Home/News/User Verification/Customer Due Diligence in UAE

Customer Due Diligence in UAE

Mohammad HumaidPublished at: February 19, 2025 Updated at: February 20, 2025

Customer Due Diligence (CDD) forms the foundation of AML compliance in the UAE. It involves identifying customers, verifying their identities, and assessing risks to prevent financial crimes like money laundering and terrorist financing.

This guide outlines the UAE’s regulatory framework, CDD processes in UAE, and best practices for businesses, particularly Designated Non-Financial Businesses and Professions (DNFBPs), to maintain compliance.

What is Customer Due Diligence in UAE?

Customer due diligence in UAE refers to the process by which organizations identify, verify, and assess the potential risks posed by customers before establishing a business relationship. By performing CDD in UAE, companies can:

Confirm the authenticity of customer identification documents.
Evaluate the customer’s money laundering or terrorist financing risk.
Determine the level of scrutiny necessary throughout the business relationship.

These steps are vital for ensuring that businesses remain compliant with both local and international AML regulations.

What is CDD in the KYC process under UAE regulations?

Even though KYC and CDD are interconnected, there is a slight difference in the purpose they serve. Here is the key difference between KYC and CDD.

KYC = “Are you real?”
CDD = “Are you risky?”

Now let’s break it down using real-world examples you might encounter:

1. KYC = "Who Are You?"

What it means: KYC means

Verify identity: Collect and check documents like Emirates ID, passport, or trade license.
Basic checks: Confirm the customer is who they claim to be.
KYC Example: A Dubai bank asks a new customer for their Emirates ID and proof of address (e.g., DEWA bill) to open an account. This is KYC

Read more: KYC Verification Process in UAE

2. CDD = "What’s Your Story?"

What it means: CDD goes beyond KYC to answer:

Risk level: Is this customer high-risk (e.g., a PEP, cash-heavy business)?
Transaction purpose: Does buying AED 2M in gold align with their job as a teacher?
Ongoing monitoring: Are their transactions suddenly suspicious?

CDD Example: The same Dubai bank notices the teacher frequently receives large wire transfers from a high-risk country. They dig deeper:

Ask for source of funds (e.g., inheritance documents).
Screen the customer against sanctions lists.
Assign a high-risk rating and monitor transactions monthly. This is CDD.

UAE Regulations Demand Both

Central Bank Rules: Banks and insurers must conduct enhanced CDD for high-risk customers (e.g., PEPs or crypto traders).

Ministry of Economy Guidelines: DNFBPs (e.g., real estate brokers, jewelers) must:

Perform KYC (verify IDs).
Conduct CDD (assess if a $1M cash property purchase matches the buyer’s profile).

Why Does This Matter in the UAE?

Avoid fines: Non-compliance can cost up to AED 5 million under Federal Decree-Law No. 20/2018.
Build trust: Banks in ADGM or DIFC freeze accounts without proper CDD.

When is CDD Required UAE?

Implementing robust customer due diligence in the UAE is essential to protect your business and comply with regulatory standards. CDD must be applied in the following scenarios:

Establishing a Business Relationship: Before onboarding new clients, customer due diligence in UAE must be performed to verify their identities, assess risk profiles, and ensure they meet all compliance requirements. This initial CDD regulation in UAE helps prevent fraudulent activities and protects your organization from potential ML/FT risks.

Opening Accounts: CDD is mandatory prior to opening a bank account or any other type of account where a business relationship is involved. Verification must occur before any transactions are initiated.

Transactions Exceeding Specific Monetary Thresholds: If a customer initiates an occasional transaction that meets or exceeds designated thresholds (for example, transfers of AED 3,500 to AED.54,999 sent or received, CDD measures must be applied.

Suspicious Activity: If there is any suspicion that a customer may be involved in money laundering, terrorist financing, or other financial crimes, enhanced due diligence (EDD) must be undertaken. This is also the case if the identification documents provided are inadequate or appear unreliable.

Periodic Re-assessment and Ongoing Monitoring: Even for existing customers, CDD isn’t a one-off process. Regular monitoring is required, and re‑KYC (re‑verification) should be carried out whenever there is a material change in the customer’s profile, unusual transaction patterns, or new information that suggests a higher risk.

