IPR & AML Compliance · AML / CFT Services
Setup of AML Software
Setup of AML Software is the engagement through which PNPC selects, configures, and operationalises the sanctions/PEP screening, transaction-monitoring, and case-management technology that sits underneath a UAE entity's AML/CFT programme required under Federal Decree-Law No.
Chartered Accountants · Dubai · Since 1986
Setup of AML Software is the technical implementation layer of a UAE entity's anti-money laundering and counter-terrorist financing (AML/CFT) compliance function — the sanctions and Politically Exposed Person (PEP) screening tool, the transaction-monitoring system, and the case-management workflow that a Designated Non-Financial Business and Profession (DNFBP) or regulated financial entity uses to actually execute the customer due diligence, ongoing monitoring, and suspicious-activity escalation obligations set out in Federal Decree-Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Cabinet Decision No. 10 of 2019 (as amended). The law itself is technology-neutral — it does not mandate a specific vendor or platform — but it does require that screening and monitoring actually happen, that they happen consistently and at an appropriate frequency, and that the entity can produce evidence of what was screened, when, and with what outcome. For most entities beyond a handful of customers, that evidence trail is not realistically achievable through manual, spreadsheet-based checks; it requires software.
An AML software setup engagement typically covers three connected layers. The first is sanctions and PEP screening — configuring the tool to check customers, beneficial owners, and transaction counterparties against the UN Security Council Consolidated Sanctions List, the UAE Local Terrorist List, and any other lists relevant to the entity's cross-border exposure, both at onboarding and on a recurring basis thereafter, since a name that screens clean today can be listed tomorrow. The second is transaction monitoring — where relevant to the entity's activity (higher transaction volumes, financial institutions, exchange houses, or DNFBPs handling client funds), configuring rules and thresholds that flag activity inconsistent with a customer's expected profile, so unusual patterns surface for review rather than passing unnoticed inside routine volume. The third is case management and audit trail — ensuring that every screening hit, monitoring alert, and its disposition (cleared, escalated, filed as a Suspicious Transaction Report through the FIU's goAML platform) is logged, timestamped, and retrievable, because the record of how an alert was handled is often what a supervisory authority tests most closely.
The practical failure mode PNPC sees most often is not the absence of software — many entities have purchased a screening tool — but misconfiguration that leaves the tool doing far less than the entity believes. A subscription screening against only one list source when the entity's exposure calls for several; screening run once at onboarding with no periodic re-screening scheduled, so a customer sanctioned eighteen months into the relationship is never caught; monitoring thresholds copied from a vendor's generic template that bear no relationship to the entity's actual transaction sizes; or an alert queue that accumulates unreviewed because no one owns triage. Each of these leaves the entity with a screening tool that exists on paper and a written AML policy that claims a monitoring cadence the software is not actually running — precisely the mismatch between documented procedure and operating reality that Ministry of Economy and Central Bank inspections are designed to surface.
Under Federal Decree-Law No. 47 of 2022 on Corporate Tax and the broader Federal Tax Authority compliance landscape, AML software setup is a separate obligation from tax registration and filing, but the underlying discipline is related: both require the entity to maintain systems and records that can be produced to a regulator on request, in the format and timeframe the regulator specifies. PNPC treats AML software setup as inseparable from the policy and risk-assessment work that defines what the software should actually be configured to do — a tool is only as good as the risk methodology behind its settings, and a risk methodology with no operating tool behind it is a document, not a control.
