Frequently Asked Questions
Dealer in Precious Metals and Precious Stone Report (DPMSR) is a type of report that is a unique requirement from dealers in precious metals and stones licensed in the UAE. This report captures specific cash transactions or transactions through wire transfers (in the case of legal person) equal to or exceeding AED 55,000.
DPMSR must be submitted to the Financial Intelligence Unit (FIU) through goAML platform in the following cases:
- Cash transactions with resident individuals equal to or exceeding AED 55,000
- Cash transactions with non-resident individuals equal to or exceeding AED 55,000
- Cash transactions with corporate entities (legal persons) equal to or exceeding AED 55,000
- Transactions with corporate entities (legal persons) involving international wire transfers equal to or exceeding AED 55,000
- Local wire transfers made through an exchange house.
- Instalment transactions in cash equal to or exceeding AED 55,000, to be reported whenever the collected cash installments reach or exceed AED 55,000.
- Unfixed gold transaction involving cash equal to or exceeding AED 55,000
- Advance payment in cash equal to or exceeding AED 55,000, to be reported at the time of receiving funds.
- Wire transfers from a mainland/onshore company to a Free zone company (not part of the same company)
- Transaction between two Free Zone companies, settling the payment in USD through the international wire transfer.
You do not have to report DPSMR in the following cases:
- Credit card, cheque, or bank transaction with an individual, irrespective of the amount.
- Exchange of old gold or gold-to-gold transaction, not involving cash equal to or exceeding AED 55,000
- Local wire transfers and cheque transactions from a local bank in the UAE.
- Transfers or purchase/sale transactions in cash within your own company accounts, irrespective of the amount.
- Transactions through the Letter of Credit issued by banks.
- Transaction between two Free Zone companies, settling the payment through the bank accounts in the same bank in UAE.
- Physical trade of precious metals or stones with commercial banks operating & regulated outside the UAE.
DPSMR Summary
Any foreign currency equals or exceeds AED 55,000 if the payment is made in cash or wire transfer.
Transfers from outside the UAE are “wire transfers”, and as such the payment should be reported on DPMSR if it is equal to or exceeding AED 55,000.
Yes, you must submit DPSMR if the transaction amount is equal to or exceeding AED 55,000.
Third party payments can be high-risk transactions. If the appropriate due diligence level resulted in reasonable grounds to suspect the crime of money laundering, then the company must report STR/SAR. They can also be reported on DPMSR if they match the description in the response to Question No (2) above.
No. DPMSR is only for sale/purchase transactions. Service fees are not covered. However, you must assess the risk of crime if you have other deals with the same customer. For example, a customer may purchase multiple products that need to be molded or shaped, which in turn increases their resale value as jewelry pieces. In this case, if the customer pays for “working or making” in cash or by wire transfer that is equal to or exceeding AED 55,000, then you must report this transaction and explain your suspicion with the supporting documentation.
No later than 2 weeks from the time of receiving the funds.
If repeated, it can be considered a weakness in the governance of the AML policy and procedures. This can result in administrative penalties including fines or restriction of license among other sanctions.
The regulations require DPMS to identify the suspicion related to money laundering, terrorism financing or proliferation financing and report such suspicion by filing a Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR).
Suspicious Transaction Reports are usually submitted during customer onboarding or while conducting a transaction, and one of the following is observed:
- The customer insists on payment by virtual currency.
- The customer refuses to provide necessary documents or the company is unable to obtain the same for the transaction.
- The customer is involved in a cash intensive business.
- Inconsistencies between the nature of the customer’s business and the purpose of transaction.
- Commencement of criminal proceedings against the customer.
- Multiple third parties involved in the transaction.
- Frequent selling and purchase of gold or other precious metals are carried out in a short time.
- Transaction value does not match the customer’s income.
- Request for last-minute changes in the transaction details.
Please note that this list is not exhaustive. See the list of typologies as part of the company’s policy documentation.
The law and regulation require the reporting to be “without any delay”. It is recommended that STRs/SARs be submitted within 24 hours from the date you have acquired sufficient evidence to form a suspicion of crime.
