Document Forgery
In a Nutshell
- Document forgery triggers STR and SAR filing obligations based on suspicion alone; no minimum transaction value applies under UAE law.
- An STR covers completed or initiated suspicious transactions; an SAR covers suspicious behaviour or attempted transactions where no transaction has yet taken place.
- Both report types are filed through the FIU’s goAML electronic system under Cabinet Resolution No. 134 of 2025, Article 18.
- Visual, structural, or data anomalies in submitted documents are sufficient to establish reasonable grounds to suspect; confirmed proof of forgery is not required before filing.
- All document verification records, including failed automated checks, must be retained for a minimum of five years under CR 134/2025 Article 25.
Document forgery is one of the most consistent patterns generating goAML filing obligations for regulated entities in the UAE, and the filing trigger is suspicion, not a confirmed fraud finding.
How Document Forgery Creates a goAML Filing Obligation
Cabinet Resolution No. 134 of 2025 (CR 134/2025) Article 18 requires regulated entities to file a report through the FIU’s electronic system (goAML in practice) whenever they identify a transaction, attempted transaction, or activity giving rise to suspicion or reasonable grounds to suspect money laundering, terrorism financing, or proliferation financing. Document forgery is not listed separately as a reportable event; it generates a filing obligation when it produces suspicion or reasonable grounds to suspect a financial crime.
The practical implication is direct. A customer who presents a passport with inconsistent security features, submits invoices with misaligned formatting, or provides corporate documents that contradict available registry data has created the conditions for a filing assessment. Whether the assessment concludes in a filed STR or SAR depends on what happened in the interaction, not on whether the document was definitively proved to be forged.
The Legal Standard: Suspicion vs Confirmed Proof
The word “suspicion” in Article 18 is intentional. A regulated entity is not required to complete a criminal investigation before filing. The standard is whether the entity has suspicion or reasonable grounds to suspect. Document anomalies, whether visible inconsistencies, failed automated verification, or implausible commercial data, satisfy that standard. An entity that waits for confirmed forgery evidence before filing risks a breach of the reporting obligation.
What “Reasonable Grounds” Looks Like in Document Cases
Reasonable grounds exist when a compliance officer, applying professional knowledge and the entity’s verification procedures, concludes that the document irregularities observed are not consistent with innocent error. A single misprint may not be sufficient. A discrepancy between a submitted document and a publicly available registry record, or a customer’s refusal to consent to independent verification, each represents a stronger basis. Multiple concurrent indicators substantially reinforce the case for filing.
Concerned About Document Forgery Risks?
Strengthen your AML controls to identify false, altered, or misleading documents before they create compliance exposure.
STR or SAR: Identifying the Correct Report Type
The goAML system supports two report types directly relevant to document forgery cases: the Suspicious Transaction Report (STR) and the Suspicious Activity Report (SAR). Selecting the correct type matters for the integrity of the FIU’s intelligence picture.
STR: When a Transaction Has Taken Place
The STR applies when suspicion arises in the context of a completed or initiated transaction. A trade finance provider that advances funds against forged bills of lading has completed a transaction; the forgery’s connection to that transaction makes an STR the appropriate report type. A bank that processes a payment against an invoice subsequently identified as forged is also in STR territory.
SAR: When Suspicion Arises Without a Completed Transaction
The SAR applies when suspicious behaviour, an attempted transaction, or an unusual onboarding interaction gives rise to suspicion before any transaction is completed. A regulated entity that refuses to open an account or proceed with a service because the presented documents appear forged, and where no funds have moved, is in SAR territory. The suspicious act is the presentation of forged documentation and the attempt to use it, not a transaction flowing from it.
Can Both Be Filed for the Same Case
Yes. If an entity discovers document forgery after funds have moved, an STR covers the transaction. If the same review also uncovers patterns of suspicious behaviour not connected to a specific transaction (for example, evidence that the same document set was used across multiple attempted engagements), a supplementary SAR may be appropriate. The obligation under Article 18 is to report what gives rise to suspicion; the report type follows the nature of the activity.
Document Forgery Red Flags That Trigger a Filing Assessment
The table below maps document forgery red flags to the report type most likely to apply, depending on whether a transaction has taken place at the time the anomaly is identified.