Exceptions to customer due diligence in UAE

Under UAE regulations, CDD exemptions apply in limited cases:

Listed Companies: No need to verify shareholders/UBOs if the entity is on a regulated stock exchange with transparent disclosure practices. The DNFBPs may use independent sources such as Stock Exchange disclosure reports for CDD.
Tip-Off Risks: DNFBPs should stop the CDD process if requesting additional info could alert a suspicious customer. In such circumstances, directly report to the Financial Intelligence Unit (FIU) in UAE without completing the customer identity verification process.

Types of Customer Due Diligence in Emirates

Simplified Due Diligence (SDD):

For low-risk customers (e.g., government entities).
Requires basic identity verification.

Standard Due Diligence:

Applies to most customers.
Verify identity, assess business nature, and transaction purpose.

Enhanced Due Diligence (EDD):

Mandatory for high-risk customers (PEPs, high-risk jurisdictions).
Steps include verifying wealth sources, senior management approval, and rigorous transaction monitoring.

Core Elements of CDD in UAE

Effective customer due diligence in UAE relies on several key components:

1. Know Your Customer (KYC)

The KYC process is the foundation of CDD in UAE. It involves collecting and verifying essential documents to confirm the identity and residential address of individual customers. For corporate clients, KYC extends to verifying trade licenses, incorporation documents, and shareholder information.

KYC safeguards businesses in UAE from unintentionally associating themselves with crimes like money laundering, terrorist financing, and other illicit financial activities.

Documents for Individuals: Emirates ID, passport, utility bills (address proof).
Documents for Corporates: Trade license, MOA, shareholder register, audited financials.

2. Sanctions and PEP Screening

Customer screening is an essential element of customer due diligence in UAE. Financial institutions and DNFBPs must perform an initial screening before onboarding any new customer or when a customer carries out an occasional transaction. Additionally, ongoing screening is required for existing customers prior to executing new transactions.

Cabinet Resolution No. 74 of 2020, which deals with the implementation of Targeted Financial Sanctions (TFS), stipulates that businesses must enforce sanctions measures. These measures include actions such as freezing funds or assets and preventing customers from accessing them, should a designated person be identified.

There are clear guidelines available to assist businesses in conducting efficient and accurate customer screenings. The purpose of these sanctions screening procedures, in line with TFS guidelines, is to determine whether any customer names appear on the following sanction lists:

UAE Local Terrorist List
The UNSC Consolidated List

Using dedicated CDD software like Binderr allows companies to perform real-time checks and take immediate action, such as freezing funds or rejecting high-risk customers.

3. Adverse Media Checks

In today’s digital age, negative information can surface quickly. CDD in UAE often includes adverse media screening, where businesses scour news outlets, social media platforms, and online resources to spot any red flags associated with a customer.

This extra layer of due diligence further minimizes risks and enhances overall AML compliance. Binderr AI powered adverse media check collects negative mentions across the internet and credible media sources for compliance review.

4. Risk Profiling and Assessment

Every customer poses a different level of risk. With customer due diligence in UAE, organizations need to assess factors such as the customer’s business activities, geographical presence, transaction volume, and source of wealth. This risk profiling enables businesses to tailor their due diligence measures, ensuring that low-risk clients are processed quickly while high-risk clients undergo enhanced scrutiny.

5. Enhanced Due Diligence (EDD)

When risk assessments flag a customer as high-risk, businesses must apply enhanced due diligence in UAE. This involves gathering additional documentation, performing in-depth investigations, and obtaining senior management approval before onboarding or proceeding with transactions. EDD is crucial for mitigating risks that standard due diligence processes might miss.

What is Enhanced Due Diligence?

Enhanced Due Diligence (EDD) is a key element of the Customer Due Diligence (CDD) process within the AML framework, particularly during the onboarding of new customers or clients. When risk profiling indicates that a customer is high-risk, businesses in UAE are required to apply additional measures.

