AML/CFT Policy, Procedures, and Control Documentation
An AML/CFT policy, procedures and control documentation manual is the formal, board-approved framework that sets out how your organisation prevents, detects and reports money laundering, terrorist financing and proliferation financing.
It translates your legal obligations into written policies, day-to-day procedures and testable controls and keeps them current as the law changes. NIYEAHMA builds and maintains that manual around your business model, customer risk profile, delivery channels, and operating jurisdictions, so it holds up under inspection, audit, and review. Our documentation includes:
A clear framework
a detailed AML/CFT manual covering all essential policies, controls and procedures for full legal compliance.
Protection against financial crime
documentation that helps your business prevent money laundering, terrorist financing and proliferation financing.
Regularly updated
we keep your AML programme aligned with the latest regulatory changes to ensure continuous compliance.
Who Needs AML/CFT Policy & Procedures Documentation?
Written, board-approved AML/CFT policies and procedures are a statutory requirement across most regulated sectors. Our documentation service is built for:
/ Financial institutions
banks, payment and e-money firms, exchanges, lenders, and insurers that require board-approved AML/CFT policy suites.
/ DNFBPs
real estate, dealers in precious metals and stones, accountants and auditors, legal professionals, and corporate and trust service providers.
/ VASPs and fintechs
virtual asset service providers and fintechs building compliance frameworks for licensing.
/ RegTechs
firms producing template policy documentation for client deployment.
/ Non-profit organisations
NPOs that fall within the scope of AML/CFT obligations in their jurisdiction.
Key Components of Our AML/CFT Programme Manual.
AML Policy Documentation That Works in Practice.
Our AML policy documentation service is designed for organisations that want clarity, consistency and defensibility. We translate regulatory obligations into structured AML programmes supported by:
As a global AML consultancy, we ensure that every AML/CFT policy and procedure we develop is tailored to your business model, customer risk profile, delivery channels, and operating jurisdictions.
Clear governance and accountability.
Practical procedures your teams can actually follow.
Control frameworks that regulators can test.
Documentation that stands up during inspections, audits and reviews.
The Regulatory Frameworks We Align With.
We align your AML policy manuals and control documentation with the legislation, regulations and supervisory expectations that actually govern your business. For each jurisdiction below, we identify the governing law, the entities in scope, the supervisory authorities you answer to, and how Niyeahma helps you build documentation that holds up in front of them.
Federal Decree-Law No. 10 of 2025 on Combating Money Laundering, the Financing of Terrorism and the Financing of Proliferation, in force 14 October 2025, repealing and replacing Federal Decree-Law No. 20 of 2018.
Cabinet Resolution No. 134 of 2025 (Executive Regulations, effective 14 December 2025); Cabinet Decision No. 74 of 2020 (targeted financial sanctions); Federal Law No. 7 of 2014 on Combating Terrorism Crimes; and the free-zone rulebooks of the ADGM (FSRA) and DIFC (DFSA). Evolving 2025–26 expectations now expressly cover proliferation financing (CPF) and tax evasion as predicate offences, bring virtual assets and VASPs in scope, expand the DNFBP definition to commercial-gaming operators, introduce an objective (“knew or ought to have known”) knowledge test, and require 10-year record-keeping and stricter beneficial-ownership verification.
Financial institutions; DNFBPs (real estate, dealers in precious metals & stones, auditors/accountants, legal professionals, corporate & trust service providers, and now commercial-gaming operators); virtual asset service providers (VASPs); and non-profit organisations.
Central Bank of the UAE (CBUAE) for FIs; Ministry of Economy and Tourism for most DNFBPs; Ministry of Justice for the legal profession; Capital Market Authority; VARA for Dubai VASPs; ADGM FSRA and DIFC DFSA in the financial free zones. The UAE Financial Intelligence Unit (FIU) receives STRs.
We build and align your AML/CFT/CPF policy manual and controls to FDL No. 10 of 2025 and Cabinet Resolution No. 134 of 2025 covering the new PF and tax-evasion offences, VASP and gaming scope, the objective-knowledge standard, 10-year retention and beneficial-ownership rules mapped to your specific supervisor (CBUAE, MoET, MoJ, CMA, VARA, DIFC or ADGM).
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLRs 2017”), as amended most recently by the Money Laundering and Terrorist Financing (Amendment and Miscellaneous Provisions) Regulations 2025.
Proceeds of Crime Act 2002 (POCA); Terrorism Act 2000; Financial Services and Markets Act 2000 and 2023; the OPBAS Regulations 2017. Regulations 18 and 18A require documented money-laundering, terrorist-financing and proliferation-financing risk assessments. A 2025 reform programme will make the FCA the single professional-services AML supervisor.
Credit and financial institutions, money-service businesses, registered cryptoasset firms, high-value dealers, art-market participants, casinos, estate & letting agents, accountants, auditors, tax advisers, legal professionals and trust or company service providers.
