On the market for compliance services in the UAE, there are offers for the quick implementation of AML at a symbolic price. Their presentations usually feature the same arguments:

• “We will prepare all the documentation for you — internal policies, forms, and reports.”

• “We will handle registration with goAML and other technical steps.”

• “The completed package will satisfy all regulator claims.”

Contractors create the impression for businesses that this is enough for full compliance. And it seems to the company like a simple and inexpensive solution. 

However, this approach creates only the appearance of compliance. The regulator in the UAE assesses not the presence of formal documents, but how processes are organized: whether an MLRO is appointed, whether employees are trained, whether transaction monitoring is conducted, and whether reporting is submitted. And here “cheap AML” fails — leading to serious fines and penalties.

For example, 

• Fines of 100,000 to 200,000 AED may be imposed for the absence of internal policies or procedures.

• For non-compliance with due diligence measures when working with high-risk clients — fines of up to 1,000,000 AED. 

• Repeated violations may result in doubled fines. 

These provisions are enshrined in Cabinet Resolution No. 71 of 2024 “On the regulation of offenses and administrative sanctions imposed on violators of anti-money laundering and terrorist financing procedures under the supervision of the Ministry of Justice and the Ministry of Economy.”

Where cheap contractors cut costs

In practice, “cheap AML outsourcing” rarely goes beyond a “set of documents.” The contractor prepares the policy and standard forms, after which the company receives a folder of files and the impression that the requirements have been met, but this does not correspond to reality.

To understand why “cheap AML” in the UAE does not work, it is enough to look at what exactly contractors economize on and which key elements of the system they omit:

1. Implementation

   • no MLRO and distribution of responsibilities;

   • employees are not trained;

   • decision logs and escalation protocols are not maintained.
     
     

2. KYC and client verification

   • limited to the passport and license;

   • do not identify UBO and related parties;

   • do not verify sources of funds and wealth;

   • risk assessment is the same for all clients.
     
     

3. Monitoring and goAML

   • formal registration without active system engagement;

   • STR and SAR are not submitted;

   • transactions are checked only by amount, with no behavior analysis.
     
     

4. Training and control

   • MLRO is formally appointed without authority;

   • employees do not know how to recognize risky situations;

   • internal audits and independent checks are absent.

The contractors' savings manifest in that they simplify checks, exclude labor-intensive elements, and reduce AML to templates. As a result, the company receives an illusion of compliance that will not withstand regulatory scrutiny.

Cheap AML vs Real Requirements

The table below shows how the approach of simplified contractors differs from regulatory requirements in the UAE.

When working with a contractor for a symbolic amount, the company is left with a beautiful AML folder, but there is no control system: no UBO check, no source of funds, no real monitoring, and reporting in goAML. All this is easily identified during the first inspection, and the responsibility falls not on the contractor but on the company.

Also read the extensive guide “How to Meet AML Requirements in the UAE and Avoid Fines in 2025”