This means undertaking more in-depth verifications of the customer’s identity and gathering further supporting information. For regulated companies in UAE, it is crucial to delve deeper into the process, obtaining extra details or conducting further checks to ensure the legitimacy of the customer.

6. Ongoing Monitoring

CDD in UAE is not a one-time activity. Once a customer is onboarded, ongoing monitoring of transactions and customer behavior is essential. This continuous review process helps ensure that the initially assigned risk profile remains valid and that any deviations from normal behavior are promptly addressed.

AML Compliance Requirements in the UAE

Customer due diligence in UAE is at the heart of AML compliance. Businesses—including banks, non‐financial institutions, and designated non‐financial businesses and professionals (DNFBPs)—must perform comprehensive CDD in UAE to verify customer identities, assess risks, and monitor ongoing transactions.

The UAE mandates stringent AML measures under Federal Decree-Law No. 20 of 2018 and subsequent amendments. Key obligations include:

Risk-Based Approach: Tailor controls based on the ML/FT risks posed by customers.
Enterprise-Wide Risk Assessment (EWRA): Evaluate risks across operations and customer interactions.
Appointment of an AML Compliance Officer: Oversee implementation of policies and reporting.
Record-Keeping: Maintain customer and transaction records for at least 5–6 years, depending on jurisdiction.
Reporting Suspicious Activity: File Suspicious Transaction Reports (STRs) or Suspicious Activity Reports (SARs) via the goAML portal.

DNFBPs—including real estate agents, auditors, lawyers, and dealers in precious metals—must adhere to these requirements to mitigate risks and avoid penalties.

The Role of Technology in Enhancing CDD in UAE

Technology plays a pivotal role in modernizing customer due diligence in UAE. Advanced AML software solutions allow you to quickly authenticate customer IDs and other critical documents, screen them against global watchlists, and monitor them in real time.

Binder: All in One Compliance Solution

KYC and ID verification service: Verify users using biometric face recognition technology nad
AI-powered Screening: Continuously checks customer names against global sanctions and watchlists.
Risk assessments: Uses artificial intelligence and machine learning to provide dynamic risk assessments with risk scoring.
Ongoing Monitoring: Detects anomalies and unusual patterns in customer behavior, ensuring that any potential red flags are immediately flagged for further investigation.

By integrating these technological tools, businesses can ensure that their CDD in UAE is not only thorough but also scalable, accommodating both large volumes of transactions and the growing complexity of financial crimes.

Conclusion

In conclusion, customer due diligence in UAE is a critical pillar of AML compliance that protects businesses from financial crime and helps maintain regulatory integrity. By understanding the core elements of CDD in UAE—from robust KYC and sanctions screening to enhanced due diligence and ongoing monitoring, organizations can build a resilient framework that not only complies with the law but also safeguards their reputation.

The evolving regulatory landscape in the UAE demands that businesses remain vigilant and proactive. Embracing advanced technologies and adhering to best practices in CDD in UAE will ensure that companies can navigate complex compliance requirements and thrive in today’s competitive market.

How do you conduct customer due diligence in the UAE?

The UAE mandates a structured CDD process under Federal Decree-Law No. 20 of 2018 and Cabinet Resolution No. 10 of 2019. Here’s a step-by-step guide:

Step 1: Collect Customer Data

For individuals: Full name, nationality, Emirates ID/passport number, occupation, and address.
For corporate entities: Trade license, Memorandum of Association (MOA), Ultimate Beneficial Owner (UBO) details, and financial statements.

Step 2: Verify Identity

Use government-issued IDs (e.g., Emirates ID, passport, driving license) and cross-check with UAE federal authorities’ databases.
For non-residents, validate residency visas through the Federal Authority for Identity and Citizenship (ICA).

Step 3: Sanctions Screening

Screen customers against:
- UAE Local Terrorist List (maintained by the Executive Office for Control and Non-Proliferation).
- UNSC Consolidated List.
- Politically Exposed Persons (PEPs) databases (e.g., domestic/international PEP lists).
Use the goAML portal to report matches (e.g., Fund Freeze Reports for confirmed sanctions).