← scroll to see full table →
| Document Category | Red Flag | STR or SAR Assessment |
|---|---|---|
| Identity documents | Security features inconsistent with the issuing authority’s known standards (holograms, watermarks, microprinting) | SAR if at onboarding before account opening; STR if identified post-transaction |
| Identity documents | Personal data discrepancy between submitted document and external registry or database | SAR or STR depending on the stage at which identified |
| Financial and trade documents | Invoice values materially inconsistent with prevailing market prices for the described goods or services | STR; forgery has supported a completed or initiated transaction |
| Financial and trade documents | Round-figure amounts, identical transaction descriptions across unrelated transactions, suggesting records were generated rather than recorded | STR |
| Financial and trade documents | Automated verification failure due to anomalies in document design, security patterns, or barcode data not matching printed text | STR or SAR depending on whether a transaction has occurred |
| Corporate and legal documents | Corporate documents contradict records held at the UAE commercial registry or another public registration authority | SAR if identified at onboarding; STR if identified post-transaction |
| Corporate and legal documents | Beneficial ownership information inconsistent with independently verifiable sources | SAR or STR depending on the stage at which identified |
| Geographic | Documents purportedly issued by authorities in jurisdictions with high forgery prevalence or weak authentication infrastructure, including FATF grey or blacklisted countries | Elevates the suspicion threshold; SAR or STR depending on transaction stage |
Protect Your Business from Document Fraud
Put the right controls in place to reduce the risk of forged identity, ownership, and transaction documents.
Filing Through goAML: What to Include in a Document Forgery Report
A document forgery STR or SAR filed through goAML should capture the specific document anomalies that triggered the suspicion, the verification steps taken and the result of each, the timeline of the customer interaction or transaction, and any connection between the document irregularity and the financial activity under review. A report that accurately describes the document characteristics observed (security feature inconsistencies, formatting irregularities, data discrepancies) provides the FIU with actionable intelligence.
The Tipping-Off Prohibition
CR 134/2025 Article 19 carries a tipping-off prohibition. A regulated entity that files an STR or SAR must not disclose to the customer or any related party that a report has been filed or is under consideration. In document forgery cases, this applies to enquiries about why additional verification is being requested, why onboarding has been paused, or why a transaction has been delayed. Internal escalation procedures should be designed to prevent inadvertent disclosure.
Continuing the Relationship After Filing
Filing does not automatically require the relationship to be terminated or the transaction to be refused. The decision to proceed, pause, or exit depends on whether the entity can satisfy its CDD obligations under CR 134/2025 Articles 7, 9, and 10 following the filing. Where CDD cannot be satisfactorily completed because the document irregularities cannot be resolved and the customer refuses independent verification, the entity should not proceed.
Sectors Filing Most Frequently on Document Forgery Grounds
← scroll to see full table →
| Sector | Primary Document Type at Risk | Most Relevant goAML Report |
|---|---|---|
| Lawyers and notaries | Corporate and legal documents in covered activities | SAR at onboarding or STR post-transaction |
| Accountants and auditors | Financial statements, securities, loan and mortgage documents, promissory notes | STR (post-engagement when falsified records are identified) |
| Trade finance providers | Invoices, bills of lading, letters of credit | STR (transaction initiated or completed) |
| Trust and company service providers | Shareholder registers, trust deeds, board resolutions | SAR at onboarding; STR post-formation or transaction |
| Real estate brokers and agents | Title deeds, ownership transfer documents, valuations | STR or SAR depending on stage |
| Dealers in precious metals and stones | Authentication certificates, provenance records | SAR for high-value transaction attempts; STR post-payment |
Recordkeeping After Filing: The Five-Year Retention Requirement
CR 134/2025 Article 25 requires regulated entities to retain all records relevant to customer due diligence, transactions, and compliance activity for a minimum of five years. In document forgery cases, this extends to the document verification records themselves: the original submitted documents, the automated verification outputs, the results of any cross-reference checks, and the internal escalation records. Retaining failed verification checks is as important as retaining successful ones; the failure record demonstrates that the entity applied a verification process rather than relying on the document as presented.
Strengthen Your Document Verification Process
Improve due diligence with a risk-based approach to document review, validation, and escalation.
Register on goAML and Get STR Advisory Support
Navigating the goAML filing requirements for document forgery cases requires clarity on what triggers the obligation, which report type applies, and what to include. GoAML Registration provides registration support and STR advisory guidance for regulated entities across all sectors supervised in the UAE.
Frequently Asked Questions
Yes. CR 134/2025 Article 18 is triggered by suspicion or reasonable grounds to suspect, not by confirmed evidence. Document anomalies that a compliance officer, applying professional judgment, considers inconsistent with genuine documentation are sufficient to warrant a filing assessment.
The MLRO or compliance officer designated under the entity’s AML policy holds primary responsibility. For complex or high-value cases, escalation to senior management before filing is consistent with CR 134/2025’s internal reporting requirements.
CR 134/2025 Article 18 requires filing without delay. There is no specified number of business days; the obligation is to file promptly upon forming suspicion or reasonable grounds to suspect.
The Article 18 obligation applies at the point suspicion arises, regardless of whether that is onboarding, a periodic review, or a transaction monitoring alert. The entity should file promptly and retain the review records.
The filing demonstrates that the entity identified the suspicion and fulfilled the reporting obligation. It does not retroactively remedy a failure to apply CDD controls at the point of document acceptance. Both the CDD obligations under Articles 7, 9, and 10 and the reporting obligation under Article 18 are independent requirements.