No new notifications

Accessibility settings

Text size




Theme color


Color blind mode
Night reading mode

Updated on 2 September 2022

Total visitors 17470

Go to Open Data

Did you find this page helpful?


The goAML system provides users with the Forgot Password button next to Log In button.

  • Click Forgot Password button.
  • The Reset Password Request window populates, enter User Name > Email > Submit

The registered email address will then receive an email with a link redirecting to the goAML portal where the Reset Password Request page will open.

After entering all the required details, the new password will be set.

In order to update an organization’s details, the user must follow these steps:

  • Step 1: The user should login to the FIU’s portal using the user login credentials they acquired during the registration process
  • Step 2: Once the user has logged in, he/she should go to the My goAML menu, then click on the My Org Details menu item
  • Step 3: The user should then update entity details like the name, Incorporation number, acronym, commercial name, business activity, email, website, contact person, telephone number, address of the institution, etc.

Once the request has been submitted, the Supervisory Body will verify this information and upon approval, the system will send an automated confirmation email to the organization.

Yes. Delegation is possible on the goAML system. The registered reporting entity may delegate reporting function to a third party. However, it is recommended that the delegated party should create an account on the FIU’s goAML platform (using the ‘Register as an Organization’ option) before receiving delegation of reporting responsibilities on behalf of an organization.

After logging on to the goAML portal, the MLRO should navigate to the Admin menu and Select Active Organizations from the drop-down menu. Kindly note that this feature is only available to the admin user of the organization i.e. the MRLO.

The Active Organizations page will be displayed, in which the user will need to click the Change Selected Delegating Organization. Kindly note that the delegated party should be registered and approved on the goAML platform by the Supervisory Body before proceeding with this step. Please refer to the registration guide for details on how to register on the system as a new organization.

A Registering Organization form will then expand, in which the user will be required to specify the desired delegated party by selecting the Change Delegation checkbox.

The Change Delegation dialogue box will then populate, in which the user will be required to click OK.

Subsequently, the user should specify the Organization ID associated with the delegate party on the goAML system.

Once the request is submitted, it should then be approved by the Supervisory Body before the delegation function is enabled.

goAML users can change their user details when required by navigating to the My goAML menu and selecting My User Details.

A registering person window will then expand; details on how to fill it out are available in the goAML Registration Guide. After submitting the request, the user should await approval from the admin user (MLRO) of the organization or if the MLRO has submitted the changes then the Supervisory Body will carry out the approval.

The respective regulator / Supervisory Body will be approving their regulated entities registrations and any changes related to its details or its MLRO’s details.

The MLRO may submit additional information pertaining to an existing report by submitting a relevant ‘AIF’ (Additional Information File) or AIFT (Additional Information File with Transactions) if the additional transactions need to be reported.

The MLRO must quote the original report reference number by referencing the report’s web reference number in the FIU reference field as shown below.

An Organization is required to select the Register as an Organization option when registering on the goAML system for the first time. Once the Supervisory Body approves the request, the reporting entity may subsequently allow internal users within the organization to register on the system by selecting the Register as a Person option.

Yes. All reports can be printed before submission. The user will have to click the preview button before submitting the report then click the printer icon to print the report as shown in the below figures.

The goAML Message Board is the internal means of communication between the FIU and goAML users. The advantage of such an internal communication channel is that it allows two-way communication between reporting entities and the FIU.

Reporting entities are notified immediately through the Message Board if their reports are accepted or rejected. Similarly, this feature is used in the instance where the FIU requires further information from a reporting entity.

The Message Board is not linked to any specific user but rather the organization as a whole.

The goAML is preconfigured with two roles that are defined in the system for both the organization’s admin user RE Admin (user who registered the organization i.e. MLRO) and the organization’s users RE User (user who registered as a person under the same Org ID). These roles have been designed with several access rights being allowed for each specific subset of users in the system. The reporting entity’s admin user can specify what roles the organization’s users are to assume as shown below:

  • Navigate to Admin, then click User-Role Management

  • Click on the desired user within the organization and specify their role.

Should the organization’s admin user consider that the preconfigured user access rights defined are not suitable for their users, and then they may add a new role for their organization as shown below:

  • Navigate to Admin, then click Role Management

  • Click on Add a new role for this entity

The system will then allow the organization’s admin to create a new role for their organization, in which they can specify their own access rights for different types of users in the organization.

