exact figure.

57. Do you manage funds owned by your customers? If yes, provide the total number of clients.

What this means: Do you manage money or funds on behalf of your customers? If yes, how many clients are involved?
How to answer: Count the number of clients whose funds you manage and provide the number.

58. If yes, provide the total value of funds managed.

What this means: What is the total value of the funds you manage on behalf of clients?
How to answer: Add up the total value of the funds managed and provide the exact figure.

59. Do you manage bank accounts, saving accounts, or securities accounts on behalf of your customers?

What this means: Do you manage clients’ bank accounts, savings accounts, or securities accounts (stocks, bonds)?
How to answer: If yes, provide the number of clients and the total value of accounts you manage.

60. Do you deal in physical cash transactions?

What this means: Does your company handle transactions that involve physical cash?
How to answer: If you handle cash transactions, answer Yes. If not, answer No.

61. Total number of physical cash transactions.

What this means: How many cash transactions did your company handle during the reporting period?
How to answer: Count the total number of cash transactions and provide the number.

62. Total value of physical cash transactions.

What this means: What is the total value of cash transactions your company handled?
How to answer: Add up the total value of cash transactions and provide the exact figure.

63. Total number of physical cash transactions below 55,000 AED

What this means: How many cash transactions were below 55,000 AED?
How to answer: Count the transactions under this amount and provide the number.

64. Provide the number of physical cash transactions equal to or above AED 55,000?

What this means: How many cash transactions were 55,000 AED or more?
How to answer: Count and provide the number of these transactions.

65. Did your establishment accept any virtual assets as payments during the reporting period?

What this means: Did your company accept virtual assets (such as cryptocurrencies) as payment during the reporting period?
How to answer: If your company accepted virtual assets (e.g., Bitcoin, Ethereum), answer Yes. If not, answer No.

66. If yes, provide the total number of the transactions.

What this means: How many transactions involved virtual assets as payments?
How to answer: Count the number of transactions that involved virtual assets and provide the number.

67. If yes, provide the total value of the transactions in AED.

What this means: What is the total value of the virtual asset transactions you accepted during the reporting period in AED?
How to answer: Add up the value of all the virtual asset transactions and provide the exact total in AED.

68. Provide the names of the virtual assets accepted.

What this means: Which virtual assets (cryptocurrencies) did your company accept as payments? For example, Bitcoin, Ethereum, etc.
How to answer: List the names of the virtual assets you accepted as payment, such as Bitcoin, Ethereum, or others.

69. Does your establishment appoint a Compliance Officer?

What this means: This question is asking if your company has designated someone to be responsible for ensuring compliance with AML/CFT/CPF regulations.
How to answer: If you have appointed, answer Yes. If not, answer No.

70. Is the Compliance Officer your own employee or is it outsourced or third-party?

What this means: This is asking whether the Compliance Officer works directly for your company or if their role is handled by an external service.
How to answer: Answer whether your compliance officer is Internal to outsourced.

71. If it is outsourced or third-party, provide the name of the company.

What this means: If the role of Compliance Officer is outsourced, the company wants to know the name of the external provider.
How to answer: [Company Name]. (If applicable)

72. Location of the entity (outsourced/third-party).

What this means: If the Compliance Officer is outsourced, the question is asking where the third-party company is located.
How to answer: [Country Name]. (If applicable)

73. What is the total years of experience of the Compliance Officer in AML/CFT/CPF?

What this means: The question is asking for the length of time the Compliance Officer has worked in compliance, specifically within anti-money laundering (AML), counter-financing of terrorism (CFT), and counter-proliferation financing (CPF).
How to answer: The Compliance Officer has [X] years of experience in AML/CFT/CPF, If Any.

74. Does the Compliance Officer have any professional AML/CFT/CPF qualifications?

What this means: This is asking if the Compliance Officer holds any recognized certifications or qualifications in AML/CFT/CPF.
How to answer: If Yes, answer Yes. If not, answer No.

75. Does the Compliance Officer have the authority and independence to perform his duties?

What this means: This is ensuring that the Compliance Officer has the authority and independence to act freely and without external influence in their role.
How to answer: If the Compliance Officer has full authority and independence to perform duties, answer Yes. If not, answer No.

76. Does the Compliance Officer perform any other responsibilities or duties?

What this means: This asks whether the Compliance Officer has responsibilities outside of AML/CFT/CPF compliance.
How to answer: If the Compliance Officer only focuses on AML/CFT/CPF matters, answer No. Otherwise, answer Yes.

77. What is the reporting line of the Compliance Officer?

What this means: This asks who the Compliance Officer reports to within the organization, such as a senior manager or board of directors.
How to answer: Mention how it is structured.

78. Does the Compliance Officer ensure compliance with the AML/CFT/CPF policies and procedures of the establishment?

What this means: This asks whether the Compliance Officer is actively involved in making sure the company is following the relevant laws and procedures.
How to answer: Yes, if the Compliance Officer ensures full compliance with AML/CFT/CPF policies, Otherwise No

79. Does your establishment have a backup resource/employee in case the Compliance Officer is absent?

What this means: This asks if there is someone who can take over the Compliance Officer’s responsibilities in case of absence.
How to answer: Yes, If there is soemone handle responsibilities in the absence of the Compliance Officer, Otherwise No.

80. Total number of staff in the compliance department?

What this means: This is asking for the total number of employees in your compliance department, including the Compliance Officer.
How to answer: Mention the number of staffs in compliance department, If Any

81. Have you outsourced any of the Compliance Officer responsibilities?

What this means: This asks whether any of the Compliance Officer’s duties have been delegated to an external party.
How to answer: Answer No, if you do not outsource any of the Compliance Officer’s responsibilities, Otherwise Yes.

82. Does the Compliance Officer prepare periodic AML/CFT/CPF reports to the Board, Senior Management, and Supervisory bodies?

What this means: This asks if the Compliance Officer regularly prepares and submits reports on compliance to key stakeholders.
How to answer: Answer Yes, If periodic reports are prepared and submitted to the Board and senior management, Otherwise No.

83. Does your business or profession provide training to the board of directors, managers, and employees on PF-related issues?

