AML UAE Frequently Asked Questions | Push Digits Chartered Accountants

AML UAE Frequently Asked Questions

Home - AML UAE Frequently Asked Questions

If you are unable to recall your password, what steps should you take?

With its conveniently located password recovery button positioned next to the login option, the system for goAML ensures that users can easily access it.

  • To begin the password recovery process, just click on the option “Forgot Password”.
  • To reset your password, simply input your username and email in the designated fields within the password reset window, and then submit the information.

Upon submitting the information, an email will be sent to the email address associated with your account, providing you with access to the designated password reset page within the goAML portal.

After providing all the required information, your password will be updated successfully.

In case of any updates related to your organization’s name, address, licensed activity, or contacts, what is the process to make these changes in goAML?

To make changes to an organization’s details, please adhere to the following steps:

  • First step: To access the FIU’s portal, use the login credentials that were provided during the process of registration.
  • Second step: Once you have successfully logged in, navigate to the “My goAML” menu and select the “My Org Details” option from the list.
  • Third step: Next, you will be required to update key entity information including the institution’s name, incorporation number, acronym, email address, commercial name, website, phone number, business activity, contact person, and address.

Once the request is submitted, the Supervisory Body will carefully review the provided information. Upon approval, the system will automatically send a confirmation email to organization in order to verify the details.

Is there an option to entrust external parties with reporting duties?

Yes! Within the goAML system, organizations that are registered for reporting have the option to entrust an external party with their reporting duties. This means that the organization can decide to assign the responsibility of reporting to a third-party entity of their preference. To ensure a seamless process, it is recommended that the assigned party creates an account within the goAML platform and selects the ‘Register as an Organization’ option before accepting the delegated reporting responsibilities on behalf of the organization. This will help facilitate the smooth transition of reporting duties.

How can reporting responsibilities be assigned to an external party?

To initiate the process, access the portal of goAML. After successful login, navigate to the administrative section and select the “Active Organizations” option from the provided menu. It is important to note that this feature is exclusively accessible to the designated admin user, specifically the MLRO (Money Laundering Reporting Officer) within the organization.

Upon successfully logging in to the goAML platform, users will be taken directly to the Active Organizations page. From there, they need to choose the designated option that enables them to change the currently selected delegating organization. Please keep in mind that before proceeding, the party to whom the delegation is being granted must complete the registration process on the platform of goAML and get approval from the Supervisory Body. For detailed instructions on how to register as a new entity, please refer to the registration guide.

To indicate the preferred delegated party, the user should choose the “Change Delegation” selection available in the extended Registering Organization form.

After the user selects the checkbox for updating the delegation, a dialog box titled “Change Delegation” will appear, and the user should click on “OK.”

In the next step, the user should input the Organization ID of the delegate party into goAML system.

After submitting the request, it is necessary for the Supervisory Body to approve it before the delegation function becomes active.

If there have been any updates or changes to my name, job title, nationality, address, ID number, or occupation, how can I go about updating this information on goAML?

To modify their user information, goAML users can access the My goAML menu and choose the option “My User Details.”

When users expand the window for registering individuals, they will find detailed instructions for completing the form in the goAML Registration Guide. After filling out the form, users are required to submit the request and then wait for approval from either the administrative user (MLRO) within their organization or the Supervisory Body (in the case that the MLRO has already submitted the modifications).

Who has the authority to approve the registration of an organization?

Approvals for the registration of regulated entities, as well as changes to their details or those of their MLRO, will be handled by the respective regulator/Supervisory Body.

How can supplementary information be added to a previously submitted STR/SAR, and what is the procedure for doing so?

If there is a need to include supplementary information for a previously submitted report, the MLRO has the option to submit a corresponding ‘AIF’ or ‘AIFT’ in cases where additional transactions must be reported.

The MLRO must ensure to correctly provide the original report reference number while entering the reference number from the web platform into the designated field for FIU references.

If there are two registration choices available on the website, which one is recommended to use?

During the initial registration process within the goAML system, organizations must select the “Register as an Organization” choice. Subsequently, after receiving approval from the Supervisory Body, the organization can allow individuals within their entity to register on the system as authorized users by choosing the “Register as a Person” choice.