ID documents for all parties involved, transaction documents including invoices, communication documents (e.g. emails …etc.), and any other relevant documents obtained as part of CDD or EDD.
Partial Name Match Report is a type of report submitted on the goAML platform. This report is part of the Targeted Financial Sanctions regime in the UAE.
When the customer’s name partially matches a name on the UN Consolidated List or the UAE Local Terrorist List.
Fund Freez Report is a type of report submitted on the goAML platform. This report is part of the Targeted Financial Sanctions regime in the UAE.
When an individual’s full name, date of birth, nationality, and passport number for individuals, or a group or entity’s legal name and license, identically match that of a person or entity on the UN Consolidated List or the UAE Local Terrorist List.
- Suspicious Transaction Report (STR)
- Suspicious Activity Report (SAR)
- Fund Freez Report (FFR)
- Partial Name Match Report (PNMR)
- Dealers in Precious Metals and Stones Report (DPMSR)
- High Risk Country Transaction Report (HRC)
- High Risk Country Activity Report (HRCA)
- Suspicious Transaction Report (STR)
- Suspicious Activity Report (SAR)
- Fund Freez Report (FFR)
- Partial Name Match Report (PNMR)
- Dealers in Precious Metals and Stones Report (DPMSR)
- High Risk Country Transaction Report (HRC)
- High Risk Country Activity Report (HRCA)
- KYC: Collect and verify customer identity and basic information.
- CDD: Assess customer risk based on business type, source of funds, and transaction activity.
- EDD: For higher-risk customers, conduct deeper checks like verifying source of wealth.
- Ongoing Monitoring: Continuously monitor customer activity for suspicious transactions.
- Suspicious Activity Reporting (SAR): Report any activity suspected of money laundering or terrorist financing.
- DPMSR: Report any funds received in cash or by wire transfer that equals or exceeds AED 55,000.
- KYC: Collect and verify customer identity and basic information.
- CDD: Assess customer risk based on business type, source of funds, and transaction activity.
- EDD: For higher-risk customers, conduct deeper checks like verifying source of wealth.
- Ongoing Monitoring: Continuously monitor customer activity for suspicious transactions.
- Suspicious Activity Reporting (SAR): Report any activity suspected of money laundering or terrorist financing.
- DPMSR: Report any funds received in cash or by wire transfer that equals or exceeds AED 55,000.
KYC stands for “Know Your Customer”. It’s a process your company uses to collect relevant information to verify the identity and legitimacy of its customers.
- For Individuals: Proof of ID (Emirates ID, passport) and proof of address (utility bill, bank statement).
- Companies: Registration documents, ownership documents, and information on beneficial owners.
CDD stands for “Customer Due Diligence”. It’s the process your company goes through to gather and verify information about their clients. The main purpose of CDD is to identify and mitigate the risks of crime and to comply with regulations. KYC is the first step of CDD, sanctions screening and risk assessment are the next step, and ongoing monitoring is the third step of CDD.
The process of checking the name of your customers against the sanction’s lists. The applicable lists in UAE include the UN Security Council’s Consolidated List and UAE Local Terrorist List. Both are maintained by the Executive Office for Control and Non-proliferation (EOCN).
The process of evaluating the possibility that your customers maybe engaged in illicit activities such as money laundering, terrorism financing, proliferation of weapons of mass destruction, and other types of crimes.
EDD must be performed on all PEP customers and the approval of senior management must be obtained and documented. Every PEP customer should be entered into a register for PEPs that is maintained by your company.
It is prohibited to deal with sanctioned customers. You must suspend all dealings when you confirm that your potential customer is sanctioned and file FFR to the FIU. You must freeze any funds received from the sanctioned customer until further notice from the FIU or EOCN.
You should follow the EDD procedures, including verifying and obtaining proof of source of fund, proof of address, and perform adverse media search on the customer. In some cases, senior management approval might be required.