What this means: This is asking if the company provides training related to Proliferation Financing (PF) for key staff members.
How to answer: Answer Yes, If you conduct training sessions for board members, managers, and employees regarding Proliferation Financing (PF), Otherwise No.

84. If yes, describe the nature of the training accordingly.

What this means: This asks for a description of the training content and how it addresses PF-related issues.
How to answer: Describe training contents.

85. Total number of trainings over the last two years.

What this means: This asks how many training sessions have been conducted over the past two years.
How to answer: Mention number of training conducted over the last two years.

86. Does your establishment conduct regular ongoing training for staff on AML/CFT/CPF obligations and sanctions evasion typologies annually?

What this means: This asks whether the company provides regular, ongoing training on AML/CFT/CPF topics each year.
How to answer: Answer Yes, if you conduct annual AML/CFT/CPF training for all staff, Otherwise No.

88. Total number of trainings conducted during the last calendar year?

What this means: This is asking for the number of training sessions held in the previous calendar year.
How to answer: Mention number of training sessions held during last calendar year.

89. Do you use any external party for training?

What this means: This asks whether you hire an external organization to provide training, rather than doing it in-house.
How to answer: Answer Yes, If you use external provider for training sessions, Otherwise No.

90. Does your establishment conduct AML/CFT/CPF training immediately or shortly after recruitment, including the compliance staff?

What this means: This asks if newly hired staff, including the compliance team, receive AML/CFT/CPF training soon after joining the company.
How to answer: Answer Yes, If all new recruits undergo AML/CFT/CPF training as part of the onboarding process, Otherwise No.

91. Do you provide sufficient training to your staff to enable them to identify UBO structure?

What this means: This asks whether staff is trained to recognize and understand Ultimate Beneficial Ownership (UBO) structures.
How to answer: Answer Yes, if the training includes the identification of Ultimate Beneficial Owners (UBO), Otherwise No.

92. How is the effectiveness of internal and external training assessed?

What this means: This asks how the company evaluates whether the training is effective.
How to answer: Mention how you assess training effectiveness like through quizzes, feedback forms, and performance evaluations etc.

93. Does your entity ensure that the compliance officer and other relevant employees are attending the trainings/workshops organized by MOE, EOCN, FIU, Registrars?

What this means: This asks whether the Compliance Officer and relevant employees attend external training organized by regulatory bodies.
How to answer: Answer Yes, if your compliance officer and relevant employees attend all workshops organized by MOE, EOCN, FIU, and Registrars, Otherwise No.

94. Do you have policies and procedures that include mitigation measures related to cash transactions?

What this means: This asks whether your company has set policies and procedures in place to address risks related to cash transactions.
How to answer: Answer Yes, if you have detailed policies and procedures in place for cash transactions, Otherwise No.

95. Have you considered physical cash transactions while performing your entity’s risk assessment?

What this means: This asks if your company’s risk assessment takes into account the risks associated with physical cash transactions.
How to answer: Answer Yes, if physical cash transactions are included in our entity’s risk assessment, Otherwise No.

96. What is the risk rating assigned for physical cash transactions considering your business model?

What this means: This asks for the level of risk your company associates with cash transactions, based on your business model.
How to answer: Mention the risk rating for cash transactions, considering the nature of your business.

97. Do you have scenarios in your transaction monitoring system to detect physical cash transactions?

What this means: This asks whether your company’s monitoring system is designed to detect unusual or suspicious cash transactions.
How to answer: Answer Yes, if your transaction monitoring system includes scenarios to detect unusual cash transactions, Otherwise No.

98. Have you been inspected or undergone examination from MOE or Registrar on AML/CFT/CPF in the previous five years?

What this means: This asks if your company has undergone any inspections by regulators within the past five years.
How to answer: Answer Yes, if you have undergone an examination by [MOE/Registrar] within the last five years, Otherwise No.

99. Are there any outstanding regulatory issues related to AML/CFT/CPF from previous examinations?

What this means: This is asking whether there are unresolved issues from any past inspections.
How to answer: Answer No, if there are no outstanding regulatory issues, Otherwise Yes.

100. Were there any prior regulatory enforcement actions related to AML/CFT and PF?

What this means: This asks if the company has faced any enforcement actions related to AML/CFT/CPF compliance in the past.
How to answer: Answer No, if there have been no enforcement actions, Otherwise Yes.

101. Do you have a transaction monitoring system?

What this means: This asks whether your business has a system in place that helps track and review transactions to detect suspicious activity.
How to answer: If you have a system that tracks transactions for any signs of suspicious activity, answer yes. If you don’t, answer no.

102. Do you have scenarios in your transaction monitoring system to identify the below?

What this means: The question lists specific types of suspicious activity your system should be able to identify, like large cash transactions, attempts to break up transactions into smaller amounts, or complex transactions that seem unusual.
How to answer: Check if your system is set up to recognize these activities. If it is, answer yes for each type. If it’s not, answer no.

103. Are higher-risk customers subject to more continuous transaction monitoring?

What this means: This asks whether your system provides more frequent monitoring for customers who are considered higher risk.
How to answer: If your business monitors high-risk customers more closely, answer yes. If not, answer no.

104. Do you define a clear escalation framework for the review of alerts generated through your transaction monitoring systems and/or manual processes?

What this means: This asks if there is a process to escalate (or move to a higher level of review) suspicious activities that your monitoring system flags.
How to answer: If you have a clear process for reviewing flagged activities, answer yes. If not, answer no.

105. Do you conduct and complete an investigation of the alerted activity?

What this means: This asks if you investigate any suspicious activity that is flagged by your monitoring system.
How to answer: If you investigate flagged activities, answer yes. If you don’t, answer no.

106. Does your establishment maintain the most up-to-date records of the UN Consolidated List and UAE Local Terrorist List at all times for screening?

What this means: This asks whether you regularly check and update your lists of individuals or entities associated with terrorism, from both the UN and UAE.
How to answer: If you regularly update and maintain these lists for screening, answer yes. If not, answer no.

107. Did your establishment subscribe to the Sanctions List published by the Executive Office for Control and Non-proliferation?

What this means: This asks whether your business is using the list of sanctioned entities published by the UAE’s Executive Office for Control and Non-proliferation.
How to answer: If you are subscribed to this list for screening purposes, answer yes. If not, answer no.