FCA (financial institutions and cryptoasset firms); HMRC (MSBs, high-value dealers, art market, estate agents and TCSPs/accountants not otherwise supervised); 20-plus Professional Body Supervisors (e.g. the SRA and ICAEW) overseen by OPBAS; the Gambling Commission for casinos. The National Crime Agency is the UK FIU and runs the SARs regime.
We draft and align your manual to the Regulation 18/18A risk assessment, Regulation 19 policies and controls, the CDD/EDD obligations (Regulations 27–35), reporting duties and the five-year record-keeping rule confirming the correct supervisor and the FCA single-supervisor transition.
Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), as amended by the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Act No. 110 of 2024, assented 10 December 2024).
The AML/CTF Rules 2025 (replacing the 2007 Rules). Commencement dates: existing reporting entities and VASPs from 31 March 2026; “Tranche 2” entities from 1 July 2026; AUSTRAC enrolment due by 29 July 2026. The reforms add proliferation-financing obligations, a “reporting group” model, value-transfer (IVTS) reporting and seven-year record-keeping.
Existing reporting entities (banks and other FIs, remittance providers, casinos and gambling services, digital-currency exchanges/VASPs) and Tranche 2 entities (lawyers, accountants, conveyancers, real-estate professionals, trust & company service providers, and dealers in precious metals & stones).
AUSTRAC: both the AML/CTF regulator and Australia's financial intelligence unit. Civil penalties reach up to A$31.3 million per contravention for a body corporate.
We build your AML/CTF programme to the 2025 Rules, board and senior-management governance, customer-due-diligence procedures, SMR/TTR/IVTS reporting and AUSTRAC enrolment so newly regulated Tranche 2 firms are documented and ready before the deadline.
Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992 (“CDSA”), the cornerstone money-laundering statute.
Terrorism (Suppression of Financing) Act 2002 (TSOFA); the Anti-Money Laundering and Other Matters Act 2024 (phased commencement from 14 November 2024); and the MAS Notices that bind each financial sector (e.g. MAS Notice 626 for banks) together with their accompanying Guidelines. Records must be kept for at least five years.
MAS-regulated financial institutions, banks, capital-markets intermediaries, insurers and payment-service / digital-payment-token (DPT) providers, and designated non-financial businesses such as corporate service providers.
The Monetary Authority of Singapore (MAS) is the integrated supervisor of financial institutions. Suspicious transaction reports are filed with the Suspicious Transaction Reporting Office (STRO); investigations are led by the Singapore Police Force, CPIB and the Central Narcotics Bureau.
We document your policies to the MAS Notice and Guidelines for your sector, CDD/EDD, PEP handling, ongoing monitoring, STRO reporting and record-keeping, and to the CDSA and TSOFA reporting duties, calibrated to MAS's “effectiveness over paper” supervisory stance.
The Prevention of Money Laundering Act, 2002 (“PMLA”) and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005.
RBI Master Direction on KYC; SEBI AML/CFT Guidelines; IRDAI AML/CFT Guidelines; the IFSCA (Anti Money Laundering, Counter-Terrorist Financing and Know Your Customer) Guidelines, 2022 as amended on February 26th 2026 for GIFT-City IFSC units; and FIU-IND's AML/CFT Guidelines for virtual-digital-asset service providers. Records are kept for five years.
Banking companies, financial institutions, intermediaries and “persons carrying on a designated business or profession”, including real-estate agents, dealers in precious metals & stones, virtual-digital-asset service providers and certain professionals (CA, CS and CMA).
The Enforcement Directorate (ED) investigates and prosecutes; the Financial Intelligence Unit-India (FIU-IND) receives CTRs/STRs and imposes penalties; sectoral regulators are the RBI, SEBI and IRDAI; and the IFSCA supervises IFSC/GIFT-City units.
We build your board-approved KYC policy (customer acceptance, risk management, customer identification and transaction monitoring) to the PMLA, the PML Rules and the relevant RBI / SEBI / IRDAI / IFSCA framework, and document your CTR / STR / NTR / cross-border reporting to FIU-IND.
The Anti-Money Laundering Law, issued by Royal Decree No. M/20 (dated 5/2/1439H), and its Implementing Regulations (Presidency of State Security Decision No. 14525). A package of amendments was approved on 17 April 2026.
The Law on Combating Terrorism Crimes and its Financing (Royal Decree No. M/21) and its Implementing Regulations; the AML/CFT rulebooks and guidelines of SAMA and the CMA; and the TAQASIY platform for suspicious-transaction reporting. Records are retained for at least ten years and risk assessments updated at least every two years.
Financial institutions, designated non-financial businesses and professions (DNFBPs) and non-profit organisations.
The Saudi Central Bank (SAMA) supervises banks, exchange houses, payment-service providers and insurers; the Capital Market Authority (CMA) supervises securities firms; sector regulators oversee DNFBPs. The Saudi FIU (General Directorate of Financial Investigations, under the Presidency of State Security) receives STRs; the Permanent Committee for Combating Money Laundering sets national policy.
