Simplified Due Diligence
In a Nutshell
- Simplified Due Diligence reduces the intensity of customer verification. It does not reduce the obligation to file suspicious reports or name match reports.
- An STR or SAR must be filed when suspicion arises from any customer, including one classified under SDD. The risk classification does not remove the filing trigger.
- Sanctions screening remains mandatory under SDD. A partial or confirmed sanctions match results in a PNMR or CNMR, regardless of the customer’s CDD tier.
- SDD is permitted only where low risk is demonstrably proven, and no suspicion exists. Any change in that condition requires immediate reassessment.
Simplified Due Diligence is a risk-based calibration tool. It adjusts how much verification effort a regulated entity applies to a demonstrably low-risk customer. It does not create a filing exemption. Understanding the boundary between what SDD changes and what it leaves untouched is the foundation of a defensible SDD programme.
What SDD permits under UAE regulations
Article 5(3) of Cabinet Resolution No. 134 of 2025 explicitly permits SDD measures for identified low-risk scenarios, provided there is no suspicion of crime. The CBUAE confirms that SDD applies only where low risk has been demonstrated through adequate risk analysis. SDD is not available by default and cannot be applied based on product type, channel, or geography alone. A documented Customer Risk Assessment must support every SDD decision.
Examples of potentially low-risk customers may include UAE government entities and regulated financial institutions from equivalent jurisdictions operating low-value products with limited transaction activity. PEP status, high-risk geographic exposure, or any suspicion of ML/TF/PF risk removes the eligibility for SDD immediately.
The reporting obligations that SDD does not change
Suspicious Transaction Report (STR)
An STR must be filed when a transaction appears suspicious and may involve money laundering or terrorism financing. The customer’s SDD classification does not modify that trigger. A low-risk customer whose activity begins to look inconsistent with their profile or whose transaction patterns raise concern still generates an STR obligation. Suspicion supersedes classification.
Suspicious Activity Report (SAR)
A SAR applies where suspicious behaviour or attempted activity indicates possible criminal conduct, even without a completed transaction. An SDD-classified customer who attempts unusual activity triggers the same obligation as any other customer. Classification does not remove the monitoring duty.
PNMR and CNMR
Sanctions screening in accordance with the UAE Targeted Financial Sanctions framework is required regardless of the customer’s risk tier. Where a partial match arises during screening of an SDD customer, a PNMR applies. Where a confirmed match is identified, a CNMR applies, and assets must be frozen immediately. SDD has no effect on that chain.
Not Sure Where SDD Ends and Reporting Begins?
We clarify the boundaries and ensure your goAML filing obligations stay fully covered.
What SDD Actually Adjusts
← scroll to see full table →
| Control | Under SDD | Not changed |
|---|---|---|
| Customer identification | Reduced verification intensity; may rely on official registries or equivalent reliable sources. | Identity must still be established. SDD is not anonymity. |
| Sanctions and PEP screening | Not reduced. Applies at onboarding and on an ongoing basis. | PNMR and CNMR obligations remain fully in force. |
| STR and SAR filing | Not changed. Suspicion is still the trigger. | Any suspicious activity must be reported regardless of risk tier. |
| Ongoing monitoring | Frequency may be reduced proportionate to low risk. | If patterns change, reassessment to standard CDD or EDD is required. |
| Recordkeeping | Not changed. Five-year retention applies. | Documentation supporting the SDD decision must be kept and be auditable. |
When SDD must be reversed
Regulated entities are required to reassess a customer’s risk classification when circumstances change. A spike in activity, a change in behaviour, a new risk indicator, or any suspicion requires immediate escalation. Where the reassessment moves the customer out of the low-risk category, standard CDD or enhanced due diligence must be applied. Any suspicion arising during reassessment triggers the filing obligation.
A sound approach is to configure automated monitoring to flag when an SDD customer’s transaction patterns breach the thresholds that supported the original low-risk classification. Those alerts prompt review, not deferral.
Frequently Asked Questions
No. STR, SAR, PNMR and CNMR obligations apply to all customers regardless of their due diligence tier. The risk classification adjusts verification intensity, not reporting duties.
Yes. If activity from an SDD-classified customer raises suspicion, the filing obligation applies in exactly the same way as for any other customer.
Yes. Sanctions screening under the UAE TFS framework is mandatory regardless of the customer’s risk tier. PNMR and CNMR obligations remain fully in force.
A documented Customer Risk Assessment demonstrating low ML/TF/PF risk, with no suspicion present. The rationale must be recorded and retained as part of the customer file for five years.
Misuse of SDD, including applying it without completing the risk assessment or continuing it despite changed circumstances, can trigger penalties under Federal Decree-Law No. 10 of 2025.
Register on goAML and Understand your Reporting Obligations
We help regulated entities structure SDD programmes that meet UAE supervisory standards and ensure that goAML reporting obligations are triggered correctly, regardless of the customer’s due diligence tier.