When Setup of AML Software is the right engagement
Your business is a DNFBP or regulated financial entity under UAE AML/CFT law and does not yet have a sanctions/PEP screening tool in place, or is currently relying on manual, ad hoc name checks
You have a screening subscription already but have never had its list sources, screening frequency, and match-handling workflow reviewed against your actual risk assessment and written policy
Your customer or transaction volume has grown to the point where manual review is no longer defensible, and screening or monitoring alerts are accumulating faster than they can be triaged
You are newly licensed in a regulated sector — financial services, a Virtual Asset Service Provider, or a DNFBP category — and need the screening infrastructure built before you can lawfully onboard customers at scale
A Ministry of Economy, Central Bank, DFSA, FSRA, or VARA inspection has flagged that your screening tool's configuration does not match your documented AML/CFT policy or risk assessment
You need transaction-monitoring rules and thresholds calibrated to your actual customer base and transaction sizes rather than a vendor's generic out-of-the-box template
Your existing screening tool only checks at onboarding with no periodic re-screening scheduled, leaving customers who screened clean initially unmonitored against subsequent sanctions-list updates
You need a case-management and audit-trail workflow so that every alert, its investigation, and its disposition (cleared or escalated to an STR/SAR filed through goAML) is logged and retrievable on request
You are evaluating multiple screening or transaction-monitoring vendors and need independent advisory input on selection criteria matched to your transaction volume, budget, and risk profile before committing to a subscription
Where a different engagement may fit better
You do not yet have a documented AML/CFT risk assessment or written policy — configuring screening software before that foundation exists means the tool has nothing calibrated to configure against; a KYC & CDD Advisory engagement to build the policy and risk methodology should come first or alongside
You have not yet confirmed whether your business actually falls within a DNFBP or regulated category under UAE AML law — an applicability assessment should precede any technology purchase
You need standalone goAML portal registration completed with no wider screening or monitoring technology decision in scope — that is a narrower registration engagement
You are looking for PNPC to act as the ongoing designated Compliance Officer or MLRO who reviews and dispositions alerts day to day — PNPC configures and advises on the system; the entity's own empowered Compliance Officer must own live alert triage
You want a specific vendor product guaranteed or endorsed without an independent needs assessment — PNPC advises on selection criteria matched to your risk profile and is not tied to a single vendor
You are seeking a guarantee that a configured tool will catch every future suspicious relationship — no screening or monitoring system eliminates risk; it reduces the chance that a red flag passes unnoticed, and a documented, well-configured system is judged on whether it was reasonably designed and operated, not on a guaranteed outcome
Your requirement is limited to general company incorporation or trade licensing with no AML/CFT compliance dimension currently in scope
You already have a fully configured, independently reviewed screening and monitoring system and simply want ongoing subscription renewal — that is a vendor-management matter, not an implementation engagement
AML software components compared — what each layer actually does
| Component | What It Screens or Monitors | Typical Trigger Point | Who Uses the Output | Left Unconfigured, the Risk Is |
|---|---|---|---|---|
| Sanctions list screening | Customer and beneficial-owner names against the UN Consolidated Sanctions List and UAE Local Terrorist List | Onboarding, plus periodic re-screening on a defined cadence | Compliance Officer / MLRO reviewing hits before onboarding proceeds | A customer who was clean at onboarding but is later listed goes undetected until the next manual check, if any |
| PEP screening | Customers and beneficial owners against Politically Exposed Person reference data, domestic and foreign | Onboarding, plus periodic re-screening | Senior management approving or declining enhanced due diligence onboarding | A PEP relationship is onboarded under standard rather than enhanced due diligence, missing the mandatory extra scrutiny |
| Adverse media / negative news screening | Customers and beneficial owners against publicly reported adverse media relevant to financial crime, fraud, or sanctions evasion | Onboarding, plus periodic re-screening | Compliance Officer assessing whether reported allegations affect the risk rating | Reputationally and legally significant public information about a customer is never surfaced through the formal process |
| Transaction monitoring | Transaction patterns against rules and thresholds calibrated to the customer's expected profile | Continuously, as transactions occur | Compliance Officer triaging generated alerts for investigation | Structuring, rapid movement of funds, or activity inconsistent with the stated business purpose passes unnoticed inside routine volume |
| Case management / audit trail | Every screening hit and monitoring alert, its investigation notes, and its final disposition | Generated automatically whenever a hit or alert occurs | Compliance Officer for day-to-day work; inspectors and auditors for evidence review | The entity cannot produce evidence of how a specific hit was handled, which reads on inspection as if the check never happened |
| goAML integration / escalation workflow | The handoff point where an investigated alert is assessed against the STR/SAR threshold | Whenever an alert investigation concludes suspicion is reasonably founded | Compliance Officer preparing and submitting the report through the FIU's goAML platform | A genuinely suspicious alert sits in the case-management queue without a clear path to filing, delaying the 'without delay' reporting obligation |
Not every entity needs every component at the same intensity — a small corporate service provider's screening needs differ from a financial institution's transaction-monitoring needs. PNPC scopes which components apply, and at what depth, based on the entity's actual risk assessment rather than installing a uniform package regardless of size.