We document your policies and procedures to the AML Law, its Implementing Regulations and the SAMA/CMA guidelines, the risk-based approach, STR filing through TAQASIY, source-of-funds and source-of-wealth checks, beneficial ownership and the ten-year retention rule.
The Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615) (“AMLO”) in force since 1 April 2012, amended in 2018 (TCSPs and dealers in precious metals & stones) and in 2022 to add a VASP licensing regime effective 1 June 2023.
The Organized and Serious Crimes Ordinance (Cap. 455); the Drug Trafficking (Recovery of Proceeds) Ordinance (Cap. 405); the United Nations (Anti-Terrorism Measures) Ordinance (Cap. 575); the United Nations Sanctions Ordinance (Cap. 537); and each regulator's AML/CFT Guideline. Records are kept for at least five years.
Financial institutions (authorized institutions/banks, stored-value-facility licensees, insurers, licensed corporations and money-service operators), virtual asset service providers, and DNFBPs (legal and accounting professionals, estate agents, TCSPs and dealers in precious metals & stones).
HKMA (banks/AIs); SFC (licensed corporations and licensed VASPs); the Insurance Authority (insurers); the Customs & Excise Department (money-service operators and DPMS); and the Law Society, HKICPA, Estate Agents Authority and Companies Registry for the respective DNFBPs. STRs are filed with the Joint Financial Intelligence Unit (JFIU).
We document your CDD, ongoing-monitoring, internal-control and record-keeping framework to AMLO and the applicable regulator's Guideline, including VASP travel-rule obligations and JFIU reporting.
The FATF 40 Recommendations (the “FATF Standards”) and their Interpretive Notes, the global benchmark for AML, CFT and counter-proliferation financing. Recommendation 1 (the risk-based approach) was updated at the February 2025 Plenary to stress proportionality and financial inclusion.
The FATF Methodology and its 11 Immediate Outcomes, used in mutual evaluations (the 5th round began in 2024; procedures were revised in June 2025). Core obligations flow from R.10 (CDD), R.11 (five-year record-keeping), R.12 (PEPs), R.15 (VASPs) and R.16 (the Travel Rule).
The Recommendations are not law in themselves; they take effect through each country's legislation. In practice they bind banks, financial institutions, VASPs, MSBs and DNFBPs via national rules, with greylisting and blacklisting creating powerful pressure on jurisdictions to comply.
FATF and FATF-style regional bodies (e.g. MENAFATF and the APG) assess countries through mutual evaluations; the IMF and World Bank also assess against the FATF methodology.
We benchmark and structure your documentation to the FATF Standards so it stays defensible across borders the risk-based approach, CDD/EDD, beneficial ownership, PEPs, sanctions and TFS, the travel rule, and proportionate, well-evidenced controls.
From Gap Analysis to Ongoing Support.
Gap Analysis & Framework Design
We get to know your business, ML/TF/PF risks, existing policies and procedures, regulatory framework, and the findings of the National Risk Assessment (NRA) and Sectoral Risk Assessment (SRA), then perform a gap analysis and design an all-encompassing framework to help you fight financial crime.
Documentation of AML/CFT Policies
Complete guides for uninterrupted implementation. Our AML policy documentation is clear, detailed and ready to roll out, giving your team a straightforward route to consistent compliance.
Staff Training & Role Alignment
Confident teams that know their responsibilities. Our training brings everyone onto the same page, so each person understands their role and how to keep your business protected.
Ongoing Support & Updates
Always compliant with the latest regulations. No more scrambling when the law changes, we keep you informed and aligned, while you focus on growing your business.
AML/CFT Policy Documentation: FAQ.
A complete manual covering your enterprise-wide ML/TF/PF risk assessment, customer due diligence and ongoing-monitoring procedures, KYC and sanctions/TFS screening rules, suspicious-transaction reporting, governance and record-keeping, and clearly defined roles and responsibilities, all tailored to your business and operating jurisdictions.
Financial institutions, DNFBPs (real estate, dealers in precious metals and stones, accountants, lawyers, and corporate and trust service providers), virtual asset service providers, fintechs and RegTechs, and non-profit organisations that fall within the scope of AML/CFT law in their jurisdiction.
In most regulated sectors, yes. Written, board-approved AML/CFT policies and procedures are a statutory obligation, and supervisors expect them to be documented, kept current and made accessible to compliance staff, independent auditors and the regulator.
We align documentation with the UAE, UK, Australia, Singapore, India, Saudi Arabia and Hong Kong frameworks, and with the FATF Recommendations as the global baseline; see “The Regulatory Frameworks We Align With” above.
Our ongoing support keeps your policies aligned with new legislation, regulations and supervisory guidance, for example, the UAE's Federal Decree-Law No. 10 of 2025 or Australia's Tranche 2 reforms, so your manual stays inspection-ready without a scramble.
Yes. Beyond documentation, we provide gap analysis and framework design, staff training and role alignment, and ongoing support and updates, so the policy works in practice, not just on paper.
Let's Tame Those Risks Together.
Keep your business safe and sound with AML/CFT policy, procedures and control documentation built around your jurisdictions, and ready for the regulator.