Skip to content
Home/Services/AML/CFT Policy & Documentation
Service Overview

AML/CFT Policy, Procedures, and Control Documentation

Your Compliance Compass
Cross AML/CFT challenges with precision.

An AML/CFT policy, procedures and control documentation manual is the formal, board-approved framework that sets out how your organisation prevents, detects and reports money laundering, terrorist financing and proliferation financing.

It translates your legal obligations into written policies, day-to-day procedures and testable controls and keeps them current as the law changes. NIYEAHMA builds and maintains that manual around your business model, customer risk profile, delivery channels, and operating jurisdictions, so it holds up under inspection, audit, and review. Our documentation includes:

A clear framework

a detailed AML/CFT manual covering all essential policies, controls and procedures for full legal compliance.

Protection against financial crime

documentation that helps your business prevent money laundering, terrorist financing and proliferation financing.

Regularly updated

we keep your AML programme aligned with the latest regulatory changes to ensure continuous compliance.

Who It's For

Who Needs AML/CFT Policy & Procedures Documentation?

Written, board-approved AML/CFT policies and procedures are a statutory requirement across most regulated sectors. Our documentation service is built for:

/ Financial institutions

banks, payment and e-money firms, exchanges, lenders, and insurers that require board-approved AML/CFT policy suites.

/ DNFBPs

real estate, dealers in precious metals and stones, accountants and auditors, legal professionals, and corporate and trust service providers.

/ VASPs and fintechs

virtual asset service providers and fintechs building compliance frameworks for licensing.

/ RegTechs

firms producing template policy documentation for client deployment.

/ Non-profit organisations

NPOs that fall within the scope of AML/CFT obligations in their jurisdiction.

What's Inside

Key Components of Our AML/CFT Programme Manual.

Policy Area What We Deliver Outcome
ML/FT Risk Assessment
An enterprise-wide ML/TF/PF risk assessment tailored to your business, customers, products, delivery channels and jurisdictions.
Clear insight into where your real vulnerabilities sit.
Customer Onboarding & Monitoring
Customer due diligence procedures and procedures for ongoing reviews and transaction monitoring.
No room for dubious customers or transactions.
Policy, Procedures & Controls
Defined rules for KYC, transactions, sanctions compliance, regulatory reporting, governance and monitoring.
Watertight AML/CFT compliance.
Team Roles & Responsibilities
Role clarity and accountability measures across the compliance function.
A cohesive, AML/CFT compliance-driven workforce.
Built for the Real World

AML Policy Documentation That Works in Practice.

Our AML policy documentation service is designed for organisations that want clarity, consistency and defensibility. We translate regulatory obligations into structured AML programmes supported by:

As a global AML consultancy, we ensure that every AML/CFT policy and procedure we develop is tailored to your business model, customer risk profile, delivery channels, and operating jurisdictions.

/

Clear governance and accountability.

/

Practical procedures your teams can actually follow.

/

Control frameworks that regulators can test.

/

Documentation that stands up during inspections, audits and reviews.

Global Precision, Not Global Generalism

The Regulatory Frameworks We Align With.

We align your AML policy manuals and control documentation with the legislation, regulations and supervisory expectations that actually govern your business. For each jurisdiction below, we identify the governing law, the entities in scope, the supervisory authorities you answer to, and how Niyeahma helps you build documentation that holds up in front of them.

Primary legislation

Federal Decree-Law No. 10 of 2025 on Combating Money Laundering, the Financing of Terrorism and the Financing of Proliferation, in force 14 October 2025, repealing and replacing Federal Decree-Law No. 20 of 2018.

Supporting & related law

Cabinet Resolution No. 134 of 2025 (Executive Regulations, effective 14 December 2025); Cabinet Decision No. 74 of 2020 (targeted financial sanctions); Federal Law No. 7 of 2014 on Combating Terrorism Crimes; and the free-zone rulebooks of the ADGM (FSRA) and DIFC (DFSA). Evolving 2025–26 expectations now expressly cover proliferation financing (CPF) and tax evasion as predicate offences, bring virtual assets and VASPs in scope, expand the DNFBP definition to commercial-gaming operators, introduce an objective (“knew or ought to have known”) knowledge test, and require 10-year record-keeping and stricter beneficial-ownership verification.