| # | Stage & What PNPC Does | What a Default Vendor Install Misses | Timeline |
|---|---|---|---|
| 1 | Requirements & Risk-Profile Review — confirming what the entity's existing risk assessment and AML policy actually require the software to do | A vendor sales process typically starts from what the product does, not from what your documented risk methodology requires it to screen and how often — we start from the policy, not the product brochure. | Week 1 |
| 2 | Vendor / Tool Selection Support (where no tool exists) — matching screening and monitoring needs to appropriate options by transaction volume, budget, and list-source coverage | Entities frequently select a tool based on price or a peer recommendation without checking whether its list sources and update frequency actually cover their specific exposure (for example, cross-border customers requiring broader sanctions-list coverage than a single-jurisdiction tool provides). | Week 1–2 |
| 3 | List Source & Screening Cadence Configuration — setting which sanctions, PEP, and adverse-media sources are checked, and how often re-screening runs | Default installs commonly screen only at onboarding with no periodic re-screening scheduled — the single most common gap PNPC finds when reviewing an existing tool. | Week 2 |
| 4 | Transaction-Monitoring Rule & Threshold Calibration (where applicable) — setting alert triggers to the entity's actual transaction sizes and customer profile mix | Generic out-of-the-box thresholds either generate an unmanageable volume of false-positive alerts that staff learn to ignore, or are set so high that genuinely unusual activity never triggers a review. | Week 2–3 |
| 5 | Alert-Triage Workflow Design — defining who reviews an alert, within what timeframe, and how the decision (clear, escalate, or file) is recorded | A tool with no defined triage ownership accumulates an unreviewed alert backlog — the alerts exist, but no one is accountable for actioning them. | Week 3 |
| 6 | Case-Management & Documentation Setup — ensuring every hit, investigation note, and disposition is logged, timestamped, and retrievable | Entities that can show a screening hit occurred but cannot show how it was investigated or resolved face the same inspection outcome as if the screening never ran. | Week 3–4 |
| 7 | goAML Escalation Path Integration — defining the handoff from a confirmed suspicious alert to STR/SAR preparation and submission through the FIU's goAML platform | Software and the goAML reporting obligation are frequently treated as unconnected — the alert sits investigated but with no clear procedural bridge to the actual filing. | Week 4 |
| 8 | Staff Training on the Configured System — training the Compliance Officer and front-line staff on how to use the tool as configured, not the vendor's generic manual | Vendor-provided generic training covers the software's features; it does not cover how your specific risk assessment maps onto your specific configuration — staff need both. | Week 4–5 |
| 9 | Test Run & Calibration Review — running a sample of existing or test customer data through the configured system to confirm outputs are sensible before full go-live | Going live without a test pass risks discovering miscalibration (excessive false positives, or worse, missed genuine hits) only after real customer data has already gone unreviewed. | Week 5 |
| 10 | Go-Live and Documentation Close-Out — configuration document, screening/monitoring policy annex, and training records compiled into the AML programme file | A configured tool with no written record of what was configured and why leaves the next reviewer, or an inspector, unable to verify the setup matches the policy without reverse-engineering the settings. | Week 5–6 |
| 11 | Post-Go-Live Support & Periodic Recalibration — reviewing alert volumes, false-positive rates, and list-source currency after the system has been live for a period, and adjusting thresholds | Thresholds set correctly at launch drift out of calibration as transaction volumes and customer mix change; a system never revisited after go-live degrades quietly over time. | Scheduled review at 60–90 days, then periodic thereafter |
Realistic timeline for a full sanctions/PEP screening and transaction-monitoring configuration, from requirements review to a documented, staff-trained go-live: roughly 4–6 weeks, depending on whether a tool already exists (reconfiguration) or needs to be selected and onboarded from scratch, and on the complexity of the entity's transaction-monitoring needs. A screening-only setup for a lower-volume DNFBP can move faster; a full transaction-monitoring build for a financial institution or exchange house typically takes longer.