An “Account” should be chosen when the report involves transactions. A “Person” or an “Entity” should be chosen if no “Account” details are available to the organization.

Examples: For cash deposit transactions, the organization should choose “Bi Party”, from “Person” to “Account”. For cash withdrawal transactions, the organization should choose “Bi Party” from “Account” to “Person”. For remittances, the organization should choose “Bi Party” from “Account” to “Account”.

In case of non-banking/non-MSBs organizations, a “Person” or an “Entity” will be more convenient to use.

Fraud is not a report type on the goAML. However to file a fraud incident, organizations may opt to file a Suspicious Transactions Report or a Suspicious Activity Report depending on the type of fraud incident that the organization is reporting. Additionally the most suitable Reason For Reporting should be chosen to carefully describe the red flags that should be highlighted.

Organizations, who were previously using the STR System, will be provided access to a platform on which they can search and view their historical STRs.

MPLS connection is still required for those organizations who need to access CBSP for Payment Systems i.e. all CBUAE regulated organizations. Other than that, organizations may access the goAML using a normal internet connection through the eservices portal “Secured Access Control Management” (SACM).

As per Section (7) – Article (20) item (3) of the Cabinet Decision No. (10) of 2019 Concerning the Implementing Regulation Of Decree Law No. (20) Of 2018 on Anti- Money Laundering and Combating the Financing of Terrorism and Illegal Organizations, “Appropriate arrangements for compliance management for combating the Crime, including appointing a compliance officer” and Section (8) – Article (21) lists down the expected tasks of the Compliance Officer.

No. goAML is a platform to submit suspicious reports only.

5 calendar days.

15 calendar days.

5 calendar days. Hence, please Click Revert, edit the report in the draft mode and resubmit it before the
10 days grace period allowed for resubmission. Otherwise, the organization will need to submit a fresh

4000 characters.

Please check the junk mailbox. If not found there, then the email may have been blocked by your
entity’s mail servers. Please request your IT team to whitelist the system’s email address and inform the goAML Support team so it can be resent
via emailing

Please register yourself as a Person under the same Org ID. Your request will be assessed by
your regulator and approved or rejected accordingly. Please refer to Section 5.1 of the goAML
Registration Guide – Version 2.0. to understand how to register as a Person.

You can contact your previous employer’s regulator to deactivate your old user on both the
eservices portal (SACM) and goAML so you can use your details to create new profiles under
your new employer.

You can contact your previous employer’s regulator to deactivate your old user on both the
eservices portal (SACM) and goAML so you can use your details to create new profiles under
your new employer.

In the pop up screen, fill in using the username received from and the Google authenticator passcode as the password.

OTPs have a 24-hour validity. Please contact to request OTPs to be

You need to register as an organization and not as a person. The "register a person button" is
available for additional users only after an organization is active.

You need to revoke their SACM access.

  • Login to SACM as a Supervisory Body:

  • Go to Approved Requests:

  • Select the Entity that needs to be revoked
  • Click on the Revoke button

  • Email the goAML Support Team via to disable the entity on goAML

You need to revoke the user SACM access.

  • Login to SACM as a Supervisory Body:

  • Go to Approved Requests:

  • Select the indiviudal that needs to be revoked
  • Click on the Revoke button

  • You will then see the below pop-up screen; where you need to use the username
    received from and the Google Authenticator
    Passcode as the password

  • You will be directed to the goAML homepage
  • Click the Login Button

  • Type in the username and password created at the time of registering on goAML and
    click login


Each attachment size should not exceed 5MB. The file name should be short and should not
include any special characters. For report attachments, there is a max capacity of 20MB per

Please send an email to the goAML Support team on to revoke your current request so you can re-register using the correct mobile number.

  1. We suggest that download the Google Authenticator App on the new mobile phone and redo the setup following section 5 of the Pre-Registration Guide found HERE.

Your Supervisory Body approves both request for your organization.

You may follow up with the admin user of your organization who is usually the MLRO. All additional users registering under the same entity are to be approved by the entity’s admin user i.e. the MLRO.

Please check the junk mailbox. If not found there, then the emails may be blocked by your entity’s mail servers. Please request your IT team to whitelist the system’s email address and inform the goAML Support team.

