The Riffle
The UAE has issued a unified framework clarifying the role of the Compliance Officer (CO) and Money Laundering Reporting Officer (MLRO), positioning them as the cornerstone of any effective AML/CFT/CPF framework. The guidance harmonises expectations across regulators and reinforces accountability, independence, and governance standards across financial institutions, DNFBPs, and VASPs.
Key Highlights
1. Mandatory Appointment of a Fit & Proper Officer
All in-scope entities must appoint a CO/MLRO who demonstrates integrity, relevant expertise, and a strong professional track record in AML/CFT/CPF.
2. Seniority and Independence Are Non-Negotiable
The CO/MLRO must operate at a management level, with direct access to the Board and the ability to act independently without business pressure or conflicts of interest.
3. The Role Cannot Be Outsourced
While certain tasks may be outsourced with regulatory approval, the CO/MLRO function itself must remain in-house and fully accountable.
4. Board-Level Responsibility for Resources
Boards are explicitly responsible for ensuring the CO/MLRO has sufficient staffing, systems (including transaction monitoring and sanctions screening), and access to timely data.
5. Clearly Defined Core Responsibilities
The CO/MLRO’s role spans:
Transaction monitoring and alert handling
SAR/STR assessment and reporting to the FIU
AML policy development and updates
Enterprise-wide risk assessments
Sanctions compliance implementation
Oversight of customer due diligence (CDD)
Staff training and awareness
Regulatory liaison and reporting
Record-keeping obligations (minimum 5 years)
Why This Matters
This guidance marks a shift from form-based compliance to function-based accountability. Regulators are focusing not just on whether a role exists, but whether it is effective, empowered, and properly resourced.
It also reinforces a clear message:
The CO/MLRO is not a symbolic role
Independence and seniority are critical to regulatory confidence
Boards are directly accountable for compliance effectiveness
For firms operating across DIFC, ADGM, VARA, and mainland UAE, this creates a consistent expectation baseline—reducing ambiguity but increasing scrutiny.
Common Gaps Identified by Regulators
Supervisory reviews have highlighted recurring weaknesses:
Over-reliance on offshore or group compliance teams
Insufficient seniority or Board access
Lack of UAE-specific regulatory expertise
Weak oversight of CDD and remediation processes
Limited involvement in transaction monitoring system design
Global Context
The framework aligns with evolving Financial Action Task Force standards, particularly around risk-based supervision and cross-border transparency. UAE regulators are actively embedding these global expectations into local compliance structures.
What Firms Should Do Next
Reassess whether the current CO/MLRO meets the “fit and proper” threshold
Review reporting lines and ensure direct Board access
Evaluate independence from commercial functions
Strengthen documentation of AML frameworks and decision-making
Ensure adequate resourcing—both human and technological
Conclusion
The UAE’s latest guidance elevates the CO/MLRO role from a regulatory requirement to a central governance function. Firms that treat compliance as a strategic pillar—rather than a control checkbox—will be better positioned to meet regulatory expectations and build long-term resilience.