Current AML/CFT risk assessment and written policy — the software configuration must map to what this document already says the entity does
Existing goAML registration confirmation and Compliance Officer / MLRO designation details
Any prior Ministry of Economy, Central Bank, DFSA, FSRA, or VARA inspection findings relating to screening or monitoring gaps
Current screening/monitoring vendor name, subscription tier, and list of sources it screens against
Screening frequency currently configured (onboarding only, or periodic re-screening, and at what interval)
Sample export of recent alerts and how they were resolved, to assess current triage practice
Administrator access or a designated point of contact who can implement configuration changes
Customer base breakdown — individual versus corporate, resident versus non-resident, and approximate volumes in each category
Typical transaction value ranges and frequency, to calibrate monitoring thresholds realistically
Geographic spread of customers and counterparties, including any exposure to higher-risk jurisdictions
Payment and delivery channel details — cash, bank transfer, third-party payment, or virtual assets — since each affects which monitoring rules are relevant
Name and role of the individual(s) who will own day-to-day alert triage under the configured system
Escalation authority — who approves onboarding a flagged higher-risk customer, and who signs off filing an STR/SAR
Existing staff training records relevant to any current screening tool, if applicable
Indicative budget range for subscription and implementation cost
Any procurement or IT security requirements the entity's own policies impose on new software vendors
Data residency or data protection considerations relevant to where customer screening data will be processed and stored
Business risk assessment and customer-risk methodology
AML/CFT policies, procedures and MLRO appointment records
Sanctions/PEP screening settings and evidence
Staff training logs and board/management approvals
| Phase | Triggered By | PNPC Guidance | Risk If Ignored |
|---|---|---|---|
| Requirements & Selection | New DNFBP licence, growth beyond manual-check capacity, or an existing tool review | Match screening and monitoring needs to the entity's documented risk assessment before evaluating vendor options, rather than starting from a product feature list. | A tool selected on price or convenience alone may not cover the list sources or monitoring depth the entity's actual risk profile requires. |
| Configuration & Calibration | Tool selected, or existing tool flagged for reconfiguration | Set list sources, screening cadence, and monitoring thresholds to reflect the written AML policy and the entity's real transaction profile, not vendor defaults. | Default settings commonly under-screen (onboarding-only checks) or generate unmanageable false-positive volumes that staff learn to ignore. |
| Go-Live & Staff Training | Configuration complete and tested | Train the Compliance Officer and relevant staff on the system as configured, and document attendance and content as evidence. | Untrained staff either misuse the tool or bypass it in practice, leaving the documented procedure disconnected from daily operations. |
| Ongoing Alert Triage | Every screening hit or monitoring alert generated | Alerts reviewed and dispositioned within a defined timeframe by an accountable individual, with the decision and reasoning logged. | An unreviewed alert backlog is functionally identical, on inspection, to having no screening system at all. |
| Suspicious Alert Confirmed | Investigation concludes reasonable grounds for suspicion exist | Escalate promptly to STR/SAR preparation and filing through the FIU's goAML platform, maintaining the no-tipping-off discipline throughout. | A confirmed alert that sits uninvestigated or unfiled is a standalone breach of the 'without delay' reporting obligation under the AML/CFT Law. |
| Periodic Recalibration | 60–90 days post-go-live, then on a recurring cycle or after a material change in business activity | Review alert volumes, false-positive rates, and list-source currency; adjust thresholds and list sources so the system tracks the entity's current profile rather than the profile it had at go-live. | Thresholds set once and never revisited drift out of alignment with actual transaction patterns as the business grows or changes. |
| List-Source & Vendor Currency Review | Annual review, vendor contract renewal, or a Cabinet Decision / FIU guidance update affecting screening expectations | Confirm the screening tool's list sources remain current and complete, and that the vendor relationship still matches the entity's needs as it has grown. | A stale list source or an outgrown tool is a recognised inspection finding — 'is this still fit for purpose' is a standard supervisory question. |
| Regulatory Inspection | Scheduled or unannounced supervisory visit | Produce the configuration documentation, alert logs, and training records demonstrating the software operates as the written policy describes. | A mismatch between the documented AML policy and the actual software configuration is treated as evidence the programme is not genuinely operative. |
| System Change or Migration | Vendor discontinuation, contract renewal decision, or a business need for expanded capability | Plan data migration, reconfiguration, and staff retraining so there is no gap in screening or monitoring coverage during the transition. | A poorly planned migration can leave a screening gap during the changeover, exactly when continuity of coverage matters most. |
Does UAE AML law require us to use a specific software product?
No. Federal Decree-Law No. 20 of 2018 and its Cabinet Decision implementing regulations are technology-neutral — they require that screening, monitoring, and record-keeping obligations are actually met, not that a specific vendor's product is used. In practice, meeting those obligations consistently and at scale is very difficult without software once an entity has more than a handful of customers, but the choice of tool is the entity's own, subject to it actually covering the entity's risk profile.