Who it applies to

Financial institutions; DNFBPs (real estate, dealers in precious metals & stones, auditors/accountants, legal professionals, corporate & trust service providers, and now commercial-gaming operators); virtual asset service providers (VASPs); and non-profit organisations.

Supervisory authorities

Central Bank of the UAE (CBUAE) for FIs; Ministry of Economy and Tourism for most DNFBPs; Ministry of Justice for the legal profession; Capital Market Authority; VARA for Dubai VASPs; ADGM FSRA and DIFC DFSA in the financial free zones. The UAE Financial Intelligence Unit (FIU) receives STRs.

How Niyeahma helps

We build and align your AML/CFT/CPF policy manual and controls to FDL No. 10 of 2025 and Cabinet Resolution No. 134 of 2025 covering the new PF and tax-evasion offences, VASP and gaming scope, the objective-knowledge standard, 10-year retention and beneficial-ownership rules mapped to your specific supervisor (CBUAE, MoET, MoJ, CMA, VARA, DIFC or ADGM).

Primary legislation

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLRs 2017”), as amended most recently by the Money Laundering and Terrorist Financing (Amendment and Miscellaneous Provisions) Regulations 2025.

Supporting & related law

Proceeds of Crime Act 2002 (POCA); Terrorism Act 2000; Financial Services and Markets Act 2000 and 2023; the OPBAS Regulations 2017. Regulations 18 and 18A require documented money-laundering, terrorist-financing and proliferation-financing risk assessments. A 2025 reform programme will make the FCA the single professional-services AML supervisor.

Who it applies to

Credit and financial institutions, money-service businesses, registered cryptoasset firms, high-value dealers, art-market participants, casinos, estate & letting agents, accountants, auditors, tax advisers, legal professionals and trust or company service providers.

Supervisory authorities

FCA (financial institutions and cryptoasset firms); HMRC (MSBs, high-value dealers, art market, estate agents and TCSPs/accountants not otherwise supervised); 20-plus Professional Body Supervisors (e.g. the SRA and ICAEW) overseen by OPBAS; the Gambling Commission for casinos. The National Crime Agency is the UK FIU and runs the SARs regime.

How Niyeahma helps

We draft and align your manual to the Regulation 18/18A risk assessment, Regulation 19 policies and controls, the CDD/EDD obligations (Regulations 27–35), reporting duties and the five-year record-keeping rule confirming the correct supervisor and the FCA single-supervisor transition.

Primary legislation

Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), as amended by the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Act No. 110 of 2024, assented 10 December 2024).

Supporting & related law

The AML/CTF Rules 2025 (replacing the 2007 Rules). Commencement dates: existing reporting entities and VASPs from 31 March 2026; “Tranche 2” entities from 1 July 2026; AUSTRAC enrolment due by 29 July 2026. The reforms add proliferation-financing obligations, a “reporting group” model, value-transfer (IVTS) reporting and seven-year record-keeping.

Who it applies to

Existing reporting entities (banks and other FIs, remittance providers, casinos and gambling services, digital-currency exchanges/VASPs) and Tranche 2 entities (lawyers, accountants, conveyancers, real-estate professionals, trust & company service providers, and dealers in precious metals & stones).

Supervisory authority

AUSTRAC: both the AML/CTF regulator and Australia's financial intelligence unit. Civil penalties reach up to A$31.3 million per contravention for a body corporate.

How Niyeahma helps

We build your AML/CTF programme to the 2025 Rules, board and senior-management governance, customer-due-diligence procedures, SMR/TTR/IVTS reporting and AUSTRAC enrolment so newly regulated Tranche 2 firms are documented and ready before the deadline.

Primary legislation

Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992 (“CDSA”), the cornerstone money-laundering statute.

Supporting & related law

Terrorism (Suppression of Financing) Act 2002 (TSOFA); the Anti-Money Laundering and Other Matters Act 2024 (phased commencement from 14 November 2024); and the MAS Notices that bind each financial sector (e.g. MAS Notice 626 for banks) together with their accompanying Guidelines. Records must be kept for at least five years.

Who it applies to

MAS-regulated financial institutions, banks, capital-markets intermediaries, insurers and payment-service / digital-payment-token (DPT) providers, and designated non-financial businesses such as corporate service providers.