108. Does your institution monitor Proliferation Financing (PF) red flags?

What this means: This asks whether your business watches for signs of financing related to the spread of weapons or dangerous materials.
How to answer: If you monitor these signs, answer yes. If not, answer no.

109. Does your business or profession consider PF-sensitive or dual-use goods as a risk factor?

What this means: This asks if your business considers items that could be used for both civilian and military purposes (dual-use goods) or sensitive items (PF-sensitive goods) to be a potential risk.
How to answer: If you do, answer yes. If not, answer no.

110. Does your business have policies, procedures, and controls related to PF-sensitive or high-risk products and services?

What this means: This asks if your business has rules to handle products or services that are sensitive or high-risk due to their potential use in financing the spread of weapons.
How to answer: If you have these procedures, answer yes. If not, answer no.

111. Has your business filed any Suspicious Transaction Reports (STRs) related to PF?

What this means: This asks whether your business has reported any suspicious transactions linked to Proliferation Financing.
How to answer: If you’ve filed any STRs, provide the number of reports. If not, answer no.

112. Do your alert systems include both TF and PF sanctions evasion red flags?

What this means: This asks if your system can detect red flags related to attempts to evade sanctions, both for Terrorist Financing (TF) and Proliferation Financing (PF).
How to answer: If your system can detect these red flags, answer yes. If not, answer no.

113. Do you respond to communications received from the Executive Office for Control and Non-Proliferation (EOCN) via the goAML message board within 48 hours?

What this means: This asks if you respond to inquiries from the EOCN within two days.
How to answer: If you always respond within this timeframe, answer yes. If not, answer no.

114. Does your staff attend TFS training sessions held by EOCN or Supervisory Authorities?

What this means: This asks whether your staff receives training on Terrorist Financing Sanctions (TFS) from relevant authorities.
How to answer: If your staff attends these training sessions, answer yes. If not, answer no.

115. Do you verify that the TF and PF Risk Assessments are kept up to date?

What this means: This asks if you regularly update your risk assessments related to Terrorist Financing (TF) and Proliferation Financing (PF).
How to answer: If you regularly update these risk assessments, answer yes. If not, answer no.

116. Do you perform sanction screening?

What this means: This asks whether you check transactions and customers against lists of individuals and entities that are subject to sanctions.
How to answer: If you perform sanction screening, answer yes. If not, answer no.

117. How do you perform the sanction screening?

What this means: This asks how you carry out the screening (e.g., using a software system, manual checks, etc.).
How to answer: Provide details of how your screening process works.

118. Do you have a sanctions compliance policy and procedure in place to cover the United Nations Security Council and UAE Local Terrorist List?

What this means: This asks whether your business has formal procedures to ensure compliance with sanctions imposed by the United Nations and the UAE, specifically related to terrorism.
How to answer: If you have written policies and procedures covering these sanctions, answer yes. If not, answer no.

119. Has your establishment ever identified exposure to sanctioned persons/entities (by UN or UAE)?

What this means: This asks whether your business has ever identified that it was dealing with individuals or entities subject to sanctions from the UN or UAE.
How to answer: If you’ve identified any exposure, answer yes and provide details. If not, answer no.

120. Does the Board and Senior Management oversee the implementation of sanctions compliance?

What this means: This asks if senior management and the board of directors are actively involved in ensuring that your business complies with sanctions laws.
How to answer: If they are involved, answer yes. If they are not, answer no.

121. Does your establishment conduct screening upon updates to the Local Terrorist List or United Nations Consolidated List before onboarding new customers, during KYC reviews, and before conducting any type of transactions (including dual-use goods)?

What this means: This asks if you screen customers and transactions for sanctions compliance every time there is an update to the terrorist lists, before starting any business relationship, and during reviews.
How to answer: If you conduct these checks every time there is an update, answer yes. If not, answer no.

122. Does your establishment freeze or suspend, without delay (within 24 hours), all funds or other assets upon identification of confirmed or potential matches and refrain from providing any services?

What this means: This asks whether your business immediately freezes or suspends assets and stops services if a match is found with a sanctioned person or entity.
How to answer: If you do this within 24 hours, answer yes. If not, answer no.

123. Does your establishment report confirmed/potential matches on UAE Local Terrorist List or UN Consolidated List within five business days from implementing freezing/suspending measures?

What this means: This asks whether you report any confirmed or potential matches against the sanctioned lists within five business days after freezing or suspending the assets.
How to answer: If you report within five business days, answer yes. If not, answer no.

124. Do you screen the customer, Beneficial Owners, beneficiaries, and controlling persons, to screen for the applicability of targeted or other international financial sanctions, and, particularly in higher-risk situations, to identify any potentially adverse information such as criminal history while conducting the transaction?

What this means: This asks if you check the customers, their owners, and beneficiaries against financial sanctions, especially in higher-risk cases, and whether you look for any harmful or criminal history.
How to answer: If you conduct these checks, answer yes. If not, answer no.

125. Do you have a name screening system? If yes, what is the name of the system?

What this means: This asks if you have a system that checks customer names against lists of sanctioned individuals and entities.
How to answer: If you use a name screening system, answer yes and provide the name of the system. If not, answer no.

126. Do you have a tactical/manual alternative process in place to add any missing names to the screening list if there is a delay in external lists (e.g., vendor-provided lists) being updated?

What this means: This asks whether you have a backup method to add names to the screening process if there are delays in getting updated sanctioned lists from external vendors.
How to answer: If you have a manual or alternative process, answer yes. If not, answer no.

127. Do you conduct screening on the following: Existing customer databases?

What this means: This asks if you screen your existing customer database for compliance with sanctions or other financial regulations.
How to answer: If you screen existing customer databases regularly, answer yes. If not, answer no.

128. Do you conduct screening on the following: Potential customers before conducting any transactions or entering a business relationship with any person?

What this means: This asks if you screen potential customers before starting any transactions or establishing business relationships.
How to answer: If you screen potential customers, answer yes. If not, answer no.

129. Do you conduct screening on the following: Names of parties to any transactions (e.g., buyer, seller, agent, freight forwarder, etc.)?