We already have a screening subscription — why would we need a setup engagement?
Having a subscription and having a correctly configured tool are different things. The most common gap PNPC finds when reviewing an existing screening tool is that it only checks at onboarding with no periodic re-screening scheduled, or that its thresholds were left at generic vendor defaults never calibrated to the entity's actual customer base and transaction sizes. A setup or reconfiguration engagement reviews what the tool is actually doing against what your written AML policy says it should be doing.
What is the difference between sanctions screening and transaction monitoring?
Sanctions and PEP screening checks a customer's or counterparty's identity against reference lists — the UN Consolidated Sanctions List, the UAE Local Terrorist List, and PEP databases — typically at onboarding and periodically thereafter, to confirm you are not dealing with a designated or high-risk individual. Transaction monitoring is a separate, ongoing function that watches the pattern of a customer's actual activity — transaction size, frequency, and structuring — against their expected profile, to flag behaviour inconsistent with what was expected at onboarding, regardless of whether the customer's identity screens clean.
How often should sanctions and PEP screening actually run?
At minimum, screening should run at onboarding and then on a periodic re-screening cycle thereafter, since sanctions and PEP designations change and a name that was clean at onboarding can be listed later. The appropriate cadence depends on the entity's risk assessment — higher-risk customer categories may warrant more frequent re-screening than lower-risk ones — but onboarding-only screening with no ongoing cycle is a recognised gap.
Do smaller DNFBPs with few customers really need transaction-monitoring software, or is screening enough?
It depends on the entity's activity and risk profile rather than headcount alone. A corporate service provider with a modest customer base may reasonably rely on sanctions/PEP screening plus manual review of the limited transaction volume it actually sees, while a financial institution, exchange house, or high-volume DNFBP handling client funds typically needs configured transaction-monitoring rules because manual review of volume at that scale is not realistically consistent. PNPC scopes this based on the entity's documented risk assessment, not a fixed rule.
What happens to a screening hit once it is generated — does the software resolve it automatically?
No. Screening and monitoring software generates alerts — potential matches or unusual patterns — but a human, typically the Compliance Officer or a delegated reviewer, must investigate each alert, determine whether it is a genuine match or a false positive, and record the disposition. Software flags; it does not decide. The investigation and documented decision are what a supervisory authority actually reviews.
How do we avoid being overwhelmed by false-positive alerts?
False-positive volume is usually a calibration problem, not an inherent feature of screening software — overly broad name-matching thresholds, screening against irrelevant list categories, or monitoring rules set without reference to actual transaction sizes all inflate false positives. Proper calibration to the entity's real customer base and transaction profile, combined with periodic recalibration as volumes and patterns change, keeps the alert queue manageable enough that genuine reviews actually happen.
Does the software file the Suspicious Transaction Report (STR) for us?
No. Screening and monitoring software identifies and helps investigate potential concerns, but the actual STR or SAR filing is submitted through the FIU's goAML platform by the entity's designated Compliance Officer, based on a human judgement that reasonable grounds for suspicion exist. PNPC configures the internal workflow so that a confirmed suspicious alert has a clear, documented path to goAML filing, but the filing decision and submission remain the Compliance Officer's responsibility.
What list sources should our screening tool cover at a minimum?
At minimum, the UN Security Council Consolidated Sanctions List and the UAE Local Terrorist List. Depending on the entity's cross-border customer or transaction exposure, additional coverage of other major international sanctions regimes may form part of a properly risk-calibrated setup. The right combination depends on the entity's actual customer geography, not a fixed universal list.
Can PNPC recommend a specific screening or monitoring vendor?
PNPC advises on selection criteria — list-source coverage, screening cadence capability, monitoring rule flexibility, case-management and audit-trail functionality, and cost proportionate to the entity's volume — and can coordinate with vendors during implementation, but final vendor selection and contracting is the entity's own commercial decision. We are not a technology reseller and do not receive vendor commissions on any recommendation.
How does the software configuration connect to our written AML policy?
The written AML/CFT policy states, in narrative form, what screening and monitoring the entity performs, at what frequency, and how alerts are escalated. The software configuration is the technical implementation of that same narrative. When the two are built together, an inspector reviewing the policy document and then testing the actual system finds them consistent; when they are built separately — often because the policy was drafted by one adviser and the software configured independently, or years apart — the mismatch is a recurring and easily identified inspection finding.
