Customer Due Diligence Requirements in the UAE: A 2025 Guide to AML Compliance

Customer Due Diligence (CDD) is more than just a compliance checkbox—it’s about knowing your clients, verifying their identity, and understanding their financial behavior to avoid exposure to illicit activities. In the UAE, CDD is a legal requirement under Federal Decree-Law No. (20) of 2018 and Cabinet Decision No. (10) of 2019, applying to sectors ranging from banking and real estate to virtual asset providers.

By 2025, the UAE will have strengthened its AML efforts in line with global standards, especially those set by the Financial Action Task Force (FATF). This guide breaks down what businesses need to know: when CDD applies, what documents are required, how to handle high-risk clients, and the consequences of non-compliance. Whether you're new to the UAE market or tightening your internal controls, staying informed on CDD is essential for risk-free operations.

What are the Customer Due Diligence Requirements Under UAE AML Law?

In the UAE, Customer Due Diligence (CDD) is a legal requirement under Federal Decree-Law No. (20) of 2018 and Cabinet Decision No. (10) of 2019, which forms the backbone of the country’s anti-money laundering (AML) framework. These laws apply to all regulated entities, including banks, financial institutions, and certain non-financial businesses.

As part of CDD, businesses must first identify and verify the identity of their customers and any beneficial owners using reliable and independent documents, such as a passport, Emirates ID, or business license. It's not enough to just collect the information; it must be verified against official sources.

Next, companies are required to understand the nature and purpose of the business relationship. This means having a clear idea of why the customer is engaging with the business and how they intend to use its services.

CDD doesn’t end at onboarding. There must be ongoing monitoring of transactions to ensure they match the expected behavior and risk profile of the customer. If something unusual arises, such as a sudden large transfer or frequent high-value transactions, it should trigger further review or even a suspicious transaction report.

Businesses must also keep records of all customer data, verification details, and transaction history for at least five years after the relationship ends or after a transaction is completed.

CDD must be performed in the following situations:

• When establishing a new business relationship.
• When conducting a single cash transaction of AED 55,000 or more.
• When there's any suspicion of money laundering or terrorist financing.
• When previously collected customer information appears incorrect or incomplete.

In short, CDD in the UAE is a continuous process that begins before onboarding and continues throughout the customer relationship, forming a key pillar of AML compliance.

What Are the Enhanced Due Diligence Requirements in the UAE?

Enhanced Due Diligence (EDD) is required when a customer or transaction presents a higher risk of money laundering. According to UAE AML law, EDD must be applied in cases such as:

• Politically Exposed Persons (PEPs).
• Transactions involving high-risk countries.
• Complex or unusually large transactions.
• Non-face-to-face business relationships.

EDD procedures include:

• Obtaining senior management approval before establishing relationships.
• Verifying the source of funds and wealth.
• Increasing the frequency and depth of ongoing monitoring.

How Do UAE Banks Comply With Customer Due Diligence Regulations?

Banks in the UAE are subject to stringent compliance requirements. To meet CDD obligations, banks implement:

• Robust Know Your Customer (KYC) programs.
• Risk-based customer profiling.
• Automated screening systems for sanctions and watchlists.
• Training programs for compliance staff.
• Internal and external audits.

Banks must submit Suspicious Transaction Reports (STRs) to the UAE Financial Intelligence Unit (FIU) and maintain full cooperation with regulatory authorities.

What Does the Central Bank of the UAE Require for CDD Compliance?

The Central Bank of the UAE has issued detailed AML and CDD regulations for licensed financial institutions. These include:

• A mandatory risk-based approach to customer onboarding.
• Ongoing transaction monitoring and periodic customer reviews.
• Detailed record-keeping protocols.
• Clear policies for identifying beneficial owners and controlling persons.
• Mandatory reporting of suspicious activities.

The Central Bank also conducts regular inspections and enforces penalties for non-compliance.

How Does FATF Impact Customer Due Diligence in the UAE?

The Financial Action Task Force (FATF), as the global AML/CTF standard-setter, has significantly influenced the UAE’s approach to Customer Due Diligence (CDD), especially following the UAE’s 2020 placement on the FATF grey list.

Since then, the UAE has made major strides to align with FATF’s 40 Recommendations, with a strong focus on:

• Beneficial ownership transparency: Institutions must identify and verify the ultimate beneficial owners (UBOs) of clients.
• Risk-based supervision: Businesses are required to tailor CDD based on customer risk profiles.
• International cooperation: UAE authorities now work closely with global counterparts to share AML intelligence and support cross-border investigations.

By 2025, these improvements have led to tighter monitoring, stronger enforcement, and more comprehensive CDD policies across both financial institutions and designated non-financial businesses (DNFBPs).

FATF assessments continue to guide regulatory updates in the UAE, ensuring that CDD practices remain risk-based, transparent, and globally aligned.

What KYC Documents Are Required in the UAE for Due Diligence?

KYC documentation required for CDD in the UAE varies by entity type but typically includes:

For Individuals:

• Valid Emirates ID or passport.
• Residence visa and proof of address.
• Source of funds declaration.

For Companies:

• Trade license and Memorandum of Association.
• Shareholder and director IDs.
• Ultimate Beneficial Owner (UBO) declaration.
• Financial statements or bank references.

All documents must be validated and kept up-to-date as part of the ongoing CDD process.

What’s the Difference Between KYC and Customer Due Diligence in UAE Compliance?

While the terms Know Your Customer (KYC) and Customer Due Diligence (CDD) are often used interchangeably in the context of anti-money laundering (AML) compliance, especially in the UAE, they refer to different layers of the due diligence framework. Understanding the distinction between the two is essential for businesses striving to meet regulatory requirements effectively.

KYC (Know Your Customer) is a foundational element within the broader framework of CDD. It primarily involves the initial process of identifying and verifying the identity of a customer at the time of onboarding. This typically includes collecting and validating documents such as a passport or Emirates ID, proof of residence, and—when applicable—a trade license for corporate clients. The goal is to confirm that the customer is who they claim to be and to prevent identity-related fraud.

However, Customer Due Diligence (CDD) extends beyond this initial step. It includes a more comprehensive and ongoing assessment of the customer’s profile and activities. CDD requires businesses to not only identify the customer but also to understand the nature and purpose of the business relationship, assess the level of risk associated with the customer, and implement ongoing transaction monitoring. This means continuously verifying that the customer’s behavior aligns with their expected profile and promptly flagging any inconsistencies.

In the UAE, the regulatory framework obliges institutions, whether financial or non-financial, to adopt a risk-based approach to CDD. This involves categorizing customers into low, medium, or high risk and applying the appropriate level of scrutiny.

Conclusion

In 2025, the UAE remains committed to building a transparent and resilient financial system aligned with international AML standards. Customer Due Diligence is a critical pillar in this structure, helping to prevent misuse of the financial and non-financial sectors. Whether you're a multinational bank, a fintech startup, or a real estate agent, robust CDD compliance is no longer optional—it’s a legal obligation and a business necessity.

Staying compliant means understanding not only what is required but also how to implement these measures effectively. By doing so, entities in the UAE can safeguard their operations, uphold their reputations, and contribute to the country’s ongoing efforts to combat financial crime.

Contact us to learn more about our customer due diligence solutions.

FAQs