What this means: This asks if you screen the names of all parties involved in a transaction, including buyers, sellers, and other agents.
How to answer: If you screen all parties to a transaction, answer yes. If not, answer no.

130. Do you conduct screening on the following: Ultimate Beneficial Owners (both natural and legal)?

What this means: This asks if you check the ultimate owners of companies, including both individuals (natural persons) and other companies (legal persons), against sanction lists.
How to answer: If you conduct these checks, answer yes. If not, answer no.

131. Do you conduct screening on the following: Names of individuals, entities, or groups with direct or indirect relationships with designated persons?

What this means: This asks if you screen individuals, companies, or groups that are connected to those on the sanction lists.
How to answer: If you screen these individuals or groups, answer yes. If not, answer no.

132. Do you conduct screening on the following: Directors and/or agents acting on behalf of customers (including individuals with power of attorney)?

What this means: This asks if you screen directors and agents acting on behalf of customers, especially those with authority like power of attorney.
How to answer: If you screen them, answer yes. If not, answer no.

133. Do you maintain records of all screening results (negative, false positive, potential, and confirmed matches) for a period of at least five years?

What this means: This asks if you keep records of all screening results, whether they are positive, negative, or false positives, for at least five years.
How to answer: If you keep these records for at least five years, answer yes. If not, answer no.

134. Do you conduct screening on trade-based transactions that may involve dual-use goods against the UAE Control Lists?

What this means: This asks whether you screen trade transactions that could involve goods that are used for both civilian and military purposes (dual-use goods) against the UAE’s controlled goods lists.
How to answer: If you screen such transactions, answer yes. If not, answer no.

135. Do you lift freezing measures, without delay (within 24 hours), on all funds or other assets upon receiving notice of de-listing of designated persons from EO Notification System or upon receiving communication from EOCN on goAML?

What this means: This asks if you immediately unfreeze assets when you are notified that a person or entity has been removed from the sanctions list.
How to answer: If you lift the freezing measures within 24 hours, answer yes. If not, answer no.

136. Does the institution have clearly documented guidelines on the Sanction Screening obligations/reporting?

What this means: This asks whether you have written guidelines that explain your obligations for sanction screening and reporting.
How to answer: If you have documented guidelines, answer yes. If not, answer no.

137. Does the institution have a procedure in place to screen the customer database immediately after a list update from the Regulator?

What this means: This asks whether your business screens the customer database right after receiving an update to the sanctions list from the regulatory body.
How to answer: If you do this, answer yes. If not, answer no.

138. Does your AML Compliance procedure specify how to apply directives of Competent Authorities for implementing UN Security Council decisions under Chapter 7 of the UN Convention for the Prohibition and Suppression of Terrorist Financing and Proliferation?

What this means: This asks whether your procedures include specific steps to comply with UN Security Council directives related to terrorist financing and proliferation.
How to answer: If your procedures cover these steps, answer yes. If not, answer no.

139. Do you screen the customer database including Beneficial Owners, beneficiaries, and controlling persons, to screen for the applicability of targeted or other international financial sanctions, and, particularly in higher-risk situations, to identify any potentially adverse information such as criminal history? What is the frequency of such exercise?

What this means: This asks if you check customers and their related parties against international financial sanctions, especially for high-risk customers, and if you look for any adverse information like criminal records. It also asks how often you do this.
How to answer: If you conduct these checks regularly, answer yes and provide the frequency (e.g., monthly, quarterly). If not, answer no.

140. Do you conduct adequate internal training and awareness on TFS obligations and sanctions evasion typologies to relevant staff and senior management (e.g., MLROs, Front Desk Staff, Relationship Managers, Compliance Officers, etc.)?

What this means: This asks if you train relevant staff on the obligations related to Terrorist Financing Sanctions (TFS) and how to recognize attempts to evade sanctions.
How to answer: If you provide this training, answer yes. If not, answer no.

141. Does the company classify its customers according to risks?

What this means: This asks if your company categorizes its customers based on the level of risk they may pose for money laundering or financing of terrorism. High-risk customers might include politically exposed persons (PEPs) or customers from high-risk countries.
How to answer: If your company classifies customers based on risk factors, answer yes. If not, answer no.

142. If yes, is the risk assessment process automated or manual or a combination of both?

What this means: This asks whether the process of assessing customer risk is done manually by staff, automatically through software, or a mix of both.
How to answer: If your company uses automation, answer automated and provide the name of the system used. If it’s done manually, answer manual. If both methods are used, answer combination.

143. If automated, please provide the name of the system used.

What this means: This is a follow-up question asking for the specific system your company uses to automate customer risk assessment, if applicable.
How to answer: If your company uses an automated system, provide the name of the software or system. If you use a manual or combination process, leave this question blank.

144. Does the establishment conduct ongoing Enhanced Due Diligence (EDD) for high-risk customers?

What this means: This asks whether your company conducts more thorough checks (Enhanced Due Diligence) for high-risk customers on an ongoing basis, as opposed to standard checks.
How to answer: If your company performs ongoing Enhanced Due Diligence regularly for high-risk customers, answer yes. If not, answer no.

145. Does your establishment have checks in place to identify PEPs (Politically Exposed Persons)?

What this means: This asks whether your company has procedures or systems to identify individuals who may be PEPs, which include foreign officials, senior government officials, or their close family members and associates.
How to answer: If you have processes in place to identify PEPs, answer yes. If not, answer no.

146. Does the Senior Management review and approve the PEP clients?

What this means: This asks whether your senior management team is involved in reviewing and approving customers identified as PEPs to ensure appropriate checks and balances are in place.
How to answer: If senior management reviews and approves PEP clients, answer yes. If not, answer no.

147. Does the institution maintain minimum KYC (Know Your Customer) standards for customers?

What this means: This asks whether your company has established and follows basic standards for verifying the identity of customers (Know Your Customer), such as collecting necessary documentation and information.
How to answer: If your company has these KYC standards in place, answer yes. If not, answer no.

148. Does the establishment conduct Customer Due Diligence (CDD)?

What this means: This asks whether your company follows a process to verify the identity of customers and assess potential risks related to money laundering or terrorism financing before establishing a business relationship.
How to answer: If your company follows a CDD process, answer yes. If not, answer no.