What documentation should we retain specifically around the software setup?
Keep a configuration record describing which list sources are active, the screening cadence, the transaction-monitoring rules and thresholds applied and why, staff training records on the configured system, and a sample of alert investigation logs demonstrating the triage workflow in practice. This sits alongside, and should cross-reference, the broader AML risk assessment and policy documentation.
How often should the software configuration be reviewed and recalibrated?
PNPC recommends an initial review at 60–90 days post-go-live to catch early miscalibration (excessive false positives or an unexpectedly quiet alert queue), followed by at least an annual review aligned with the broader AML/CFT risk assessment refresh, and an ad hoc review whenever there is a material change in transaction volume, customer mix, or applicable list-source guidance.
Is a spreadsheet-based manual screening process ever acceptable instead of software?
For a genuinely very small entity with a small, stable, low-risk customer base, a documented manual process can be defensible if it is actually followed consistently, evidenced, and re-run at an appropriate cadence — the law does not mandate software specifically. In practice, manual processes degrade quickly as volume grows or staff turn over, and the evidentiary burden of proving consistent manual checks were performed is harder to satisfy on inspection than a system-generated log.
Does PNPC provide the software itself, or only the configuration and advisory work?
PNPC's engagement is the advisory, selection-support, and configuration work — assessing needs, advising on vendor options, calibrating settings to the entity's risk profile, designing the alert-triage and goAML escalation workflow, and training staff. The software subscription itself is contracted directly between the entity and the chosen vendor; PNPC is not the software provider.
PNPC-configured AML software vs a default vendor install
| Dimension | Default Vendor Install | PNPC Engagement |
|---|---|---|
| Starting point | Product feature list and vendor sales demo | The entity's own written AML risk assessment and policy |
| List-source coverage | Whatever the default subscription tier includes | Matched specifically to the entity's actual cross-border customer exposure |
| Screening cadence | Often onboarding-only by default | Periodic re-screening cadence set and diarised |
| Monitoring thresholds | Generic out-of-the-box settings | Calibrated to the entity's real transaction sizes and customer mix |
| Alert triage ownership | Undefined — alerts accumulate unreviewed | Named owner, defined timeframe, and logged disposition for every alert |
| Connection to written policy | Configured independently of any AML policy document | Built to match the entity's documented risk assessment and policy line for line |
| goAML escalation path | Not defined — alert investigation and STR filing are disconnected | Documented handoff from confirmed alert to STR/SAR preparation and filing |
| Post-launch review | Rarely revisited after initial setup | Scheduled 60–90 day review, then annual recalibration tied to the risk-assessment refresh |
What the PNPC package includes
- 01
Requirements review against the entity's existing AML/CFT risk assessment and written policy
- 02
Vendor-neutral selection support for sanctions/PEP screening and, where relevant, transaction-monitoring tools
- 03
List-source configuration covering the UN Consolidated Sanctions List, UAE Local Terrorist List, and other relevant sources
- 04
Screening-cadence setup including periodic re-screening, not just onboarding-only checks
- 05
Transaction-monitoring rule and threshold calibration matched to actual transaction sizes and customer mix, where applicable
- 06
Alert-triage workflow design with a named owner, review timeframe, and documented disposition process
- 07
Case-management and audit-trail configuration so every hit and its resolution is logged and retrievable
- 08
goAML escalation-path design connecting confirmed alerts to STR/SAR preparation and filing
- 09
Staff training on the system as configured, with attendance and content records maintained
- 10
Test-run and calibration review before full go-live
- 11
60–90 day post-go-live review and adjustment of thresholds and list sources
- 12
Annual recalibration aligned with the broader AML/CFT risk-assessment refresh
- 13
Configuration documentation compiled into the entity's AML programme file for inspection readiness
- 14
Coordination with the entity's Compliance Officer / MLRO on live alert triage responsibilities
- 15
Support reconfiguring an existing screening or monitoring tool found to be misaligned with the written AML policy
Get your AML screening and monitoring software configured to match your actual risk profile, not the vendor's defaults — talk to PNPC's Dubai compliance team.
Jurisdiction
Free zone, mainland & offshore
Ready to get started?
Tell us about your requirement — a UAE specialist responds within 24 hours.