Customers form sealing in cash over AED 55,000, customers from high-risk countries, PEPs, and customers with suspicious activity.
EDD stands for Enhanced Due Diligence. It’s a more intensive version of Customer Due Diligence (CDD) specifically used for high-risk situations. It involves verifying and obtaining proof of the source of funds and address of the customer.
- Employment: Salary slips, tax returns, employment contracts.
- Savings: Bank statements showing a history of deposits and sufficient balance.
- Investments: Investment account statements, brokerage statements.
- Sales: Documents related to the sale of assets like property (sale deed) or businesses (purchase agreement).
- Inheritance: Documentation proving inheritance, like a will or probate order.
- Gifts: Signed gift letters from the donor along with proof of their funds (if significant amount).
- Winnings: Lottery ticket stubs or receipts with matching bank deposits.
There are two versions of transaction monitoring systems depending on the business size: manual (small and medium companies) and automated (large businesses, banks, and money services business… etc.). Both aim to accomplish the same goal which is to identify any suspicious cases by following a rule-based method. The rules derive from the requirements of the law and the identified typologies in the DPMS sector. This system will look specifically at transaction amounts, customer profile and risk levels, past transactions, source of funds, geographic location, transaction type, customer behavior… etc. to generate alerts of suspicion. These alerts will then be reviewed, and the customer will be investigated by the compliance department. This review can result in filing STR/SAR or dismissing the alert as false.
The EOCN does not maintain a list of “sanctioned” countries. However, the UAE recognizes high-risk countries under FATF list, which are: Iran, Myanmar, North Korea.
Iran, Myanmar, North Korea.
There are no sanctioned countries as per the authorities in UAE. However, you can deal with customers from high-risk countries following the proper due diligence measures.
Yes, you can deal with customers from high-risk countries following the proper due diligence measures.
There are no “prohibited countries”. However, you can deal with customers from high-risk countries following the proper due diligence measures.
KYC form and its content is a crucial part of customer due diligence. You should make a reasonable effort to convince customers to fill in and sign the KYC form. However, in case of resisting customers, try to obtain the ID documents and gather the KYC form information using other methods such as over the phone or WhatsApp messages or any other appropriate method, and make sure all your efforts are documented as possible. If all the efforts with a non-cooperative customer fail, and you could not obtain the basic ID documents, you should submit SAR if the transaction is not concluded, or STR if the transaction is concluded (in case of recurring customer whose ID documents have expired for example).
Gather all the documents and information for this transaction and file a Funds Freez Report (FFR) on the goAML platform. The transaction should be suspended until further instructions from the FIU. Do not tip-off the customer about this reporting or suspension of transaction, and if you have to explain the delay, you should only cite other convincing or relevant reasons not related to the reporting.
PEPs are high-risk customers and require the approval of senior management for onboarding. If a PEP does not give information that means the Compliance Officer cannot prepare the report for the management approval, and therefore the PEP cannot be onboarded and there shall be no transaction under this PEP’s name. Further, the refusal to give reasonable information (e.g., updated ID documents, source of fund…etc.) can be reasonable grounds for submitting SAR on goAML.
Installment payments in cash (for both individuals and corporate customers) or wire transfer (for corporate customers) qualify for DPMSR when the accumulated payments equal or exceed AED 55,000. For example, let’s say a customer chooses to pay in 4 equal cash installments of AED 20,000 each for purchase of gold jewelry. As long as the first 3 payments are completed, the total amount paid by the 3rd installment would be AED 60,000 (3 x AED 20,000). This is when you would need to submit a DPMSR report for this transaction on goAML.
For any transaction below AED 55,000, the company will not be covered by the DNFBP definition in the law or regulation. However, the Ministry of Economy issued circular MOEAML – 2/2023 which required that DPMS display a notice on the company’s premises in a visible manner. This notice states to all customers that “disclosing your data is part of the anti-money laundering and combating terrorist financing legislations and to protect you from legal accountability.” You should make the customer aware of this notice before taking any action. You can also request the ID details as part of billing information.