149. Do you identify the customer, Beneficial Owner/s, beneficiaries, and controlling persons before dealing with the customer?

What this means: This asks whether you identify the actual individuals behind a customer (i.e., the owners, beneficiaries, and people who control the business) before beginning any transactions or business relationship.
How to answer: If your company identifies these individuals as part of your CDD process, answer yes. If not, answer no.

150. Do you collect the source of funds or income for physical cash transactions?

What this means: This asks whether you collect information about where a customer’s money comes from if they make a large cash transaction.
How to answer: If you collect this information, answer yes. If not, answer no.

151. Does your establishment verify the identification documents of clients using reliable and independent information in all applicable cases?

What this means: This asks if you check customers’ identity documents against reliable, independent sources to ensure they are valid and trustworthy.
How to answer: If you verify documents in all applicable cases, answer yes. If not, answer no.

152. Do you apply CDD measures while customers carry out occasional transactions equal to or exceeding AED 55,000, whether the transaction is carried out in a single transaction or in several transactions that appear to be linked?

What this means: This asks whether you apply Customer Due Diligence for transactions that are equal to or exceed AED 55,000, whether the amount comes from one transaction or several related transactions.
How to answer: If you apply CDD measures for these transactions, answer yes. If not, answer no.

153. How frequently is the client’s KYC file and documents updated?

What this means: This asks how often you update the Know Your Customer (KYC) information for each client to keep it current.
How to answer: Answer with the frequency of updates (e.g., annually, bi-annually, whenever there are changes). If no regular updates are made, answer never or as needed.

154. Do you identify third parties acting on behalf of the customer?

What this means: This asks whether you identify and verify any third parties who are acting on behalf of the customer in a transaction (e.g., someone with power of attorney).
How to answer: If you identify and verify third parties, answer yes. If not, answer no.

155. Do you perform additional due diligence when there is a suspicion on previously obtained data?

What this means: This asks whether you take extra steps to verify the information you have obtained from the customer if you suspect something is wrong or if new risks appear.
How to answer: If you do additional checks in such cases, answer yes. If not, answer no.

156. How does the staff collect and record the information from the customer?

What this means: This asks how your staff gathers and documents customer information (e.g., through forms, digital systems, or interviews).
How to answer: Answer with the methods your staff uses (e.g., through paper forms, digitally via CRM system, interviews, or a combination of these).

157. Do you gather details on the ownership structure of companies and establishments, including those who hold significant ownership (25% or more) and any natural person who ultimately controls them, even if ownership is hidden through other companies or people?

What this means: This asks if you collect detailed information on the ownership structure of companies, including identifying individuals who own 25% or more or control the company, even if this ownership is hidden behind other entities.
How to answer: If you gather this information, answer yes. If not, answer no.

158. Do you hold the execution of business deals or transactions until the verification of the identity is completed?

What this means: This asks if you delay transactions or business deals until you have verified the customer’s identity.
How to answer: If you delay transactions until identity verification is complete, answer yes. If not, answer no.

159. Do you engage any third party to carry out any of the AML/CFT functions of your entity?

What this means: This asks whether your company uses any external third-party services to carry out Anti-Money Laundering (AML) or Countering the Financing of Terrorism (CFT) functions.
How to answer: If you use third parties for any AML/CFT-related tasks, answer yes. If not, answer no.

160. If yes, do you have measures in place to ensure that the third party adheres to the CDD measures towards customers and record-keeping provisions of the present laws and regulations?

What this means: This asks if you ensure that any third parties you use for AML/CFT functions follow the same CDD processes and record-keeping rules as required by law.
How to answer: If you have measures to ensure third parties comply, answer yes. If not, answer no.

161. Do you obtain an understanding of the intended purpose and nature of the Business Relationship, as well as, in the case of legal persons or arrangements, of the nature of the customer’s business and its ownership and control structure?

What this means: This asks whether you understand why a customer wants to establish a business relationship and, for companies, whether you understand the nature of their business and their ownership structure.
How to answer: If you gather this information, answer yes. If not, answer no.

162. Do you collect and input data for all customers and keep the same updated on an ongoing basis?

What this means: This asks whether you collect data for all customers and ensure that it is continuously updated.
How to answer: If you keep customer data updated regularly, answer yes. If not, answer no.

163. Does the institution maintain minimum KYC (Know Your Customer) standards for customers?

What this means: This asks whether your institution has minimum standards for verifying the identity and background of customers.
How to answer: If your institution has these standards, answer yes. If not, answer no.

164. Do you establish or maintain any customer or business relationship or execute any business deal when you are unable to complete risk-based CDD measures for the customer?

What this means: This asks whether your company will establish or continue a business relationship if you are unable to fully assess the customer’s risk through CDD measures.
How to answer: If you do not proceed without completing CDD, answer no. If you proceed under certain conditions, answer yes.

165. Do you ensure that documents, data, or information collected under the CDD process is kept up-to-date and relevant, by undertaking reviews of existing records, particularly for higher-risk categories of customers?

What this means: This asks whether you review and update customer data regularly, especially for high-risk customers, to ensure it remains relevant and accurate.
How to answer: If you regularly update and review customer data, answer yes. If not, answer no.

166. Have you rejected any prospective new customers due to unsatisfactory Customer Due Diligence during the assessment period?

What this means: This asks whether your company has turned away potential customers because their identity or background checks didn’t meet your standards.
How to answer: If you have rejected any prospective customers, answer yes. If not, answer no.

167. If Yes, please list the number of rejected prospective customers due to the following reasons:

  * Proliferation Financing Risk (PF): Rejections based on concerns related to financing weapons or goods related to weapons of mass destruction.
  * Business Risk: Rejections due to business-related risks, such as concerns about the legitimacy or stability of the business.
  * Criminality: Rejections based on findings of criminal activity or involvement.
  * Incorrect Documents: Rejections due to fraudulent or invalid identification documents.
  * PEP/FPEP (Politically Exposed Persons/Family Members): Rejections based on the person being a politically exposed individual or related to such an individual.
  * STR/SAR (Suspicious Transaction Report/Suspicious Activity Report): Rejections due to suspected involvement in illegal activities flagged by your system.
  * UN/UAE Sanctions: Rejections due to the customer being listed on UN or UAE sanctions lists.
  * Other International Sanctions (e.g., OFAC, EU, HMT): Rejections based on being listed on other international sanctions lists (e.g., US, EU, UK).
  * Non-Cooperative: Rejections based on the customer’s unwillingness to cooperate with required procedures or requests.
  * Any Other Reasons Not Specified Above: Rejections due to other reasons not covered in the above categories.