Is it feasible to print a report before submitting it?

Yes! Users are given the option to print their reports before submitting them. To print a report, click on the preview option to access a preview of the report. Subsequently, click on the printer icon that is displayed in the figures below the preview option.

What does the term ‘Message Board’ refer to?

The Message Board of goAML enables effective communication and collaboration between the FIU and goAML users. It fosters two-way interaction and enhances internal communication channels, providing a platform for users to communicate and collaborate efficiently.

The Message Board provides reporting entities with timely notifications regarding the acceptance or rejection of their reports. Additionally, it allows the FIU to request additional information from reporting entities when needed.

Is the ‘Message Board’ accessible to all users within the organization or intended for use by a single user?

The Message Board is not connected to any individual user’s account, but rather, it serves as a collective platform accessible to the entire organization.

How can access rights be configured for users who are affiliated with my organization?

In the goAML system, there are two pre-defined roles: the admin user of the organization (also known as the RE Admin, typically the MLRO) and the users who belong to the same organization (referred to as RE Users). These roles have different access rights configured for different groups of users in the system. The admin user of the reporting entity has the power to assign specific roles to the users within the organization, as demonstrated below:

  • Go to Admin and select User Role Management.
  • Choose the user you wish to assign a role to within your organization and indicate the specific role you want to assign to them.

If the default user permissions do not meet the specific requirements of the organization’s users, the admin user has the option to create a new role by following the provided instructions below:

  • To access Role Management, go to the Admin section and select it.
  • Select the option to create a new role specific to this entity.

Afterwards, the system permits the organization’s administrator to specifically create a new role for their organization. This allows them to define distinct privileges for different types of users within the organization.

When would it be appropriate to choose an Account/Entity /Person?

If the report contains transactions, it is advisable to select an “Account”. However, if the organization lacks any “Account” details, it is recommended to choose a “Person” or an “Entity”.

Examples: If your organization is handling cash deposit transactions, you should select “Bi Party” and indicate the transition from “Person” to “Account”. For cash withdrawal transactions, select “Bi Party” instead, but choose the transition from “Account” to “Person”. Lastly, for remittances, it is best to opt for “Bi Party” and specify the transition from “Account” to “Account”.

Organizations that are not involved in banking or MSBs (Money Services Businesses) might find it more advantageous to utilize a “Person” or an “Entity” rather than an “Account”.

What is the process for submitting a report related to fraud?

When reporting incidents of fraud, organizations can choose either a Suspicious Activity Report or a Suspicious Transaction Report, depending on the nature and particulars of the fraudulent incident being reported. To correctly convey the specific circumstances, identify relevant red flags, and supply detailed information about the incident, it is crucial to select the appropriate category under “Reason for Reporting”.

Once goAML is deployed, how can reporting entities access historical data (prior STR) for viewing?

For organizations that have previously used the STR System, they will be provided with access to a dedicated platform created specifically for searching and reviewing their past Suspicious Transaction Reports (STRs).

Is it still a requirement for reporting entities to have an MPLS connection in order to submit suspicious transaction reports?

CBUAE regulated organizations that need to access the CBSP for Payment Systems still require an MPLS connection. On the other hand, non-regulated organizations can access goAML via a regular internet connection using the “SACM” platform.

Is the MLRO held responsible for the submissions they make?

As per the requirements outlined in Section (7) – Article (20) item (3) of Cabinet Decision No. (10) of 2019, organizations must establish suitable compliance management measures to effectively combat money laundering, terrorism financing, and illegal organizations. This involves the appointment of a compliance officer who will be responsible for fulfilling the specific responsibilities outlined in Section (8) – Article (21).

Is it required to use goAML for submitting responses regarding Search and Freeze Notices received from the FIU?

The primary function of goAML is to act as a dedicated platform solely for submitting suspicious reports, instead of serving as a means for managing responses in regards to Search and Freeze Notices.

How long will the goAML web platform keep the processed reports before deleting them?

The goAML web platform will retain the processed reports for a duration of 5 consecutive calendar days, after which they will be deleted.

How long does the goAML Web retain a draft report in draft mode before it is removed?