The compliance team will do their best to expediate matters that may result in delays. The customer facing employees, meanwhile, should not disclose anything relating to internal investigation or the approval process. Customer facing employees shall always respond to customer’s questions accordingly.
Under no circumstances should you notify the customer that they are subject to EDD or reporting measures. This process is confidential. If other reasons for suspicion exist in addition to non-cooperation, consider submitting STR/SAR.
Your company’s AML policy manual may require the customer risk assessment to be completed in various stages during the business relationship. Please refer to the relevant parts in your AML policy manual.
Submit the report as soon as possible even if the deadline has passed.
Any type of report, including STR, should be based on reasonable grounds to be submitted. The reasons for a report could be the observance of a red flag indicator, a result of CDD or EDD, or transaction monitoring controls.
The company’s policy may request specific documentation with regard to the various types of customers. Generally, the following are collected from customers during onboarding (depending on the due diligence level):
- Emirates ID and Visa copies (for UAE nationals and residents)
- GCC ID cards (for GCC citizens)
- Passport (for non-resident foreigners)
- Proof of address (utility Bill, Rent Agreement, Bank Statement …etc.)
For corporates:
- Trade License
- Certificate of Incorporation
- Memorandum of Association/Articles of Association
- Certificate of Good Standing
- Register of Shareholders/Directors/UBOs
- Board resolution appointing authorized signatories.
- Audited Financial Statement
Yes. Each employee should understand the risk of money laundering regarding the specific functions of that employee. The level of training required may vary between different departments of business, so accounting staff will need to be more vigilant of ML risk of money laundering.
- Emirates ID and Visa copies (for UAE nationals and residents)
- GCC ID cards (for GCC citizens)
- Passport (for non-resident foreigners)
- Proof of address (utility Bill, Rent Agreement, Bank Statement …etc.)
For corporates:
- Trade License
- Certificate of Incorporation
- Memorandum of Association/Articles of Association
- Certificate of Good Standing
- Register of Shareholders/Directors/UBOs
- Board resolution appointing authorized signatories.
- Audited Financial Statement
Yes. A duly authorized person can also sign on behalf of other partners.
- Emirates ID and Visa copies (for UAE nationals and residents)
- GCC ID cards (for GCC citizens)
- Passport (for non-resident foreigners)
- Proof of address (utility Bill, Rent Agreement, Bank Statement …etc.)
For corporates:
- Trade License
- Certificate of Incorporation
- Memorandum of Association/Articles of Association
- Certificate of Good Standing
- Register of Shareholders/Directors/UBOs
- Board resolution appointing authorized signatories.
- Audited Financial Statement
It is not required by regulations. However, if this type of customer had requested a purchase of sale before, then you should document that customer’s details.
You should always request the source of funds from the client if the level of due diligence demands it according to your company’s policy. But if you could not obtain this document, then the SoF declaration must be collected.
The SoF proof should reflect the true source of funds involved in the transaction. If the funds are fully provided by the partner, then you must collect the proof from the partner.
For UAE nationals and residents collect the Emirates ID; for non-resident forigners collect the passport; for GCC nationals collect the GCC ID card.
You proceed to enhanced due diligence on the customer. If you have a reasonable suspicion regarding the origin of the gold or chain of custody, you should file STR. Otherwise continue the transaction as usual with a request from the customer to share the certificate whenever it is available.
DPMS had to comply with AML regulations since 31 March 2021. Any qualified transaction from that date must be remediated to comply with the law. This applied to closed accounts and transactions as well.
If they match the description detailed in the response given to Question No. (2) above, then yes, you must submit DPMSR.
The documents required vary from case to case. Some of these letters include Source of Fund Undertaking, Politically Expose Person Declaration, Sanctions Undertaking, and Transaction Monitoring Undertaking.
In addition to ID documents such as the license and MOA, certificate of incorporation, UBOs, you should also request a copy of their supply chain policy and controls and fill out the supply chain questionnaire. This may vary for each company.
