The Riffle
The ADGM Registration Authority (RA) has published its observations from 35 onsite AML/TFS assessments conducted across the Designated Non-Financial Businesses and Professions (DNFBP) sector during 2025. While most firms have established AML/TFS frameworks and documented policies, the RA found recurring weaknesses in implementation, governance, customer due diligence, and risk assessment processes.
The findings reinforce a key regulatory message: having policies on paper is no longer sufficient. Firms are expected to demonstrate that their AML/TFS controls are operating effectively in practice.
Key Highlights
1. The Focus Has Shifted from Documentation to Effectiveness
The RA observed a significant gap between documented AML/TFS frameworks and their practical application. While firms generally maintain policies and procedures, many struggled to demonstrate how these controls actively identify, assess, and mitigate financial crime risks.
2. Business Risk Assessments Are Often Outdated
Several firms were found to have Business Risk Assessments (BRAs) that did not adequately reflect changes in business activities, customer profiles, delivery channels, or emerging risks.
The RA also highlighted that Targeted Financial Sanctions (TFS) risks are frequently embedded within broader AML assessments instead of being assessed separately, limiting the effectiveness of risk mitigation measures.
Regulatory expectation: BRAs should be reviewed at least annually and whenever significant trigger events occur, such as business model changes, new products, or updates to national risk assessments.
3. Customer Risk Assessments Lack Consistency
The RA identified weaknesses in how firms classify customer risk.
Common issues included:
Inconsistent methodologies for assigning risk ratings.
Failure to adequately consider ownership structures, jurisdictions, and customer profiles.
Limited updating of customer risk assessments when customer behaviour or transaction patterns change.
These shortcomings can result in customers being assigned inappropriate risk levels and receiving insufficient due diligence.
4. Enhanced Due Diligence Remains a Significant Concern
One of the most notable findings relates to Enhanced Customer Due Diligence (ECDD).
The RA found that firms frequently rely on customer-provided declarations when assessing Source of Wealth (SoW) and Source of Funds (SoF), without obtaining independent verification or supporting evidence. In many cases, documentation failed to demonstrate how a customer accumulated wealth over time.
The assessments also identified inconsistent application of senior management approval for higher-risk customer relationships.
5. Annual AML Reviews Are Being Treated as Compliance Exercises
The RA noted that annual AML/TFS framework reviews are often conducted as procedural exercises rather than meaningful assessments of control effectiveness.
In addition, review outcomes are not always formally escalated to senior management, limiting the firm’s ability to identify weaknesses and implement effective remediation measures.
Regulatory Expectations and Good Practices
The Registration Authority has outlined several areas where firms should strengthen their frameworks:
Area | Good Practice Expected |
|---|---|
Business Risk Assessments | Assess ML and TFS risks separately and evaluate control effectiveness. |
Customer Risk Assessments | Apply structured risk-rating methodologies and update assessments regularly. |
Enhanced Due Diligence | Use reliable independent sources to verify customer information and high-risk profiles. |
Governance | Conduct evidence-based testing of AML controls through internal audit or independent reviews. |
Why It Matters
The findings provide a clear indication of the Registration Authority’s supervisory priorities for the DNFBP sector.
The message from the regulator is that AML/TFS compliance will increasingly be assessed based on operational effectiveness rather than the existence of policies alone. Areas such as risk assessment methodologies, verification of Source of Wealth and Source of Funds, sanctions risk management, and senior management oversight are likely to remain key areas of regulatory focus.
For DNFBPs operating in ADGM, this publication serves as a practical checklist for reviewing existing AML/TFS frameworks and identifying potential weaknesses before they become regulatory findings.
The Riffle Takeaway
The ADGM RA’s findings highlight a growing regulatory focus on the effectiveness of AML/TFS controls rather than their existence. DNFBPs should use these observations as a benchmark to test their own risk assessments, due diligence processes, and governance frameworks before the regulator does.