After being created, the draft report shall remain in draft mode within the goAML Web for a period of 15 consecutive calendar days before it is deleted.

What is the duration for which the goAML Web retains rejected reports before removing them?

Draft reports are retained for 5 consecutive calendar days. It is recommended to select “Revert” to modify the draft report and submit it again within the 10-day grace period for resubmission. If this grace period is not utilized, the organization will need to submit a completely new report.

How many characters can the “Summary of the Case” field on the web form accommodate?

The “Summary of the Case” field on the web form has a character limit of 4000.

Upon submission of the pre-registration request, the SMS OTP was successfully received but the email OTP was not received?

In case you cannot locate the email OTP in your junk mailbox and think that your entity’s mail servers may have blocked it, please contact your IT team to request that they whitelist the email address for the system. Also, make sure to inform the goAML Support team so that they can arrange to resend the email OTP to you through

As the newly appointed Compliance Officer and Money Laundering Reporting Officer (MLRO) for an existing entity on goAML, what steps should I follow to register myself on the platform?

To complete your registration as a Person, make sure to utilize the identical Org ID. Your registration request will be assessed by the regulator, and you will receive communication regarding its approval or rejection. For detailed instructions on the registration process as a Person, please refer to Section 5.1 of the goAML Registration Guide, Version 2.0.

Now that I have joined a new employer, I need help registering myself as the new Money Laundering Reporting Officer (MLRO) for my current organization?

After deactivating your previous user account by contacting the regulator of your former employer, you can begin creating new profiles tailored for your current employer.

My current mobile number is still associated with my previous employer, which is why I am unable to use it for pre-registering with my current employer?

If you want to create new profiles for your current employer, you’ll need to contact the regulator of your previous employer to deactivate your existing user accounts on the platforms. Once your accounts are deactivated, you can use your information to set up new profiles that are specific to your current employer. The regulator will help you through this process.

When you visit and select the AML Production option, a login form will appear where you need to enter your username and password. However, after filling in the required details and submitting the form, you will be redirected back to the initial login screen. If you cancel this prompt, you’ll see an unauthorized screen?

To fill out the details on the pop-up screen, use the username provided by, and enter the Google Authenticator passcode in the password field.

Having accessed the URL –, I entered my email address, alongside the email and SMS OTPs. Unfortunately, I encountered an error after providing these details?

The validity period for OTPs is 24 hours. If you require a renewal or refresh of your OTPs, kindly get in touch with

The organization ID that I submitted is not being recognized, which is causing the display of the following error message.

To address this matter, please ensure that you complete the registration process as an organization, and not as an individual. Kindly note that the option to “register a person” is only available for selection once the organization registration has been successfully concluded.

In the event of the organization’s license being revoked, as a Supervisory Body, what course of action should I pursue?

To disable the entity’s access to SACM, take the following steps:

  • Sign in to SACM with your Supervisory Body credentials.
  • Find the ‘Approved Requests’ section and enter it.
  • Look for the Entity that requires revocation and select it.
  • Click the ‘Revoke’ option.
  • Send an email to the goAML Support Team at to request the disabling of the entity within the goAML Portal.

What actions should a Supervisory Body take to disable the user accounts of the resigned MLRO on both the goAML and e-services portal (SACM)?

To disable the user’s SACM access, follow these steps:

  • Access SACM using your Supervisory Body credentials.
  • Locate the “Approved Requests” section.
  • Choose the specific individual who requires revocation.
  • Click on the “Revoke” option.
  • Send an email to the goAML Support Team at to request the deactivation of the user’s account within the goAML Portal.

Once you have successfully completed both stages of the registration process, what steps should you take to log in to the goAML platform?

  • To access the login page, please go to the following link:
  • In the navigation menu, locate and select the “Systems” section.
  • From the options available, choose “Production – GOAML Web.”
  • To log in, you need to open the pop-up window and provide the username given by Instead of using a conventional password, you should enter the Google Authenticator Passcode, which acts as the authentication method.
  • After entering the login credentials, you will be redirected to the goAML homepage.
  • On the homepage of goAML, click the “Login” button to proceed.
  • On the login page, enter the username and password that you created during the goAML registration process, click on the “Login” button afterwards.