What this means: This section asks for detailed reasons why customers were rejected. You need to list the number of rejections under each specific category.
How to answer: Provide the number of rejections for each of the listed categories or enter 0 if there were none for that category. If no prospective customers were rejected, leave it blank or enter NA.

168. If your answer to the above question is Yes, please provide sample case studies (1 or 2) for rejections based on unsatisfactory Customer Due Diligence; else please enter NA.

What this means: If your company has rejected customers based on poor CDD, you are asked to provide one or two examples to illustrate why and how those customers were rejected.
How to answer: Provide one or two real-life examples of customer rejections, detailing the reasons and process for rejecting them. If no rejections occurred, enter NA.

169. Have you terminated any existing customers due to unsatisfactory Customer Due Diligence during the fiscal year?

What this means: This asks whether your company has ended any existing customer relationships because of poor CDD or risk factors that could not be resolved.
How to answer: If you have terminated any customers, answer yes. If not, answer no.


170. If Yes, please list the number of terminations of existing customers for the following reasons:

  * Proliferation Financing Risk (PF): Terminations based on financing risks related to weapons or other controlled goods.
  * Business Risk: Terminations due to concerns about the business’s legitimacy or risk of failure.
  * Criminality: Terminations based on criminal activity.
  * Incorrect Documents: Terminations because the customer provided invalid or false documents.
  * PEP/FPEP (Politically Exposed Persons/Family Members): Terminations because the customer or their family members are considered politically exposed.
  * STR/SAR (Suspicious Transaction Report/Suspicious Activity Report): Terminations related to suspicions of illegal or unusual activity.
  * UN/UAE Sanctions: Terminations due to the customer being subject to UN or UAE sanctions.
  * Other International Sanctions: Terminations based on the customer being subject to sanctions from other countries or organizations.
  * Non-Cooperative: Terminations based on the customer’s refusal to cooperate with AML/CFT requirements.
  * Any Other Reasons Not Specified Above: Terminations due to reasons not covered in the above categories.

What this means: This section asks for a detailed breakdown of why existing customers were terminated.
How to answer: Provide the number of terminations for each of the listed reasons. If there were no terminations, enter 0 or leave the section blank.

171. If your answer to the above question is Yes, please provide sample case studies for terminations based on unsatisfactory Customer Due Diligence; else please enter NA.

What this means: If customers were terminated due to poor CDD, you are asked to provide examples or case studies for illustration.
How to answer: Provide real-life examples of customers who were terminated, along with reasons for termination. If no terminations occurred, enter NA.

172. Does your establishment have an independent audit function to test the effectiveness and adequacy of internal policies, controls, and procedures relating to combating crime?

What this means: This asks whether your company has a separate audit team or function that regularly reviews and evaluates the effectiveness of your internal policies to prevent crime, including money laundering and terrorism financing.
How to answer: If you have an independent audit function, answer yes. If not, answer no.

173. Provide the frequency of the internal audit function.

What this means: This asks how often the independent audit function reviews the company’s internal policies and controls.
How to answer: Provide the frequency (e.g., quarterly, annually, or bi-annually).

174. Provide the last independent audit report issued date.

What this means: This asks for the date of the most recent independent audit report.
How to answer: Provide the date of the last audit report.

175. Is the Independent Audit function outsourced to a third party?

What this means: This asks whether the independent audit function is performed by an external company or handled in-house.
How to answer: If you outsource the audit to a third party, answer yes. If it’s handled internally, answer no.

176. If yes, provide the name of the company.

What this means: If the independent audit is outsourced, this asks for the name of the external company providing the audit services.
How to answer: Provide the name of the third-party company if applicable. If the audit function is not outsourced, enter NA.

177. Do the Board and Senior Management receive regular AML/CFT and Internal Audit reports?

What this means: This asks whether the Board and Senior Management are regularly updated on the company’s efforts to prevent money laundering, terrorism financing, and any internal audits related to these efforts.
How to answer: If the Board and Senior Management receive these reports regularly, answer yes. If not, answer no.

178. Does the Board and Senior Management ensure that observations from the Internal and external audits are addressed accordingly?

What this means: This asks if the Board and Senior Management take action on any issues or recommendations raised in audit reports.
How to answer: If the Board and Senior Management ensure that audit observations are addressed, answer yes. If not, answer no.

179. Has there been any specific issues highlighted in Internal Audit reports due to the lack of controls in the AML/CFT program?

What this means: This asks whether any internal audit reports have identified specific problems or weaknesses in the company’s anti-money laundering (AML) or counter-financing of terrorism (CFT) controls.
How to answer: If internal audits have highlighted specific issues, answer yes and provide examples. If there have been no such issues, answer no.

180. Are the Owner(s)/Board of Directors/Senior Management of the company involved in AML/CFT and PF decision-making?

What this means: This asks if the company’s owners, board members, and senior management play a role in making decisions related to preventing money laundering (AML), terrorism financing (CFT), and proliferation financing (PF).
How to answer: If they are involved, answer yes. If they are not, answer no.

181. Does your establishment maintain AML/CFT and PF Policies and Procedures?

What this means: This asks whether your company has documented policies and procedures in place to prevent money laundering, terrorism financing, and proliferation financing.
How to answer: If your company has such policies, answer yes. If not, answer no.

182. Are policies and procedures proportional to the risk of crime and the nature and volume of your business?

What this means: This asks whether the AML/CFT and PF policies are appropriate given the level of risk your business faces, considering the type of business you conduct and how much business you do.
How to answer: If your policies match the risk level of your business, answer yes. If they do not, answer no.

183. How frequently are the policies and procedures updated?

What this means: This asks how often your AML/CFT and PF policies are reviewed and updated to ensure they remain effective.
How to answer: Provide the frequency (e.g., annually, quarterly, as needed).