Supervisory authorities

The Monetary Authority of Singapore (MAS) is the integrated supervisor of financial institutions. Suspicious transaction reports are filed with the Suspicious Transaction Reporting Office (STRO); investigations are led by the Singapore Police Force, CPIB and the Central Narcotics Bureau.

How Niyeahma helps

We document your policies to the MAS Notice and Guidelines for your sector, CDD/EDD, PEP handling, ongoing monitoring, STRO reporting and record-keeping, and to the CDSA and TSOFA reporting duties, calibrated to MAS's “effectiveness over paper” supervisory stance.

Primary legislation

The Prevention of Money Laundering Act, 2002 (“PMLA”) and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005.

Supporting & related law

RBI Master Direction on KYC; SEBI AML/CFT Guidelines; IRDAI AML/CFT Guidelines; the IFSCA (Anti Money Laundering, Counter-Terrorist Financing and Know Your Customer) Guidelines, 2022 as amended on February 26th 2026 for GIFT-City IFSC units; and FIU-IND's AML/CFT Guidelines for virtual-digital-asset service providers. Records are kept for five years.

Who it applies to

Banking companies, financial institutions, intermediaries and “persons carrying on a designated business or profession”, including real-estate agents, dealers in precious metals & stones, virtual-digital-asset service providers and certain professionals (CA, CS and CMA).

Supervisory authorities

The Enforcement Directorate (ED) investigates and prosecutes; the Financial Intelligence Unit-India (FIU-IND) receives CTRs/STRs and imposes penalties; sectoral regulators are the RBI, SEBI and IRDAI; and the IFSCA supervises IFSC/GIFT-City units.

How Niyeahma helps

We build your board-approved KYC policy (customer acceptance, risk management, customer identification and transaction monitoring) to the PMLA, the PML Rules and the relevant RBI / SEBI / IRDAI / IFSCA framework, and document your CTR / STR / NTR / cross-border reporting to FIU-IND.

Primary legislation

The Anti-Money Laundering Law, issued by Royal Decree No. M/20 (dated 5/2/1439H), and its Implementing Regulations (Presidency of State Security Decision No. 14525). A package of amendments was approved on 17 April 2026.

Supporting & related law

The Law on Combating Terrorism Crimes and its Financing (Royal Decree No. M/21) and its Implementing Regulations; the AML/CFT rulebooks and guidelines of SAMA and the CMA; and the TAQASIY platform for suspicious-transaction reporting. Records are retained for at least ten years and risk assessments updated at least every two years.

Who it applies to

Financial institutions, designated non-financial businesses and professions (DNFBPs) and non-profit organisations.

Supervisory authorities

The Saudi Central Bank (SAMA) supervises banks, exchange houses, payment-service providers and insurers; the Capital Market Authority (CMA) supervises securities firms; sector regulators oversee DNFBPs. The Saudi FIU (General Directorate of Financial Investigations, under the Presidency of State Security) receives STRs; the Permanent Committee for Combating Money Laundering sets national policy.

How Niyeahma helps

We document your policies and procedures to the AML Law, its Implementing Regulations and the SAMA/CMA guidelines, the risk-based approach, STR filing through TAQASIY, source-of-funds and source-of-wealth checks, beneficial ownership and the ten-year retention rule.

Primary legislation

The Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615) (“AMLO”) in force since 1 April 2012, amended in 2018 (TCSPs and dealers in precious metals & stones) and in 2022 to add a VASP licensing regime effective 1 June 2023.

Supporting & related law

The Organized and Serious Crimes Ordinance (Cap. 455); the Drug Trafficking (Recovery of Proceeds) Ordinance (Cap. 405); the United Nations (Anti-Terrorism Measures) Ordinance (Cap. 575); the United Nations Sanctions Ordinance (Cap. 537); and each regulator's AML/CFT Guideline. Records are kept for at least five years.

Who it applies to

Financial institutions (authorized institutions/banks, stored-value-facility licensees, insurers, licensed corporations and money-service operators), virtual asset service providers, and DNFBPs (legal and accounting professionals, estate agents, TCSPs and dealers in precious metals & stones).