Step 4: Risk Profiling

Classify customers as low, medium, or high risk based on:
- Geography (e.g., high-risk jurisdictions like Iran or North Korea).
- Transaction type (e.g., cash payments over AED 55,000).
- Business nature (e.g., real estate, precious metals).

Step 5: Ongoing Monitoring

Track transactions for inconsistencies (e.g., sudden large transfers inconsistent with declared income).
Use AI tools for real-time alerts on suspicious patterns.

Step 6: Record-Keeping

Maintain records for 5 years (general UAE) or 6 years (ADGM/DIFC entities).
Include KYC documents, transaction logs, and risk assessments.

How can the CDD process be improved in the UAE?

The UAE’s National Risk Assessment flags sectors like real estate, gold trading, and luxury goods as high-risk for money laundering. For example:

A Dubai real estate agent handling off-plan property purchases with cash.
A Sharjah gold trader processing large cross-border transactions to high-risk countries.

How to implement this:

Prioritize high-risk clients: Focus extra scrutiny on customers in these sectors.
Tailor checks: Use stricter CDD for a Saudi investor buying AED 10M worth of Dubai property in cash vs. a salaried expat opening a savings account.

2. Automate Screening with UAE-Approved Tools

Manual checks are slow and error-prone. UAE regulators (like the Central Bank and MOE) now expect real-time screening.

Tools to use:

Binderr Screen names against the UAE Local Terrorist List and UNSC sanctions instantly.
PEP databases: Flag clients like foreign diplomats or executives in Abu Dhabi’s sovereign wealth funds.

3. Train Staff on UAE-Specific Red Flags

Mandatory training topics (per UAE Central Bank):

Layering transactions: E.g., a customer deposits AED 200,000 in cash across multiple Dubai bank accounts.
Inconsistent behavior: A low-income worker suddenly investing AED 500,000 in Dubai Crypto (VASP).

Practical steps:

Enroll AML officers in CAMS certification (Certified Anti-Money Laundering Specialist).
Run workshops using real UAE cases (e.g., the 2020 Dubai gold smuggling case).

4. Document Red Flags Unique to the UAE

Common red flags in UAE businesses:

UBO refusal: A Ajman-based LLC owner won’t disclose ultimate beneficiaries.
Cross-border cash: Frequent AED/INR cash transfers via UAE exchange houses.
Mismatched profiles: A freelance visa holder in Dubai suddenly trading AED 1M in cryptocurrencies.

How to act:

Freeze transactions and file a Suspicious Transaction Report (STR) via the goAML portal.
Keep a log (e.g., “Customer X attempted 3 cash deposits exceeding AED 55,000 in one week”).

5. Why This Works in the UAE

Avoid fines up to AED 5 million under Federal Decree-Law No. 20/2018.
Build trust with UAE authorities – critical for license renewals in sectors like DMCC Free Zone.

Who is Responsible for CDD in the UAE?

In the UAE, several entities are responsible for implementing Customer Due Diligence (CDD) measures to prevent financial crimes such as money laundering and terrorist financing. These responsibilities are outlined under the UAE’s AML/CFT laws and enforced by regulatory bodies such as the Central Bank of the UAE (CBUAE), Dubai Financial Services Authority (DFSA), and the Executive Office for Anti-Money Laundering and Counter-Terrorism Financing (EO AML/CTF).

Regulated Entities Responsible for CDD. The following businesses and institutions must adhere to CDD regulations:

Designated Non-Financial Businesses and Professions (DNFBPs):

Real estate brokers, property developers
Auditors, accountants, tax consultants
Law firms, legal consultants
Dealers in precious metals & gemstones
Trust & corporate service providers (TCSPs)

Financial Institutions (FIs):

Banks, exchange houses, investment firms
Insurance companies and brokers
Payment service providers (PSPs)
Wealth & asset management firms

Virtual Asset Service Providers (VASPs):

Crypto exchanges and trading platforms
Digital wallet providers
Blockchain-based financial service providers

Each of these entities must identify, verify, and monitor customers to detect and mitigate financial crime risks.

Customer Due Diligence in UAE

What is Customer Due Diligence in UAE?