184. Are your policies and procedures approved by the Board and Senior Management?

What this means: This asks whether your Board and Senior Management formally approve the AML/CFT and PF policies and procedures.
How to answer: If these policies have been approved by the Board and Senior Management, answer yes. If not, answer no.

185. Has the policy been circulated to all employees and are all employees aware of this policy?

What this means: This asks whether all employees have received the AML/CFT and PF policies and are aware of them.
How to answer: If the policies have been shared with all employees, answer yes. If not, answer no.

186. Does your AML/CFT Manual make specific reference to proliferation financing (PF)?

What this means: This asks whether your AML/CFT manual includes policies and procedures specifically addressing proliferation financing (PF).
How to answer: If PF is addressed in your manual, answer yes. If not, answer no.

187. Does the establishment keep records for at least 5 years, including CDD, EDD documents, transaction records, training records, SAR/STR (Suspicious Activity Report/Suspicious Transaction Report) records, and screening results (false positive, potential, and confirmed matches)?

What this means: This asks if your company keeps all relevant AML/CFT documentation (e.g., customer due diligence, training records, suspicious reports) for at least five years, as required by law.
How to answer: If your company keeps these records for at least five years, answer yes. If not, answer no.

188. Do you maintain a register of all suspicious transaction/activity reports made to the FIU, as well as all reports made by employees to the MLRO, including those where a decision is made by the MLRO not to report to the FIU?

What this means: This asks whether your company keeps a log of all suspicious transaction/activity reports submitted to the Financial Intelligence Unit (FIU), and internal reports made to the Money Laundering Reporting Officer (MLRO), including cases where the MLRO decides not to report to the FIU.
How to answer: If you maintain such a register, answer yes. If not, answer no.

189. Do you maintain a log of exited/terminated relationships and rejected business relationships?

How to answer: If such a log is maintained, answer yes. If not, answer no.

What this means: This asks whether your company keeps records of customers whose relationships were ended or rejected due to AML/CFT concerns.

190. Do you perform the ML/TF/PF business risk assessment annually and while introducing new products and services?

What this means: This asks whether your company performs a business risk assessment for money laundering, terrorism financing, and proliferation financing at least annually, and when launching new products or services.
How to answer: If the company performs such assessments, answer yes. If not, answer no.

191. Did your establishment carry out and document an internal risk assessment to understand financial crime risk? And update the same periodically?

What this means: This asks whether your company conducts an internal risk assessment to evaluate its exposure to financial crime, and if it regularly updates that assessment.
How to answer: If such an assessment is performed and updated, answer yes. If not, answer no.

192. Does the risk assessment consider the results of the National Risk Assessment?

What this means: This asks whether your company’s internal risk assessment takes into account findings from the National Risk Assessment, which evaluates overall risks of money laundering and terrorism financing in the country.
How to answer: If the National Risk Assessment is considered, answer yes. If not, answer no.

193. Does the risk assessment cover all the factors (Customer / Product & service / Delivery channel / Geography)?

What this means: This asks whether the risk assessment evaluates the risk factors for customers, products/services, delivery methods, and geographical areas.
How to answer: If all these factors are covered, answer yes. If not, answer no.

194. Do you document, review, and evaluate your ML/TF/PF business risk assessment, including analysis, models, and methodologies periodically, maintain updated documents, and make them available to the Ministry of Economy upon request?

What this means: This asks whether your company keeps a record of the risk assessment, reviews it periodically, and ensures it’s available for the Ministry of Economy upon request.
How to answer: If you follow these practices, answer yes. If not, answer no.

195. Has your entity registered with the goAML system of the Financial Intelligence Unit?

What this means: This asks whether your company is registered with goAML, the system used for reporting suspicious transactions to the Financial Intelligence Unit (FIU).
How to answer: If your company is registered with goAML, answer yes. If not, answer no.

196. Are all contact details in your goAML profile up to date?

What this means: This asks whether the contact information in your goAML profile is current and accurate.
How to answer: If the contact details are up to date, answer yes. If not, answer no.

197. Do you know how to report suspicious transactions through the goAML system?

What this means: This asks whether you and your staff know how to use the goAML system to report suspicious transactions to the FIU.
How to answer: If you know how to report, answer yes. If not, answer no.

198. What is the average time taken to analyze your suspicious operations before submitting reports to the FIU?

What this means: This asks for the average number of days it takes for your company to analyze suspicious transactions before submitting a report to the Financial Intelligence Unit (FIU).
How to answer: Calculate the average number of days it takes to analyze suspicious activities. For example, The average time is 5 days or It takes approximately 7 days.

199. Upon filing an STR report to FIU, do you conduct an appropriate review of the business relationship, irrespective of any subsequent feedback provided by the FIU, and apply appropriate risk-mitigating measures?

What this means: This asks if your company reviews the business relationship after submitting a suspicious transaction report (STR), even if the FIU provides no feedback, and whether your company applies risk-mitigating measures if necessary.
How to answer: If your company conducts such reviews, answer yes. If not, answer no.

200. If customer due diligence measures cannot be completed, is a report on suspicious activity submitted to the FIU?

What this means: This asks if your company submits an STR to the FIU when customer due diligence (CDD) cannot be completed.
How to answer: If your company submits an STR in such cases, answer yes. If not, answer no.

201. Have you identified any transactions or attempted transactions related to tax evasion or fraud related to shipping, customs, or payments to facilitate transactions for proliferation financing?

What this means: This asks whether your company has identified transactions related to illegal activities like tax evasion, fraud, or proliferation financing (e.g., illegal shipping or payments).
How to answer: If you have identified such transactions, answer yes and provide specific examples. If not, answer no.

202. Has your establishment ever reported any suspicious transactions/activities to the UAE Financial Intelligence Unit (FIU)?

What this means: This asks whether your company has ever filed a suspicious transaction/activity report (STR/SAR) to the UAE FIU.
How to answer: If you have submitted STRs/SARs, answer yes and specify the number of reports filed. If not, answer no.

203. Has your establishment created and documented red-flags to provide reasonable grounds for reporting suspicious transactions?

What this means: This asks if your company has developed and documented specific red-flag indicators that would suggest a transaction might be suspicious.
How to answer: If red-flag indicators have been documented, answer yes. If not, answer no.