If you are facing challenges when uploading files within the goAML system, what course of action should you pursue to resolve the problem?

Attachments should meet the following criteria: they should have concise file names without special characters and be within 5MB in size. However, for report attachments, the maximum file size per report should not exceed 20MB.

What should be done if an incorrect mobile number is registered on SACM and you do not receive the SMS OTP?

If you encounter an issue with your current mobile number registered on SACM and fail to receive the SMS OTP, you can rectify the problem by reaching out to the relevant goAML support channel at After that, kindly request the revocation of your existing registration that will enable you to proceed with the mandatory process of updating your mobile number.

If you have recently changed your mobile and no longer have access to the Google Authenticator App, what actions should you take to log in?

To resolve this issue, we suggest installing a new instance of the Google Authenticator App on your new mobile phone. Then, for detailed instructions on how to reconfigure the app, please consult Section 5 of the Pre-Registration Guide. You can access the guide by clicking HERE.

Who is responsible for approving the pre-registration of my organization on SACM and my individual registration on goAML?

Both requests from your organization are approved by your Supervisory Body.

After successfully registering as an individual in goAML using my entity’s Organization ID, my request is currently awaiting approval. Can you please advise me on whom I should contact for further information or updates regarding this matter?

To receive an update on the status of your request, we recommend reaching out to the MLRO who is typically responsible for approving user registrations within your organization. The MLRO oversees the approval process for all users registering under your entity.

No goAML email notifications received. What’s the issue?

If you’re unable to find the email notifications in your junk mailbox, it could be due to your company’s policies and security settings. In such cases, we suggest you contact your IT team and request them to add the email address to the “whitelist”. Furthermore, please inform the support team of goAML about this issue.

I have encountered multiple rejections in my goAML submissions by my Supervisory Body, citing missing required documents. However, I have already uploaded these documents during the request submission. What steps can be taken to resolve this issue?

To successfully upload your documents in goAML, select the files by clicking on the browse button, and then choose to upload them. Following this, a confirmation message will appear, seeking your approval to proceed with the document upload process. In case a confirmation message does not appear, adjust your web browser settings to enable pop-ups. It is essential to complete this step because the system will not upload your documents without your approval.

As the Money Laundering Reporting Officer (MLRO) representing ABC Company, I have registered our organization on goAML. Is it necessary for me to register myself as an individual within the organization to complete the registration process?

Upon registering an organization on goAML, the designated Money Laundering Reporting Officer (MLRO) is automatically registered as well, and there is no requirement for separate registration of the MLRO as an individual. However, if the organization intends to register more users besides the MLRO, then person registration is necessary.

Which specific kinds of entities are obligated to report transactions or activities that have a connection to High Risk Countries (HRC)?

Reporting obligations for transactions or activities linked to High Risk Countries (HRC) extend to financial institutions, both banking and non-banking (FIs), as well as to designated non-financial businesses and professions (DNFBPs).

To what extent is one obligated to submit HRC/HRCA reports, and which transactions are subjected to the three-day holding period?

The obligation to report and hold applies to global transactions carried out via banking or money transfer channels. This encompasses transactions that move through or relate to regions identified by FATF as “High-Risk Jurisdictions subject to a Call for Action.” You can access the full list of these regions here.

Furthermore, this obligation is applicable to any transaction type (regardless of the currency involved or countries participating) where a person is affiliated with a country that falls under the above-mentioned category, based on their citizenship or residency status. In the same way, if any entity that is part of the transaction has connections with such a country due to its location of incorporation, or if a person from that country owns that entity or holds a position of signing authority within it, the same requirement applies.

Is there a minimum threshold for the transaction amount that necessitates compliance with the HRC reporting obligation?

Irrespective of the value of the transaction, it is obligatory to report these transactions to the FIU (Financial Intelligence Unit).

How should reporting entities submit their reports regarding HRC/HRCA? Which channel or method is recommended for this purpose?

Reports should be submitted exclusively via the designated platform, goAML, in accordance with the guidelines outlined in the goAML Web Submission Guide, which can be found on the official website of the UAE FIU.