Supervisory authorities

HKMA (banks/AIs); SFC (licensed corporations and licensed VASPs); the Insurance Authority (insurers); the Customs & Excise Department (money-service operators and DPMS); and the Law Society, HKICPA, Estate Agents Authority and Companies Registry for the respective DNFBPs. STRs are filed with the Joint Financial Intelligence Unit (JFIU).

How Niyeahma helps

We document your CDD, ongoing-monitoring, internal-control and record-keeping framework to AMLO and the applicable regulator's Guideline, including VASP travel-rule obligations and JFIU reporting.

The standard

The FATF 40 Recommendations (the “FATF Standards”) and their Interpretive Notes, the global benchmark for AML, CFT and counter-proliferation financing. Recommendation 1 (the risk-based approach) was updated at the February 2025 Plenary to stress proportionality and financial inclusion.

Supporting framework

The FATF Methodology and its 11 Immediate Outcomes, used in mutual evaluations (the 5th round began in 2024; procedures were revised in June 2025). Core obligations flow from R.10 (CDD), R.11 (five-year record-keeping), R.12 (PEPs), R.15 (VASPs) and R.16 (the Travel Rule).

Who it applies to

The Recommendations are not law in themselves; they take effect through each country's legislation. In practice they bind banks, financial institutions, VASPs, MSBs and DNFBPs via national rules, with greylisting and blacklisting creating powerful pressure on jurisdictions to comply.

Assessment mechanism

FATF and FATF-style regional bodies (e.g. MENAFATF and the APG) assess countries through mutual evaluations; the IMF and World Bank also assess against the FATF methodology.

How Niyeahma helps

We benchmark and structure your documentation to the FATF Standards so it stays defensible across borders the risk-based approach, CDD/EDD, beneficial ownership, PEPs, sanctions and TFS, the travel rule, and proportionate, well-evidenced controls.

How We Deliver Value

From Gap Analysis to Ongoing Support.

01

Gap Analysis & Framework Design

We get to know your business, ML/TF/PF risks, existing policies and procedures, regulatory framework, and the findings of the National Risk Assessment (NRA) and Sectoral Risk Assessment (SRA), then perform a gap analysis and design an all-encompassing framework to help you fight financial crime.

02

Documentation of AML/CFT Policies

Complete guides for uninterrupted implementation. Our AML policy documentation is clear, detailed and ready to roll out, giving your team a straightforward route to consistent compliance.

03

Staff Training & Role Alignment

Confident teams that know their responsibilities. Our training brings everyone onto the same page, so each person understands their role and how to keep your business protected.

04

Ongoing Support & Updates

Always compliant with the latest regulations. No more scrambling when the law changes, we keep you informed and aligned, while you focus on growing your business.

Frequently Asked Questions

AML/CFT Policy Documentation: FAQ.

A complete manual covering your enterprise-wide ML/TF/PF risk assessment, customer due diligence and ongoing-monitoring procedures, KYC and sanctions/TFS screening rules, suspicious-transaction reporting, governance and record-keeping, and clearly defined roles and responsibilities, all tailored to your business and operating jurisdictions.

Financial institutions, DNFBPs (real estate, dealers in precious metals and stones, accountants, lawyers, and corporate and trust service providers), virtual asset service providers, fintechs and RegTechs, and non-profit organisations that fall within the scope of AML/CFT law in their jurisdiction.

In most regulated sectors, yes. Written, board-approved AML/CFT policies and procedures are a statutory obligation, and supervisors expect them to be documented, kept current and made accessible to compliance staff, independent auditors and the regulator.

We align documentation with the UAE, UK, Australia, Singapore, India, Saudi Arabia and Hong Kong frameworks, and with the FATF Recommendations as the global baseline; see “The Regulatory Frameworks We Align With” above.

Our ongoing support keeps your policies aligned with new legislation, regulations and supervisory guidance, for example, the UAE's Federal Decree-Law No. 10 of 2025 or Australia's Tranche 2 reforms, so your manual stays inspection-ready without a scramble.

Yes. Beyond documentation, we provide gap analysis and framework design, staff training and role alignment, and ongoing support and updates, so the policy works in practice, not just on paper.

Get Started

Let's Tame Those Risks Together.

Keep your business safe and sound with AML/CFT policy, procedures and control documentation built around your jurisdictions, and ready for the regulator.