Authorization letters are required when the customer, under whose name the transaction is being conducted, is represented by an agent (POA, Authorization letter… etc.). If the person approaching your company is not the named customer for the transaction, you must collect the authorization letter and ID documents for the representative as well.
For corporate suppliers, it is generally advised that you collect all the documents required by the company’s policy. The supply chain policy is either a part of the CDD or EDD process. Please refer to your respective company supply chain policy for details.
When conducting transactions equal to or exceeding AED 55,000
All the reports, including STRs, are required by the authorities for financial intelligence and DO NOT COMPROMISE your business in any way. It is the FAILURE TO REPORT STRs that can harm your business position or reputation.
Yes, but make sure the bill reflects the customer’s address.
Bank statements, inheritance documents, salary slips, salary certificates, sale and purchase contracts, tax returns, certified compensation award, copy of will, latest audited company accounts …etc.
If the customer is high-risk and they refused to provide proof of SoF as part of EDD, you should file an STR if the transaction is closed, or SAR if it is pending.
The KYC file review for each customer is detailed in the company’s policy. However, any measure change in the customer’s legal status or change in partners or beneficial owners or similar changes occurs, then KYC file must be updated accordingly and CDD or EDD may need to be reperformed as well. Refer to company’s policy for specific details.
Risk assessment is part of CDD measures. If any change mentioned in the response to the previous question occurs, then the customer’s risk must be reassessed.
The regulations do not set daily limits for any sort of transaction. However, your respective company may set such limits as part of its policy.
See the response to Question No. (43)
Usually, the policy will be updated annually following the enterprise-wide risk assessment (EWRA). However, certain events may necessitate an update to the policy such as new laws or regulations, change in business structure (merger or acquisition), new services or products offered by the company…etc. The company’s policy should contain a section on when to update it.
The law does not differentiate between business structure or legal form when it sets out the qualifications for MLRO/Compliance Officer.
If the transaction qualified for DPMSR, you should report at the time of receiving the funds (see response to question No. (2) above). If DPMSR is not applicable, then you should only report if you have reasonable grounds for suspicion of crime, or when the customer’s name matches with a sanctions list. These other reports should be filed even if the transaction is cancelled.
The compliance function must be independent from other business functions to avoid any conflict of interest. However, authorities have communicated that small companies may combine these functions, but they must make sure to have the relevant policies and controls to maintain the independence of the compliance function.
Yes. When they perform any of the following:
- Acting as an agent in the creation or establishment of legal persons;
- Working as or equipping another person to serve as director or secretary of a company, as a partner or in a similar position in a legal person.
- Providing a registered office, work address, residence, correspondence address or administrative address of a legal person or Legal Arrangement.
- Performing work or equipping another person to act as a trustee for a direct Trust or to perform a similar function in favour of another form of Legal Arrangement.
- Working or equipping another person to act as a nominal shareholder in favour of another person.
The risk assessment should be performed on the customer (corporate) not UBO. But all UBOs must be screened against applicable sanctions lists, PEP, and adverse media databases to determine the risk of the corporate customer.
Your company should maintain a register for UBOs, partners, or shareholders. This register must be updated if any change happens to the ownership or shares of the company.
The regulations do not specify any limits for EDD. Each company may set a different limit for the customer to undergo EDD according to its business size and customer base concerns. Please refer to your respective company’s policy.
Nothing prohibits receiving payments during KYC or CDD process. But you should make sure not conclude the transaction until the KYC, screening, and risk assessment have been completed.
KYC should be filled out and signed by the customer for all transactions regardless of the amount. Your company’s policy may designate certain customers as “low risk” for whom should only obtain the ID document without the need to complete the KYC form.
Customers from blacklisted countries (Myanmar, Iran, North Corea) can be accepted subject to EDD measures. Some companies may require the approval of senior management of such customers. Please see your respective company’s policy.
This will depend on the risk level of this corporate customer, legal status, and policy requirements. For example, if the UBO remains unchanged, and the customer is low or medium risk, you can update and verify the UBO information every two years. For the specific case of each company, please see the company’s policy requirement for updates.