Please click on browse to select the documents you would like to upload, and then click on upload. You should then see a pop-up message on your screen asking for a confirmation to upload the documents. If you do not see the pop-up then you will need to adjust your web browser setting and enable pop-ups. Otherwise, the documents will not be uploaded on the system.

The MLRO is the registering person for any organization. Hence, he is registered by default once the organization is registered on goAML. This means that no Person registration is required. Person registration is only needed if the organization wishes to register additional users beside the MLRO.

This obligation is applicable to all banking and non-banking financial institutions (FIs) as well as designated non-financial business and professions (DNFBPs).

The obligation for reporting as well as hold the transaction/activity is for cross border transactions through banking or remittance channels. These transactions may include; transactions destined to, originated from or being routed through jurisdictions which are classified as a ‘High-Risk Jurisdiction subject to a Call for Action’ by FATF (list available here).

It also includes any transaction(s) (from/to any country in any currency) where the remitter or the beneficiary is an individual who is associated with a country classified under the aforementioned category by virtue of nationality or residency (including both, residents and non-resident of UAE). The same applies for transactions where any of the parties is an entity, which is associated with such a country by virtue of place of incorporation, or a person of such nationality has a stake or signing authority within that entity.

No, such transactions must be reported to the FIU irrespective of the amount of value being transacted.

The only medium, which is available for filing any kind of report to the FIU, is the goAML Platform while using the commensurate report type. Kindly refer the goAML Web Submission Guide available of the UAE FIU’s website.

As such, the FIU will not accept any filing through emails, hard copies or even through the goAML Message Board in the form of a message.

Such transactions must be reported to the FIU in the form of a High Risk Country Transaction Report - HRC while ensuring all those transactions are duly and accurately populated in the transactions fields of the report. However, if due to the nature of transaction, the reporting entity does not have sufficient details to populate the mandatory transaction(s) fields, they must report the transaction attempt in the form of High Risk Country Activity Report – HRCA while detailing the attributes of the transactions such as amount, account numbers etc. in the available field as text.

This obligation does not apply to currency exchange transactions and domestic transactions for value added services. However, if the transaction is a cross border payment (even for a bill payment), the obligation will be applicable.

The obligation only applies to international or cross border transfers in any currency. As such all other transaction types such as card purchases, card payments, WPS transactions, domestic cheques, domestic utility payments etc. do not fall under the purview of this obligation.

The transactions related to trading will fall under the purview of this obligation if they are cross border in nature. If not, they are exempted.

For example, if a national of a designated high risk country purchases stock through a stock broker in the UAE while remitting funds from outside the UAE or if such a person liquidates his bonds or sell his crypto assets and wants the money to be remitted to an account outside the UAE; such transactions need to be reported.

The transactions must be placed on hold for three working days during which the FIU may respond to the report with an instruction or advice regarding the reported transaction(s). In the meantime, the reporting entity can also perform their due diligence on the transaction(s) as well as the associated parties. In absence of any response from the FIU within the stipulated timeline, the reporting entity can take a call at its own discretion based on their due diligence as to whether to execute or not execute the transaction.

Please send the goAML Support Team on the below information to verify your identity and retrieve your username:

  1. First and last name as registered on goAML
  2. Registered email address
  3. Emirates ID Number
  4. Passport Number
  5. Date of Birth
  6. Org ID
  7. Nationality

  1. Appoint new MLRO/Compliance Officer/Contact Person
  2. Request the regulator's approval via email
  3. New MLRO to register on SACM and obtain the regulator's approval to obtain their own login credentials to the network
  4. New MLRO to register on goAML as a Person under the same Org ID
  5. Inform the goAML Support team ( to deactivate old MLRO and activate the new one based on the regulator’s approval
  6. After initial login, new MLRO needs to change the contact person details under My ORG details on goAML following Q2 above
  7. Regulator should approve these changes on goAML

  1. Register on the eservices portal (SACM) to gain access to the network
  2. Regulator to approve the SACM pre-registration
  3. New user to receive SACM username and security key
  4. New user to download Google Authenticator app on their mobile phone and use the secret key to set up their account
  5. New user to use the received username and the Google Authenticator 6 digit passcode to login to the network and access goAML
  6. New user to register as a Person under the same Org ID
  7. Organization admin user (MLRO) to approve the new user request following the steps depicted in Section 5 of the goAML Registration Guide