204. Does your establishment have a process in place to monitor and report suspicious transactions?

What this means: This asks whether your company has an established process for monitoring transactions and reporting suspicious activities to the FIU.
How to answer: If your company has such a process, answer yes. If not, answer no.

205. Does the compliance officer review red flags and suspicious transactions?

What this means: This asks whether the compliance officer is responsible for reviewing red flags and suspicious transactions.
How to answer: If the compliance officer reviews these, answer yes. If not, answer no.

206. Does the Compliance Officer or MLRO (Money Laundering Reporting Officer), or Deputy MLRO file a suspicious transaction/activities report to the FIU within acceptable timelines?

What this means: This asks if the compliance officer, MLRO, or Deputy MLRO files the STR/SAR reports in a timely manner.
How to answer: If they file reports on time, answer yes. If not, answer no.

207. Does your STR/SAR reporting policies and procedures include internal reporting of SARs/STRs by employees to the Compliance Officer?

What this means: This asks whether your policies ensure that employees report suspicious transactions to the Compliance Officer.
How to answer: If your policies include this, answer yes. If not, answer no.

208. Do you scrutinize transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the DNFBP’s knowledge of the customer, their business and risk profile, including where necessary, the source of funds?

What this means: This asks whether your company continuously monitors transactions to ensure they align with what is known about the customer’s business and risk profile, including the source of funds.
How to answer: If this scrutiny is performed, answer yes. If not, answer no.

209. Do you have measures to ensure the confidentiality of information that is uploaded or provided to the FIU?

What this means: This asks whether your company takes steps to ensure that information shared with the FIU is kept confidential.
How to answer: If measures are in place to ensure confidentiality, answer yes. If not, answer no.

210. Do you have a proper mechanism to provide additional information and documentation to FIU within the timeframe provided?

What this means: This asks if your company has a mechanism to provide additional information to the FIU within the required timeframe.
How to answer: If you have such a mechanism, answer yes. If not, answer no.

211. Has your business or profession filed any STR/SAR with the UAE FIU?

What this means: This asks whether your company has ever submitted a suspicious transaction/activity report (STR/SAR) to the UAE Financial Intelligence Unit.
How to answer: If you have submitted STRs/SARs, answer yes and specify how many have been filed during the assessment period. If not, answer no.

212. Do you have a process in place for the expedited filing of urgent suspicious transaction/activities reports in appropriate cases?

What this means: This asks if your company has a process for filing STRs/SARs quickly in urgent cases.
How to answer: If such a process exists, answer yes. If not, answer no.

213. Do you document the results of review, any research or analysis performed, and recommend whether an STR or SAR should be filed?

What this means: This asks whether your company documents the results of any research or analysis conducted on suspicious transactions and recommends whether an STR/SAR should be filed.
How to answer: If this is done, answer yes. If not, answer no.

214. Do you define a clear escalation framework for the suspicious transaction indicators within your establishment?

What this means: This asks if your company has a clear process for escalating suspicious transaction indicators.
How to answer: If you have such a framework, answer yes. If not, answer no.

215. Do you conduct and complete investigation of the potential suspicious activity?

What this means: This asks if your company investigates potential suspicious activities thoroughly.
How to answer: If investigations are completed, answer yes. If not, answer no.

216. Are the STR/SAR reports and investigations records confidential and maintained in safekeeping and not accessible to all staff, but only accessible to designated staff?

What this means: This asks whether records of STR/SAR reports and investigations are confidential and only accessible to authorized personnel.
How to answer: If this is the case, answer yes. If not, answer no.

217. Are higher-risk customers subject to more stringent monitoring, such as implementing enhanced due diligence and ongoing monitoring, and more intensive investigation in order to identify potentially unusual or suspicious activities?

What this means: This asks whether higher-risk customers undergo more thorough monitoring and investigation.
How to answer: If higher-risk customers are monitored more closely, answer yes. If not, answer no.

218. Are all decisions to file/not to file suspicious transaction/activities reports documented and signed off by the MLRO or Head of Compliance or their deputy?

What this means: This asks whether the decision to file or not file an STR/SAR is documented and signed by the MLRO or Head of Compliance.
How to answer: If this is the case, answer yes. If not, answer no.

219. Does your establishment have a training program and procedures to make employees aware of tipping off the clients or other parties about monitoring or reporting of a suspicious transaction?

What this means: This asks whether your company has training and procedures to ensure employees know they should not inform customers about monitoring or reporting suspicious transactions.
How to answer: If you have such training, answer yes. If not, answer no.

220. Do you inform your customer, directly or indirectly, when information is requested by the FIU?

What this means: This asks whether your company informs customers when the FIU requests information about them.
How to answer: If you inform customers, answer yes. If not, answer no.

221. Do you inform your customer, directly or indirectly, that a report has been made?

What this means: This asks whether your company tells the customer that an STR/SAR has been filed.
How to answer: If you inform customers, answer yes. If not, answer no.

Disclaimer:

This article is for informational purposes only and should not be construed as financial, legal, or professional advice. The information provided herein is based on general principles and may not be applicable to all situations. The accompanying questionnaire is designed to assist organizations in assessing their current Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) controls and procedures. Responses to the questionnaire should be based on an honest and accurate assessment of the organization’s existing documentation, policies, and procedures. It is crucial to note that this questionnaire does not provide legal or regulatory guidance. Organizations are advised to consult with qualified legal or compliance professionals to ensure full compliance with all applicable laws and regulations.

Contact ProAct Today for Expert AML Consulting Services

ProAct is the leading Anti-Money Laundering (AML) consulting firm in the UAE. We specialize in helping businesses achieve full compliance with strict AML and Counter-Terrorism Financing (CFT) regulations. Our expert team can tailor AML compliance solutions to fit your unique needs, based on the size of your business. From risk assessments and policy development to training and monitoring, we provide comprehensive services to ensure your organization is protected from financial crimes and regulatory fines. Contact us today to learn more about our AML compliance services.

Author Bio:

Written By,

Latest News & Insights

Contact ProAct Today for Expert AML Consulting Services

Ajith Abraham

Leave a Comment Cancel reply

Recent Posts

Recent Comments

Categories