Customer Due Diligence (CDD) in the UAE: A Practical Guide for Businesses
Customer Due Diligence (CDD) is a cornerstone of Anti-Money Laundering (AML) compliance. In the UAE, all Financial Institutions (FIs) and Designated Non-Financial Businesses and Professions (DNFBPs) must conduct CDD before onboarding a customer and throughout the business relationship.
Failing to apply proper CDD can expose your business to regulatory penalties, reputational damage, and even criminal liability.
This guide simplifies the process and helps you understand what’s required to stay compliant with UAE Federal AML Law and Cabinet Decision No. (10) of 2019.
What Is Customer Due Diligence (CDD)?
CDD is the process of verifying the identity of your customers and understanding the nature of their business activities. It helps detect and prevent money laundering, terrorist financing, and other financial crimes.
The key objectives of CDD are to:
- Identify the customer and verify their identity
- Understand the ownership and control structure (if the customer is a company)
- Assess the purpose and intended nature of the business relationship
- Conduct ongoing monitoring
When Is CDD Required?
You must apply CDD in the UAE in the following situations:
- When establishing a new business relationship
- When carrying out a transaction ≥ AED 55,000 (single or linked)
- When doubts arise about previously collected information
- When you suspect money laundering or terrorist financing
- When dealing with occasional transactions ≥ AED 3,500 (for certain DNFBPs)
Step-by-Step Guide to Conducting CDD in the UAE
Step 1: Identify the Customer
Collect basic identification information:
- For individuals: full name, nationality, ID number, passport copy, Emirates ID
- For entities: trade license, MOA, name of authorized signatory, address, legal form
Step 2: Verify Customer Identity
Use reliable and independent source documents, such as:
- Government-issued IDs
- UAE Pass
- Certified corporate documents
- Official registry databases
Always ensure documents are valid, current, and legible.
Step 3: Identify Beneficial Owners (UBOs)
If the customer is a company, identify the ultimate beneficial owner (UBO)—the person who:
- Owns or controls 25% or more of the business
- Exercises significant influence or decision-making power
You must verify the UBO’s identity using supporting documentation such as:
- Shareholding structure
- Registers of shareholders and UBOs
Step 4: Understand the Nature of the Business Relationship
Assess:
- What services/products the client needs
- Why they are engaging with your firm
- The source of their funds/income
- Countries involved in the transactions
This helps determine if the relationship is low, medium, or high risk.
Step 5: Screen Against Sanctions Lists and PEPs
You must screen every customer against:
- UN Security Council Sanctions Lists
- UAE Cabinet Resolution Lists
- Politically Exposed Persons (PEPs) databases
This is part of Targeted Financial Sanctions (TFS) obligations.
If the customer is a PEP or linked to sanctioned parties, apply Enhanced Due Diligence (EDD).This is part of your Targeted Financial Sanctions (TFS) compliance under the broader AML obligations.
Step 6: Risk Rating the Customer
Assign a risk level (low, medium, or high) based on:
- Geographic risk
- Type of client (individual, company, PEP, etc.)
- Business sector
- Transaction behavior
Use this risk rating to determine the frequency and depth of monitoring required. Our CDD process should align with your firm’s overall AML compliance framework and risk appetite.
Step 7: Keep Records
You must retain all documents, data, and information for at least 5 years from:
- The date the relationship ends
- Or the date of the transaction
This includes:
- ID documents
- Transaction history
- Risk assessments
- Sanctions and PEP screening results
Ensure records are secure, retrievable, and made available to authorities if requested.
What Happens After CDD?
Once initial CDD is completed:
- You may onboard the customer if no red flags are found
- If high-risk factors arise, you must conduct Enhanced Due Diligence (EDD)
- If identity cannot be verified or risks are too high, decline the relationship
You are also required to conduct ongoing due diligence throughout the relationship, especially if:
- Customer behavior changes
- There are unusual or large transactions
- New risk factors emerge
Common Challenges Businesses Face in CDD
| Challenge | How to Handle |
|---|---|
| Incomplete documentation | Insist on complete files before onboarding |
| Identifying UBOs in complex structures | Use official registries and ask for organograms |
| Keeping up with regulatory changes | Subscribe to updates from UAE MOE, FIU, and your licensing authority |
| Monitoring high-risk clients | Use automated risk rating and alerts software |
👩💼 Need Help with AML & CDD Compliance?
Our team assists with AML compliance in the UAE including goAML setup, CDD procedures, and STR filing.
- Setting up robust CDD procedures
- Risk profiling clients
- goAML registration and reporting
- Training your team on CDD/EDD best practices
📩 Get a Free AML Compliance Consultation →
☎️ Or call us: +971 4 338 8085
The Guidelines aim to help Financial Institutions (FIs) understand and fulfill their legal obligations under UAE laws concerning Anti-Money Laundering (AML), Combating the Financing of Terrorism (CFT), and preventing the financing of illegal organizations. They provide a risk-based framework for identifying, assessing, and mitigating financial crime risks.
No, the Guidelines are not legally binding and do not constitute legislation. They are meant to complement existing UAE laws and regulations. If any inconsistency arises, the prevailing legal and regulatory framework takes precedence.
All Financial Institutions (FIs) in the UAE—including banks, insurance providers, exchange houses, securities brokers, virtual asset service providers, and others—must comply with these Guidelines. This includes entities operating in both the mainland and the Financial or Commercial Free Zones.
CDD is the process of verifying a customer’s identity, understanding the nature of their financial activity, and assessing ownership structures. It is a critical step in preventing money laundering, terrorism financing, and fraud. FIs use CDD to ensure they are not inadvertently facilitating illegal financial activity.
Standard CDD: The default level of due diligence involving ID verification and understanding the purpose of the customer relationship.
Enhanced Due Diligence (EDD): Applied to high-risk clients (e.g., PEPs, high-risk countries, complex ownership structures) with more in-depth checks.
Simplified Due Diligence (SDD): Used for low-risk customers, allowing limited verification in certain cases.
The RBA requires FIs to assess ML/FT risks based on factors like customer type, location, product type, and transaction methods. Based on this risk assessment, FIs must apply appropriate levels of due diligence and monitoring, prioritizing resources toward higher-risk areas.
Placement: Introducing illicit funds into the financial system.
Layering: Obscuring the origin through complex transactions.
Integration: Reintroducing cleaned money into the legitimate economy.
Understanding these helps FIs better detect suspicious activities at various points.
The Guidelines align with the UAE’s four-pillar strategy: legislation, intelligence, cooperation, and enforcement. They help FIs understand their role in combating financial crimes and support broader national and international objectives.
