DNFBPs (Designated Non-Financial Businesses and Professions) are non-bank entities that regulators classify as high-risk for money laundering and terrorist financing due to the nature of their activities.
Under UAE AML regulations, DNFBPs are treated as gatekeepers of the financial system — meaning they are expected to prevent illicit funds from entering the economy before those funds ever reach a bank.
This is why KYC obligations for DNFBPs are strict, documented, and inspection-driven.
DNFBPs typically deal with:
High-value assets
Cash-intensive transactions
Complex ownership structures
Cross-border clients
Politically exposed persons (PEPs)
From a regulator’s perspective, DNFBPs:
Are often the first point of contact
Can unknowingly facilitate money laundering
Must apply bank-level KYC discipline, adapted to their business model
Failure to do so leads to:
Regulatory findings
Monetary penalties
Licence suspension risk
Mandatory remediation programs
| DNFBP Category | Example Activities |
|---|---|
| Dealers in precious metals & stones | Gold, diamonds, jewellery |
| Real estate brokers & developers | Property sale, leasing |
| Auditors & accountants | Financial reporting, advisory |
| Lawyers & legal consultants | Corporate structuring |
| Company service providers | Company formation, UBO services |
| Trust & corporate service providers | Ownership structuring |
| Dealers in high-value goods | Cash-intensive trading |
| Virtual asset service providers | Crypto exchanges, wallets |
If your business falls into any of these categories, KYC is mandatory.
Unlike banks (which rely heavily on automated systems), DNFBPs are expected to maintain clear, auditable, document-based KYC frameworks.
DNFBPs must identify:
Individuals
Corporate customers
Beneficial owners
Authorized signatories
This includes collecting:
Full legal names
Nationality
Address
Business activity
Ownership details
Documents must be:
Valid
Current
Verifiable
Retained properly
| Customer Type | Verification Documents |
|---|---|
| Individual | Passport, Emirates ID |
| UAE company | Trade licence, MOA |
| Foreign company | Incorporation documents |
| Authorized signatory | POA, ID documents |
| UBO | Passport + ownership proof |
UBO identification is one of the most critical inspection points.
DNFBPs must:
Identify natural persons owning or controlling the customer
Understand ownership chains
Maintain an updated UBO register
Failure to identify UBOs is treated as a serious compliance breach.
Every DNFBP must apply a risk-based approach.
Customers must be classified as:
Low risk
Medium risk
High risk
| Risk Factor | Example |
|---|---|
| Geography | High-risk jurisdictions |
| Transaction type | Cash / crypto |
| Business activity | Precious metals |
| Ownership | Complex structures |
| PEP involvement | Politically exposed |
Risk assessments must be:
Documented
Justified
Periodically reviewed
DNFBPs must screen customers against:
UN sanctions lists
Terrorist lists
Politically Exposed Persons (PEPs)
Screening must be:
Performed at onboarding
Re-performed periodically
Documented with evidence
EDD is mandatory when higher risk is identified.
Cash payments above AED 55,000
Virtual asset exposure
PEP relationships
High-risk countries
Unusual transaction patterns
| Trigger | Required Action |
|---|---|
| PEP involved | Senior approval |
| Large cash deal | Source of funds |
| Crypto transactions | Additional controls |
| Complex ownership | Deeper verification |
| Foreign structures | Enhanced checks |
Jewellers are considered high-risk DNFBPs.
Additional expectations include:
Cash transaction monitoring
goAML registration
Staff AML training
Suspicious transaction reporting
Internal AML audits
Real estate DNFBPs must:
Verify buyers and sellers
Identify source of funds
Monitor high-value transactions
Report suspicious activities via goAML
Professional service DNFBPs are expected to:
Understand client structures
Identify UBOs
Assess misuse risk
Avoid facilitating shell structures
| Failure | Regulatory Impact |
|---|---|
| No KYC forms | Major finding |
| Missing risk assessment | Non-compliance |
| No sanctions screening | Penalty risk |
| Outdated documents | Adverse report |
| No AML policy | Serious violation |
| No goAML registration | Enforcement action |
DNFBPs must:
Register on the goAML platform
Appoint a Compliance Officer
Report suspicious transactions
Retain supporting KYC documentation
Without proper KYC:
goAML reporting is ineffective
Suspicion cannot be justified
Inspections fail
At Cortax Accounting & Tax Services, we specialize in DNFBP AML & KYC compliance, helping businesses meet regulatory expectations without disrupting operations.
Our DNFBP services include:
KYC framework setup
DNFBP-specific KYC forms
Risk assessment models
UBO identification & registers
Sanctions & PEP screening
goAML registration & reporting
Inspection and audit support