As a result, the FIU does not accept or take into consideration filings sent via email, physical copies, or through the goAML Message Board as messages.

Reporting entities should make use of the High Risk Country Transaction Report (HRC) to report these transactions, providing thorough and precise information in all applicable areas. However, if complete transaction details cannot be obtained due to certain transaction characteristics, entities need to submit the High Risk Country Activity Report (HRCA) instead. It is important to include details like transaction amounts and account numbers in the specified text field for the HRCA form.

Is it mandatory to file an HRC report for transactions that involve currency exchange and other value-added services, except for payments for utility bills?

Transactions that involve currency exchange within the country or domestic transactions related to value-added services are exempt from the requirement to file an HRC report. However, the reporting obligation still applies to cross-border payments, including bill payments.

Are there particular transaction types that are exempt from the reporting mandate of the HRC obligation?

The requirement to report under the HRC obligation pertains only to transactions involving the transfer of funds across international borders or between countries. As a result, transaction types such as card purchases, domestic cheque transactions, WPS transactions, card payments, and domestic utility payments are not subject to this reporting requirement.

Would trading activities that involve financial instruments such as stocks, foreign exchange (forex), mutual funds, bonds, commodities, cryptocurrencies, and other similar instruments fall under the reporting mandate of the HRC obligation and require reporting?

The reporting obligation for trading transactions under the HRC mandate is applicable exclusively to activities that involve cross-border transactions. However, if the transactions are limited to domestic trade and do not involve any cross-border elements, reporting is not mandatory.

For instance, an individual from a country designated as high-risk engages in stock trading through a stockbroker in the UAE, while initiating the transfer of funds from a location outside the UAE. Alternatively, if they sell their bonds or crypto assets and request the proceeds to be transferred to an account situated outside the UAE, these transactions would fall under the reporting obligation.

How are reporting entities expected to comply with HRC reporting during and after the three-day holding period?

During the three-day holding period, the reporting entity should await instructions or guidance from the FIU regarding the transactions that have been reported. In the meantime, it is advisable for the entity to conduct thorough assessments of the transactions and the parties involved. If no response is received from the FIU within the designated time frame, the reporting entity can make a decision about whether to proceed with the transaction, taking into consideration their diligent evaluations. This ensures that the reporting entity takes responsible action and fulfills their obligations while also being mindful of potential risks and compliance requirements.

What steps should be followed to retrieve a forgotten goAML username?

To verify your identity and retrieve your username, kindly send the required information below to the goAML Support Team at

  1. First and last name as registered on goAML
  2. Registered email address
  3. Emirates ID Number
  4. Passport Number
  5. Date of Birth
  6. Org ID
  7. Nationality

How can I change the Compliance Officer /MLRO /Contact Person for the entity in goAML?

  • Select and designate a new individual for the positions of Compliance Officer /MLRO /Contact Person.
  • Submit an email to the regulatory authority, seeking their approval.
  • To acquire their own login credentials for the goAML network, the newly appointed person must complete the registration process on SACM and obtain authorization from the regulator.
  • The new appointee must register on goAML as an individual, using the same Organization ID.
  • Once the newly appointed person receives approval from the regulator, inform the support team of goAML ( to deactivate the previous MLRO and activate the newly appointed person.
  • Upon the initial login of the new MLRO, they should update the contact person details within the “My ORG” section on goAML, following the provided instructions in Q2.
  • The regulator should grant approval for these modifications on goAML.

What steps should be followed to add additional users within goAML for an existing entity?

  • To gain network access, it is necessary to undertake the registration procedure on the e-services portal (SACM).
  • The SACM pre-registration needs to be approved by the regulator.
  • Once approved, the new user will be provided with a unique username and a security key for SACM.
  • To set up their account, the new user should install the Google Authenticator app on their mobile device and utilize the provided secret key.
  • To access goAML, the new user should log in by entering their assigned username along with the 6-digit authentication PIN generated by the Google Authenticator.
  • It is recommended that the new user registers as an individual utilizing the same Organization ID.
  • According to Section 5 of the goAML Registration Guide, the designated Organization admin user (MLRO) must follow the specified steps to authorize the new user’s request.
Get a quote now
Contact us on WhatsApp