What are the AML record-keeping requirements for auditors and accountants in the UAE?
Under Article 19 of Federal Decree-Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025, auditors and accountants in the UAE classified as DNFBPs must retain all AML-related records for a minimum of five years. This retention period begins from the date of completion of a transaction or the end of a business relationship, whichever is later.
The records that must be retained include: customer identification and verification documents collected during CDD; the results of enhanced due diligence where applied; business correspondence and transactional records; internal and external STRs filed via goAML; the firm’s risk assessment study and its updates; and records of AML training delivered to staff.
Records must be kept in a format that allows them to be retrieved promptly and made available to the supervisory authority or law enforcement upon request. Digital formats are permissible, provided they are secure and accessible. Accountants must not destroy records within the five-year retention window even if the client relationship has ended.
The Supplemental Guidance for Auditors emphasises that robust record-keeping is one of the most operationally critical obligations, as it enables competent authorities to reconstruct the paper trail of business relationships and trace the true beneficial ownership and movement of assets.
Legal Reference (UAE):
- Federal Decree-Law No. 10 of 2025, Article 19 Five-year record retention obligation for all DNFBPs
- Cabinet Resolution No. 134 of 2025, Executive Regulations specifying minimum record-keeping standards
For more details, consult the full text of Federal Decree-Law No. 10 of 2025 or seek guidance from your AML compliance officer.
AML Compliance Requirements for Auditors and Accountants in the UAE