See response to Question No. (2) above.
No DPMSR should be files. However, if there is suspicion of crime, then STR/SAR should be filed.
All dealers in precious metals and stones qualify as DNFBPs when they “carry out any single monetary transaction or several transactions that appear to be interrelated or equal to more than AED 55,000”. This is regardless of the volume, type, or specialty of their trade.
If the provided low-risk passport is valid, then you should proceed to risk assessment on the customer’s nationality as per the passport.
All customers may be onboarded subject to proper level of due diligence except for sanctioned individuals, groups, or entities (UNS Consolidated List & UAE Local Terrorist List). There is no recognized list of “sanctioned countries” in the UAE, only a list of “high-risk countries”. For customers from high-risk countries, you should follow your normal risk assessment and due diligence measures. If the level of risk is acceptable according to the company’s policy, then you may onboard such customers.
License details, UBOs, article of association, official address, contact information.
If the customer’s risk is low and qualifies as “designated low risk” as per the company policy, then you can proceed with the transaction. Otherwise, you must verify the ID document by examining the original.
Iran, Myanmar, Democratic Republic of Korea
Office boys and drivers can be exposed to money laundering risk if they are involved in delivery of cash, cheques, and receipts and may compromise confidentiality requirements because of their interaction with other staff such as compliance and accounts. So, they need to understand the importance of AML compliance in general terms without the technical specifics.
PEPs are influential decision makers who are entrusted with public funds or large amounts of money to administer on behalf of others. Because of this, they may be exposed to corruption, embezzlement, insider trading, unfair advantage… etc. They can also facilitate money laundering using their influence.
EDD must always be followed with PEPs. See your company’s policy for more information. PEPs also require the approval of senior management to be onboarded.
Simplified Due Diligence may apply to low-risk customers designated in the company’s policy. Customer Due Diligence (CDD) is the level that is applicable to most other low and medium risk customers. Enhance Due Diligence is the level required for high-risk customers (e.g., PEPs, high-risk country customers… etc). Ongoing Due Diligence is the state of observing the customers for any suspicion of crime or change in their legal status or behaviour. Your company’s policy should contain the detailed process to carry out each level of due diligence.
Normally, low and medium risk customers undergo customer due diligence, which means they have to provide KYC information, but they do not need to provide proof of source of funds and proof of address. High-risk customers, on the other hand, undergo enhanced due diligence where they must provide proof of SoF and proof of address, as well as verifying the KYC information they provided using reliable sources.
Sanction screening is performed after the collection of ID documents, which usually happens after the KYC form has been filled out and signed. The customer passport information will be carefully entered into the screening software interface. The software will then return the results based on the entered information. A Fund Freez Report should be filed if there is a confirmed match, and the transaction must stop until further instructions from the FIU; a Partial Name Match Report should be filed in case of partial name match. Otherwise continue the rest of customer due diligence.
Non-compliance can result in serious criminal charges which may conclude in prison sentence among other penalties. Regulators can also impose fines up to AED 10 million. Regulators can also suspend your business license or cancel your license and registration. Not to mention the reputation risk and loss of credibility among the public in the market. In the case of employees, non-compliance may end up in termination of labor contracts and, if the violation is serious, prison sentence.
This is usually considered a red flag. You should closely monitor these clients and collect evidence of any suspicion you might have and then file SAR/STR.
“We maintain a robust system of information security which adheres to the best practices in the industry. This ensures that we keep confidential all of our customers’ records and personal information.”
“There are always compliance challenges. However, we endeavor to maintain the highest level of practice, exceeding the compliance requirements. We follow a STAR model when we identify any challenge, always keeping our eyes open to surpass compliance requirements.”
“It is our determination to get other market players to comply with applicable regulations. We follow a STAR model when we identify any violations which we deal with them according to the regulation and best practices.”
“We always follow the regulatory authorities’ websites and official channels for updates to the regulation or outreach sessions. Other industry leaders publish reports and insights from time to time which is also valuable to our practice.”