Got a MoET Letter of Concern? Your 30-Day Action Plan for AML Compliance Recovery

What Is the MoET Letter of Concern for DNFBPs Then?

MoET Letters of Concern issued to Designated Non-Financial Businesses and Professions (DNFBPs) include real estate brokers, law firms, accounting professionals, and Corporate Service Providers (CSPs).

The document shall be issued by the MoET after a review has been done, either through a desk or field audit, where there are major deficiencies in relation to the DNFBP’s compliance with the AML/CFT/PF regulations.

There will be a penalty through the imposition of administrative fines between AED 50,000 to AED 5,000,000, as provided for under the Cabinet Resolution No. 71 of 2024. The fines can also be doubled in the event of non-compliance.

Regulatory Framework: Your Response Must Be Based On

Your action plan and updated compliance manual should be grounded in the existing UAE legislation. The discussion of any obsolete laws will clearly illustrate that there is a lack. The relevant laws include the following:

Decree Law No. 10 of 2025: The main law that governs the regulations concerning money laundering, financing terrorism, and proliferation financing. 

Resolution Number 71 of 2024: Violations Schedule and Administrative Penalties of DNFBPs.

Cabinet Resolution No. 74 of 2020: Covers local terrorist lists and UNSCR.

Circulars and guidelines published by MoET and EOCN: All issued circulars and guidance regarding the laws and decisions listed above issued by the Ministry of Economy and the Executive Office for Control and Non-Proliferation.

Three Regulatory Changes Behind Increased Enforcement Activity

1. A New Framework: Federal Decree-Law No. 10 of 2025. 

The Federal Decree-Law No. 10 of 2025 officially repealed the Federal Decree-Law No. 20 of 2018, empowering MoET to supervise more effectively and with much sharper guidelines for assessing DNFBPs. Any DNFBP that still relies on the provisions of the 2018 Decree-Law is considered noncompliant.

2. Protecting the reputation of the UAE, which was recently put on the FATF Grey List.

Finally, on February 2024, FATF took the UAE off the Grey List, which was a great honor and recognition of the state’s achievements in terms of its reputation within the global financial market. However, by doing this, it gave an unofficial obligation: to prove that it wasn’t just a one-time achievement.

In order to comply with this demand, MoET doubled the inspection process, making the auditor’s job even more difficult.

3. Financing for proliferation becomes a non-negotiable pillar.

And this, in turn, is the unexpected change for many companies, which still perceive compliance solely as “AML” and “CFT”. But today, when applying for any license in the UAE, you should provide AML/CFT/CPF compliance: the new third pillar of your work is Proliferation Financing (PF).

Reasons Why DNFBPs Receive Letters of Concern from the MoET

By studying the off-site reports conducted by the Ministry of Economy, we can see the common reasons why DNFBPs receive letters:

• Old legislation in manuals, which mentions the law issued in 2018, is automatically considered a deficiency in the current regulatory environment.
• Generic/manual, the policy has to be designed specifically for your industry.
• Where there is either no MLRO or an unqualified MLRO, then appointment of Money Laundering Reporting Officer is a mandate; lack of such is taken as a very serious infringement.
• Insufficient sanction screenings. Screening of staff names against the UN Consolidated List and the UAE Local Terrorist List through the EOCN portal on a daily basis is mandatory.
• Non-compliance with GoAML registration and filing of STR. This includes having an active GoAML registration, identifying relevant red flags, and filing STRs as required.
• There is no evidence of training. During inspections, failure to produce documentation proving the training of personnel on TFS results in non-compliance.
• There are no proliferation financing controls. Failure to put up PF control measures in the manual is illegal and constitutes one of the leading grounds for Letters of Concern issued to DNFBPs in 2025 and 2026.

Penalty Scheme: Here’s What Could Be Taken From You

The Cabinet Resolution No. 71 of 2024 established the concept of objective liability for companies. This is when it is not the compliance officer who takes care of compliance, but all company executives.

In the case of systems’ failure, personal liability for directors and senior management may follow.

Attention: Disregarding a letter of concern issued by MoET is a serious mistake – it transforms an easily resolvable warning into escalating liabilities for your business and personal reputation. All administrative penalties automatically double upon breach resolution.

How to Address Your Letter of Concern in 30 Days

Step 1 – Categorize the weaknesses.

Identify the weaknesses in line with those related to the structure (old manual, lack of PF controls), and those associated with the process (incomplete goAML report, lack of training log).

Step 2 – Send a commitment letter.

A commitment letter signed by management needs to be sent, recognizing the identified weaknesses and steps to be taken to address them. A commitment letter needs to be sent immediately in order to show the willingness of the business to address the weaknesses in front of the MoET.

Step 3 – Update your policy.

Amend the relevant policies on AML/CFT/CPF based on the Federal Decree-Laws No. 10 of 2025 and No. 134 of 2025. Make sure the above-mentioned document comprises the required PF control mechanisms as per the law.

Step 4 – Update your goAML profile.

Go online to the FIU portal and make sure that the information about your business is up-to-date. File your pending suspicious transaction reports.

Step 5 – Send supporting documents.

Send supporting documents via MoET’s website within 30 days.

Not sure where to start? Our expert team has helped businesses across the UAE navigate MoET Letters of Concern from day one to resolution. Contact us today for a consultation.

FAQs

   1) Can the 30-day deadline be extended?

   No. MoET treats this as a statutory window for corrective action. Missing it shifts the Ministry’s posture from notification to active penalty imposition.

   2) Can a business owner serve as both director and MLRO?

   In very small firms, this is technically permitted, but the compliance role must remain functionally independent from revenue-generating activities. You must also be able to demonstrate that the MLRO has the authority to challenge management decisions.

   3) Are small businesses also subject to MoET audits?

   Yes. MoET supervises all DNFBPs regardless of size or turnover. Regulatory scrutiny is risk-based, not revenue-based; even a one-person agency can receive a Letter of Concern.

   4) Do record-keeping obligations survive company dissolution?

   Yes. Even after a business closes, the law requires compliance records to be maintained for at least five years. Law enforcement must retain the ability to access those records post-dissolution.

   5) Does Proliferation Financing only apply to companies handling chemicals or weapons?

   No, this is a widespread misconception. Under the 2025 legislation, every DNFBP must embed PF controls in its compliance manual to prevent funds from reaching weapons of mass destruction programs. Sector type is irrelevant.

Don’t Leave Your License to Chance

The 30-day window is strict, not advisory. If you’ve received a MoET Letter of Concern, act now, not on day 29. A professional compliance review can identify and resolve deficiencies before they escalate into administrative penalties.

Disclaimer: poa.ae is a registered trademark and an online portal. It is NOT a notary office or a law firm. Any reference to potential legal services or notary services is outsourced to lawyers, law firms, or notaries licensed to practice in an appropriate jurisdiction. Your access to the website and use of our services is subject to our Terms and Conditions, Cookie Policy, and Privacy Policy.