Understanding AML Obligations and Risk Indicators for Real Estate Companies in the UAE
Real Estate & Construction and Hotels & Leisure Focus
Rany RifaatAssociate ,Compliance, Investigations & White-Collar Crime
In recent years, the UAE’s real estate sector has come under heightened scrutiny from regulators seeking to combat money laundering and terrorism financing. As a result, real estate companies, whether brokers, developers, or agents, are now expected to take a proactive role in identifying, mitigating and preventing such risks. This expectation is driven by the fact that the real estate sector inherently presents a higher risk of misconduct, financial crime and fraudulent activity.
As per Federal Decree-Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations (the “AML Law”), and Cabinet Decision No. (10) of 2019 (the “Implementing Regulations”), real estate brokers and agents are expressly classified as Designated Non-Financial Businesses and Professions (DNFBPs) and are directly subject to anti-money laundering and counter-terrorism financing (AML/CTF) compliance obligations. However, property developers and other companies involved in real estate transactions should not assume they are exempt. Even though developers are not explicitly listed under the DNFBP definition, their commercial activities often mirror those of agents, particularly when they sell directly to clients, manage incoming funds, or facilitate transactions without intermediaries. Regulatory guidance encourages a risk-based approach, and best practice indicates that entities with exposure to high-risk transactions are expected to implement preventive measures, regardless of their technical classification.
Real estate companies that fall within the DNFBP category must comply with the following key AML obligations under the Implementing Regulations:
Implement Internal Policies, Controls and Procedures:
DNFBPs must develop and implement internal AML/CTF policies and procedures appropriate to their size, nature and complexity of their operations. These policies should address their key AML obligations including customer due diligence (CDD), ongoing monitoring, record-keeping, suspicious transaction reporting (STR) procedures, sanctions screening, employee training, and governance oversight.
Risk-Based Approach
DNFBPs must adopt a risk-based approach to assessing and mitigating AML/CTF risks. This includes categorising customers by risk level and applying appropriate measures based on the risk profile. Companies should document their risk assessment methodology, and update it regularly to address emerging risks, such as the use of virtual assets or complex cross-border transactions.
Customer Due Diligence (CDD):
DNFBPs must identify and verify clients and beneficial owners prior to establishing a business relationship or executing transactions.
Where a customer is a legal person, entities must identify the natural persons who ultimately own or control the entity (UBOs).
Ongoing monitoring of business relationships and transactions to ensure consistency with the customer’s risk profile and source of funds.
Enhanced due diligence is required for high-risk customers, including politically exposed persons (PEPs) and customers from high-risk jurisdictions.
Suspicious Transaction Reporting (STR)
Where there are reasonable grounds to suspect that a transaction or attempted transaction involves criminal proceeds or is linked to money laundering or terrorist financing, an STR must be promptly filed with the UAE Financial Intelligence Unit (FIU). Importantly, it is a criminal offence to tip off the customer or a third party that an STR has been filed.
Appointment of a Money Laundering Reporting Officer (MLRO)
DNFBPs must appoint a suitably qualified MLRO, responsible for overseeing the AML/CTF framework, submitting STRs and liaising with the competent authorities. The MLRO should have direct access to senior management and be involved in key business decisions that may impact the company’s exposure to financial crime risk.
Sanctions Screening
DNFBPS must conduct real-time screening of clients as part of the CDD/KYC process against the UAE Local Terrorist List and the UN Consolidated List.
DNFBPs must implement freezing measures for matches identified, and submit the appropriate reports to the UAE FIU, including a Fund Freeze Report and a Partial Name Match Report.
Employee Training and Awareness:
DNFBPs must ensure ongoing AML/CTF training for all relevant employees to ensure familiarity with internal procedures, red flags, and reporting obligations. Training should be refreshed annually and tailored to sector-specific risks.
Record Keeping:
DNFBPs are required to maintain records related to CDD, transactions, and STRs for at least five years after the end of the business relationship or date of the transaction, and these records must be made available to competent authorities upon request.
Real estate companies in the UAE are under growing pressure to demonstrate not just formal AML compliance, but the active and effective implementation of controls in practice.
The UAE FIU has identified several typologies and red flags, which serve as key risk indicators that real estate professionals should be alert to. These include:
Use of third-party intermediaries or proxies, such as relatives or unrelated legal entities, to mask the true owner.
High-value cash transactions or unusually complex financing arrangements, especially from unknown or offshore sources.
Rapid purchases and resales, particularly where property is bought and sold multiple times in a short period.
Clients from high-risk jurisdictions, or those with unclear sources of wealth.
Transactions inconsistent with the customer’s known financial profile or background.
Unusual urgency in completing deals or reluctance to provide standard identification documents.
Such indicators should trigger enhanced scrutiny, and where there are reasonable grounds to suspect the funds may be connected, even in part, to the proceeds of crime, the filing of an STR.
The UAE recently approved the 2024–2027 National Strategy for Anti-Money Laundering, Countering Terrorism Financing, and Proliferation Financing. This strategy focuses on risk-based compliance, effectiveness, and sustainability, in particular relating to transparency in beneficial ownership and the collection and analysis of financial data. For real estate professionals, these changes emphasise the necessity of robust compliance programs and KYC measures which capture the required customer information to mitigate AML risks.
In February 2024, the UAE was removed from the FATF grey list following a series of substantial reforms to its AML/CTF framework, reflecting the UAE’s commitment to international compliance standards. However, this milestone has also led to a significant increase in regulatory scrutiny. Authorities are now actively stepping up enforcement efforts across sectors deemed vulnerable to financial crime, including real estate, in order to preserve the country's improved global reputation.
As a result, there has been an increased focus on ensuring that real estate companies are operating in full compliance with applicable AML obligations. Supervisory bodies are conducting more inspections and issuing fines against non-compliant DNFBPs, including real estate firms. There is now a clear expectation that companies can demonstrate not only formal compliance, but also the active and effective implementation of AML controls in practice.
Failure to comply with the AML obligations can result in serious penalties, including:
Administrative fines ranging from AED 50,000 to AED 5,000,000, depending on the severity of the violation.
Suspension of licenses or business activities
Criminal liability for individuals, including fines and imprisonment.
Reputational damage and loss of access to banking and financial services.
Given the heightened regulatory environment and the clear exposure of the real estate sector to financial crime risks, it is important for companies operating in this sector to assess whether their current AML frameworks are fit for purpose. AML policies should be tailored to the company’s risk profile and must reflect the specific obligations under AML Law and Implementing Regulations. Companies must also ensure they remain informed of key red flags and emerging typologies to reduce the risk of inadvertently becoming involved in money laundering or terrorist financing activities.
For further information,please contact Rany Rifaat, Ibtissem Lassoued, and Khalid Al Hamrani.
Published in June 2025